Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Chrome Cache Entry: 47

gzip compressed data, max compression, truncated

downloaded

Details

File:	Chrome Cache Entry: 47
Category:	downloaded
Dump:	chromecache_47.1.dr
ID:	dr_4
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	gzip compressed data, max compression, truncated
Entropy:	4.321888195526177
Encrypted:	false
Ssdeep:	3:Ftt113Spye0n:XtfS47
Size:	36
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 48

gzip compressed data, max compression, original size modulo 2^32 32

downloaded

Details

File:	Chrome Cache Entry: 48
Category:	downloaded
Dump:	chromecache_48.1.dr
ID:	dr_5
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	gzip compressed data, max compression, original size modulo 2^32 32
Entropy:	4.844106544814539
Encrypted:	false
Ssdeep:	3:Ftt113Sp1prxphv2G/:XtfSbpjVB/
Size:	52
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 49

HTML document, ASCII text, with very long lines (51354)

downloaded

Details

File:	Chrome Cache Entry: 49
Category:	downloaded
Dump:	chromecache_49.1.dr
ID:	dr_6
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (51354)
Entropy:	5.759143887511641
Encrypted:	false
Ssdeep:	3072:XU6X2h/+arh7d3JrggynSSOw6lxxLLiPix1Isk9/9FSCagTY5sc:XU6Gr33yTSSdOiPix7k1i4lc
Size:	187447
Whitelisted:	false
Reputation:	low

Chrome Cache Entry: 50

HTML document, ASCII text, with very long lines (1947)

downloaded

Details

File:	Chrome Cache Entry: 50
Category:	downloaded
Dump:	chromecache_50.1.dr
ID:	dr_7
Target ID:	1
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	HTML document, ASCII text, with very long lines (1947)
Entropy:	5.63805974421119
Encrypted:	false
Ssdeep:	384:efF9F+e4JEsEH3Us4T3swSqxsEH3UhsEH3UNaaw:efF9F+e4esEEX9SqxsEEhsEENaaw
Size:	21787
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	5956
Target ID:	0
Parent PID:	560
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	13:16:48
Date:	03/06/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff735640000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,15948481530305296831,5204982787352517307,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2108 /prefetch:3

Details

Is windows:	true
Is dropped:	false
PID:	1952
Target ID:	1
Parent PID:	5956
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,15948481530305296831,5204982787352517307,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2108 /prefetch:3
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	13:16:49
Date:	03/06/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff735640000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://infector.sh/index"

Details

Is windows:	true
Is dropped:	false
PID:	6224
Target ID:	5
Parent PID:	560
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://infector.sh/index"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	13:16:55
Date:	03/06/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff735640000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://infector.sh/index

https://infector.sh/assets/favicon.ico

130.51.23.140

https://infector.sh/assets/app.js

130.51.23.140

https://infector.sh/clickfix

130.51.23.140

http://c.pki.goog/r/r4.crl

142.250.114.94

https://github.com/Octagon-simon/microsoft-login-clone/tree/main

unknown

https://infector.sh/hdrs

unknown

https://www.cloudflare.com/privacypolicy/

unknown

https://www.cloudflare.com/website-terms/

unknown

https://www.cloudflare.com/?utm_source=challenge&utm_campaign=

unknown

Domains

Name

Malicious

infector.sh

130.51.23.140

Details

Name:	infector.sh
IP:	130.51.23.140
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing
Suricata IDS alerts for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking

www.google.com

142.250.138.99

Details

Name:	www.google.com
IP:	142.250.138.99
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

130.51.23.140

infector.sh

Reserved

Details

IP:	130.51.23.140
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	Reserved
Countrycode:	ZZZ
ASN number:	15601
ASN name:	BaringInvestmentServicesGB
Private:	false
Domain:	infector.sh

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking

192.168.2.9

unknown

142.250.138.99

www.google.com

United States

DOM / HTML

URL

Malicious

https://infector.sh/index

Details

Filename:	0.0.pages.html.dom
Url:	https://infector.sh/index
Target ID:	1
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,15948481530305296831,5204982787352517307,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2108 /prefetch:3

Signature Hits	Behavior Group	Mitre Attack
AI detected phishing page	Phishing

https://infector.sh/index

Details

Filename:	0.1.pages.html.dom
Url:	https://infector.sh/index
Target ID:	1
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,15948481530305296831,5204982787352517307,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2108 /prefetch:3

Signature Hits	Behavior Group	Mitre Attack
Yara detected CAPTCHA Scam ClickFix	Phishing

https://infector.sh/index

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://infector.sh/index

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://infector.sh/index

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://infector.sh/index