Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	5196
Target ID:	0
Parent PID:	5440
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3384928
MD5:	DBE43C1D0092437B88CFF7BD9ABC336C
Time:	13:09:03
Date:	10/06/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff728600000
Modulesize:	3465216
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,14049268193459184991,7695379603295095455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1756 /prefetch:11

Details

Is windows:	true
Is dropped:	false
PID:	2132
Target ID:	2
Parent PID:	5196
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,14049268193459184991,7695379603295095455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1756 /prefetch:11
Size:	3384928
MD5:	DBE43C1D0092437B88CFF7BD9ABC336C
Time:	13:09:04
Date:	10/06/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff728600000
Modulesize:	3465216
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\appidpolicyconverter.exe

"C:\Windows\system32\appidpolicyconverter.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6540
Target ID:	5
Parent PID:	1268
Name:	appidpolicyconverter.exe
Path:	C:\Windows\System32\appidpolicyconverter.exe
Commandline:	"C:\Windows\system32\appidpolicyconverter.exe"
Size:	155648
MD5:	6567D9CF2545FAAC60974D9D682700D4
Time:	13:09:09
Date:	10/06/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff635200000
Modulesize:	155648
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6548
Target ID:	6
Parent PID:	6540
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	1040384
MD5:	9698384842DA735D80D278A427A229AB
Time:	13:09:09
Date:	10/06/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff788700000
Modulesize:	1056768
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://goldstonemanagment-my.sharepoint.com/:o:/g/personal/sandrar_goldstonem_com/EsXLH__K8yxCuPDU0eDeoNIBDxttVTtWa08L1PYp5Mzc_w?e=5%3a0J1yd6&at=9"

Details

Is windows:	true
Is dropped:	false
PID:	6692
Target ID:	8
Parent PID:	5440
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://goldstonemanagment-my.sharepoint.com/:o:/g/personal/sandrar_goldstonem_com/EsXLH__K8yxCuPDU0eDeoNIBDxttVTtWa08L1PYp5Mzc_w?e=5%3a0J1yd6&at=9"
Size:	3384928
MD5:	DBE43C1D0092437B88CFF7BD9ABC336C
Time:	13:09:11
Date:	10/06/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff728600000
Modulesize:	3465216
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://goldstonemanagment-my.sharepoint.com/:o:/g/personal/sandrar_goldstonem_com/EsXLH__K8yxCuPDU0eDeoNIBDxttVTtWa08L1PYp5Mzc_w?e=5%3a0J1yd6&at=9

Details

Filetype:	URL
Filename:	https://goldstonemanagment-my.sharepoint.com/:o:/g/personal/sandrar_goldstonem_com/EsXLH__K8yxCuPDU0eDeoNIBDxttVTtWa08L1PYp5Mzc_w?e=5%3a0J1yd6&at=9

Signature Hits	Behavior Group	Mitre Attack
Detected suspicious crossdomain redirect	Networking
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
HTTP GET or POST without a user agent	Networking
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Creates mutexes	System Summary
Downloads files from webservers via HTTP	Networking	Ingress Tool Transfer
HTML body contains password input	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol
Posts data to webserver	Networking
Reads software policies	System Summary	System Information Discovery
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses HTTPS	Networking	Encrypted Channel Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

http://c.pki.goog/r/r4.crl

142.251.40.163

https://login.microsoftonline.com/14868b8a-936a-4437-8198-fd9fa4f69548/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=CE2E5519F6C3FEFFB0ACFF29F2CEB805DEB5FB86ED78C639%2D19A748356579EB0DD834B8DD2337F923A05B9C03231BB41FEBA67846D6C4BA12&redirect%5Furi=https%3A%2F%2Fgoldstonemanagment%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=e5cfa6a1%2De048%2D9000%2D00c3%2D6510b75557a4&sso_reload=true

Details

Name:	https://login.microsoftonline.com/14868b8a-936a-4437-8198-fd9fa4f69548/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=CE2E5519F6C3FEFFB0ACFF29F2CEB805DEB5FB86ED78C639%2D19A748356579EB0DD834B8DD2337F923A05B9C03231BB41FEBA67846D6C4BA12&redirect%5Furi=https%3A%2F%2Fgoldstonemanagment%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=e5cfa6a1%2De048%2D9000%2D00c3%2D6510b75557a4&sso_reload=true
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
HTML body contains password input	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

http://c.pki.goog/r/r1.crl

142.251.40.163

http://knockoutjs.com/

unknown

http://www.opensource.org/licenses/mit-license.php)

unknown

https://goldstonemanagment-my.sharepoint.com/:o:/g/personal/sandrar_goldstonem_com/EsXLH__K8yxCuPDU0eDeoNIBDxttVTtWa08L1PYp5Mzc_w?e=5%3a0J1yd6&at=9

Details

Name:	https://goldstonemanagment-my.sharepoint.com/:o:/g/personal/sandrar_goldstonem_com/EsXLH__K8yxCuPDU0eDeoNIBDxttVTtWa08L1PYp5Mzc_w?e=5%3a0J1yd6&at=9
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Spawns processes	System Summary	Process Injection

https://github.com/douglascrockford/JSON-js

unknown

Domains

Name

Malicious

s-part-0012.t-0009.t-msedge.net

13.107.246.40

e329293.dscd.akamaiedge.net

23.216.132.21

s-part-0023.t-0009.t-msedge.net

13.107.246.51

a726.dscd.akamai.net

23.206.121.60

mira-ssc.tm-4.office.com

52.107.251.51

www.google.com

142.250.176.196

www.tm.a.prd.aadg.akadns.net

20.190.152.19

a1894.dscb.akamai.net

23.200.0.195

identity.nel.measure.office.net

unknown

aadcdn.msftauth.net

unknown

logincdn.msftauth.net

unknown

goldstonemanagment-my.sharepoint.com

unknown

There are 3 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

52.107.251.51

mira-ssc.tm-4.office.com

United States

142.250.176.196

www.google.com

United States

13.107.246.40

s-part-0012.t-0009.t-msedge.net

United States

13.107.246.51

s-part-0023.t-0009.t-msedge.net

United States

23.216.132.21

e329293.dscd.akamaiedge.net

United States

23.206.121.60

a726.dscd.akamai.net

United States

23.200.0.195

a1894.dscb.akamai.net

United States

192.168.2.24

unknown

20.190.152.20

unknown

United States

52.107.252.9

unknown

United States

20.190.152.19

www.tm.a.prd.aadg.akadns.net

United States

There are 1 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

FFF007E000

stack

page read and write

FFEFC9B000

stack

page read and write

275F4B82000

heap

page read and write

275F4AA0000

heap

page read and write

FFEFD9F000

stack

page read and write

FFF00FF000

stack

page read and write

275F4ED5000

heap

page read and write

275F49E0000

heap

page read and write

275F4B74000

heap

page read and write

275F4ED0000

heap

page read and write

275F4B70000

heap

page read and write

FFEFD1E000

stack

page read and write

275F4B30000

heap

page read and write

There are 3 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://goldstonemanagment-my.sharepoint.com/:o:/g/personal/sandrar_goldstonem_com/EsXLH__K8yxCuPDU0eDeoNIBDxttVTtWa08L1PYp5Mzc_w?e=5%3a0J1yd6&at=9

Details

Filename:	2.1.pages.html.dom
Url:	https://login.microsoftonline.com/14868b8a-936a-4437-8198-fd9fa4f69548/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=CE2E5519F6C3FEFFB0ACFF29F2CEB805DEB5FB86ED78C639%2D19A748356579EB0DD834B8DD2337F923A05B9C03231BB41FEBA67846D6C4BA12&redirect%5Furi=https%3A%2F%2Fgoldstonemanagment%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=e5cfa6a1%2De048%2D9000%2D00c3%2D6510b75557a4&sso_reload=true
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,14049268193459184991,7695379603295095455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1756 /prefetch:11

Details

Filename:	2.2.pages.html.dom
Url:	https://login.microsoftonline.com/14868b8a-936a-4437-8198-fd9fa4f69548/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=CE2E5519F6C3FEFFB0ACFF29F2CEB805DEB5FB86ED78C639%2D19A748356579EB0DD834B8DD2337F923A05B9C03231BB41FEBA67846D6C4BA12&redirect%5Furi=https%3A%2F%2Fgoldstonemanagment%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=e5cfa6a1%2De048%2D9000%2D00c3%2D6510b75557a4&sso_reload=true
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,14049268193459184991,7695379603295095455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1756 /prefetch:11

Details

Filename:	2.3.pages.html.dom
Url:	https://login.microsoftonline.com/14868b8a-936a-4437-8198-fd9fa4f69548/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=CE2E5519F6C3FEFFB0ACFF29F2CEB805DEB5FB86ED78C639%2D19A748356579EB0DD834B8DD2337F923A05B9C03231BB41FEBA67846D6C4BA12&redirect%5Furi=https%3A%2F%2Fgoldstonemanagment%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=e5cfa6a1%2De048%2D9000%2D00c3%2D6510b75557a4&sso_reload=true
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,14049268193459184991,7695379603295095455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1756 /prefetch:11

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://goldstonemanagment-my.sharepoint.com/:o:/g/personal/sandrar_goldstonem_com/EsXLH__K8yxCuPDU0eDeoNIBDxttVTtWa08L1PYp5Mzc_w?e=5%3a0J1yd6&at=9

Files

Processes

URLs

Domains

IPs

Memdumps

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://goldstonemanagment-my.sharepoint.com/:o:/g/personal/sandrar_goldstonem_com/EsXLH__K8yxCuPDU0eDeoNIBDxttVTtWa08L1PYp5Mzc_w?e=5%3a0J1yd6&at=9

Files

Processes

URLs

Domains

IPs

Memdumps

DOM / HTML

IOC Report
https://goldstonemanagment-my.sharepoint.com/:o:/g/personal/sandrar_goldstonem_com/EsXLH__K8yxCuPDU0eDeoNIBDxttVTtWa08L1PYp5Mzc_w?e=5%3a0J1yd6&at=9