Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

http://180.104.246.3

URL

initial url

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1bbf3729-8856-4e9b-8809-e8e87da9ea7c.tmp

UTF-8 Unicode text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1cd1e788-cc40-44e6-8b38-5a19f1e3e3bf.tmp

ASCII text, with very long lines, with no line terminators

modified

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3c5bf8c7-bbb1-4be0-8d6b-c51ecef0730a.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4059da12-cecd-4fe2-bf2f-0b9c84f887ad.tmp

UTF-8 Unicode text, with very long lines, with no line terminators

modified

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\609f01de-31a8-4d6c-8920-8961dceb5737.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old_ (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session4 (copy)

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabsta (copy)

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State37 (copy)

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.oldun (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences.. (copy)

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

UTF-8 Unicode text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State.. (copy)

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\d782c689-3ce9-4c14-9742-00c6796b20e3.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity (copy)

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cd923072-bc1b-44ef-80fc-ccf156900767.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\ad01a795-7ec4-4a44-860d-94ceee977de4.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\d1878dbc-1024-4144-ae1c-e30391b71643.tmp

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\browser-sslkeys.log

ASCII text

dropped

There are 39 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://180.104.246.3'

Details

Is windows:	true
Is dropped:	false
PID:	5760
Target ID:	0
Parent PID:	4176
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://180.104.246.3'
Size:	2150896
MD5:	C139654B5C1438A95B321BB01AD63EF6
Time:	00:26:07
Date:	04/08/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff609c80000
Modulesize:	2199552
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,17160568527506305237,18363554842373443119,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	1848
Target ID:	1
Parent PID:	5760
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,17160568527506305237,18363554842373443119,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8
Size:	2150896
MD5:	C139654B5C1438A95B321BB01AD63EF6
Time:	00:26:08
Date:	04/08/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff609c80000
Modulesize:	2199552
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://www.google.com

unknown

https://dns.google

unknown

https://ogs.google.com

unknown

https://clients2.googleusercontent.com

unknown

https://apis.google.com

unknown

http://180.104.246.3/d=

unknown

https://play.google.com

unknown

https://accounts.google.com

unknown

https://clients2.google.com

unknown

http://180.104.246.3/

unknown

Domains

Name

Malicious

accounts.google.com

216.58.205.77

Details

Name:	accounts.google.com
IP:	216.58.205.77
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

clients.l.google.com

216.58.208.174

clients2.google.com

unknown

IPs

Domain

Country

Malicious

216.58.208.174

clients.l.google.com

United States

Details

IP:	216.58.208.174
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	clients.l.google.com

192.168.2.1

unknown

239.255.255.250

unknown

Reserved

216.58.205.77

accounts.google.com

United States

Details

IP:	216.58.205.77
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	accounts.google.com

180.104.246.3

unknown

China

Details

IP:	180.104.246.3
TargetID:	0
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	China
Countrycode:	CHN
ASN number:	137702
ASN name:	CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvince
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking

127.0.0.1

unknown

Registry

Path

Value

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

ahfgeienlihckogmohjhadlkjgocpleb

C:\Program Files\Google\Chrome\Application\chrome.exe

gdaefkejpgkiemlaofpalmlakkmbjdnl

C:\Program Files\Google\Chrome\Application\chrome.exe

gfdkimpbcpahaombhbimeihdjnejgicl

C:\Program Files\Google\Chrome\Application\chrome.exe

kmendfapggjehodndflmmgagdbamhnfd

C:\Program Files\Google\Chrome\Application\chrome.exe

mfehgcgbbipciphmccgaenjidiccnmng

C:\Program Files\Google\Chrome\Application\chrome.exe

mhjfbmdgcfjbbpaeojofohoefgiehjai

C:\Program Files\Google\Chrome\Application\chrome.exe

neajdppkdcdipfabeoofebfddakdcjhd

C:\Program Files\Google\Chrome\Application\chrome.exe

nkeimhogjdpnpccoofpliimaahmaaome

C:\Program Files\Google\Chrome\Application\chrome.exe

prefs.preference_reset_time

C:\Program Files\Google\Chrome\Application\chrome.exe

gfdkimpbcpahaombhbimeihdjnejgicl

C:\Program Files\Google\Chrome\Application\chrome.exe

state

C:\Program Files\Google\Chrome\Application\chrome.exe

StatusCodes

C:\Program Files\Google\Chrome\Application\chrome.exe

StatusCodes

C:\Program Files\Google\Chrome\Application\chrome.exe

state

C:\Program Files\Google\Chrome\Application\chrome.exe

software_reporter.reporting

C:\Program Files\Google\Chrome\Application\chrome.exe

module_blacklist_cache_md5_digest

C:\Program Files\Google\Chrome\Application\chrome.exe

media.storage_id_salt

C:\Program Files\Google\Chrome\Application\chrome.exe

google.services.last_account_id

C:\Program Files\Google\Chrome\Application\chrome.exe

google.services.account_id

C:\Program Files\Google\Chrome\Application\chrome.exe

software_reporter.prompt_seed

C:\Program Files\Google\Chrome\Application\chrome.exe

settings_reset_prompt.last_triggered_for_homepage

C:\Program Files\Google\Chrome\Application\chrome.exe

default_search_provider_data.template_url_data

C:\Program Files\Google\Chrome\Application\chrome.exe

safebrowsing.incidents_sent

C:\Program Files\Google\Chrome\Application\chrome.exe

pinned_tabs

C:\Program Files\Google\Chrome\Application\chrome.exe

search_provider_overrides

C:\Program Files\Google\Chrome\Application\chrome.exe

settings_reset_prompt.last_triggered_for_default_search

C:\Program Files\Google\Chrome\Application\chrome.exe

prefs.preference_reset_time

C:\Program Files\Google\Chrome\Application\chrome.exe

google.services.last_username

C:\Program Files\Google\Chrome\Application\chrome.exe

session.startup_urls

C:\Program Files\Google\Chrome\Application\chrome.exe

session.restore_on_startup

C:\Program Files\Google\Chrome\Application\chrome.exe

software_reporter.prompt_version

C:\Program Files\Google\Chrome\Application\chrome.exe

settings_reset_prompt.last_triggered_for_startup_urls

C:\Program Files\Google\Chrome\Application\chrome.exe

settings_reset_prompt.prompt_wave

C:\Program Files\Google\Chrome\Application\chrome.exe

homepage

C:\Program Files\Google\Chrome\Application\chrome.exe

homepage_is_newtabpage

C:\Program Files\Google\Chrome\Application\chrome.exe

browser.show_home_button

C:\Program Files\Google\Chrome\Application\chrome.exe

user_experience_metrics.stability.exited_cleanly

C:\Program Files\Google\Chrome\Application\chrome.exe

lastrun

There are 29 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF5BCD1A000

unkown

page readonly

7FF5A85BE000

unkown

page readonly

7FF5A862C000

unkown

page readonly

7FF5A86F7000

unkown

page readonly

1D99A688000

unkown

page read and write

7FF5A873D000

unkown

page readonly

28178013000

unkown

page read and write

7FF5BCD22000

unkown

page readonly

2817808E000

unkown

page read and write

7FF5A87AA000

unkown

page readonly

7FF5BC805000

unkown

page readonly

1D99AE02000

unkown

page read and write

1D99A4F0000

heap default

page read and write

7FF5BCC67000

unkown

page readonly

7FF5BCC74000

unkown

page readonly

5067E75000

unkown

page read and write

7FF5BCD14000

unkown

page readonly

9CD4C7D000

unkown

page read and write

7FF5BCB11000

unkown

page readonly

9CD4D7C000

unkown

page read and write

7FF5A871F000

unkown

page readonly

7FF5A8286000

unkown

page readonly

28178750000

unkown

page read and write

7FF5A86C0000

unkown

page readonly

7FF5BC0E4000

unkown

page readonly

7FF5A87A4000

unkown

page readonly

7FF5A86CB000

unkown

page readonly

7FF5A8511000

unkown

page readonly

7FF5BCC5C000

unkown

page readonly

7FF5BCB83000

unkown

page readonly

7FF5A860D000

unkown

page readonly

1D99A66F000

unkown

page read and write

1D99A602000

unkown

page read and write

281784D0000

unkown

page readonly

7FF5A8280000

unkown

page readonly

28178000000

unkown

page read and write

7FF5BCC30000

unkown

page readonly

7FF5BCC2E000

unkown

page readonly

1D99ACA0000

unkown

page readonly

28178740000

unkown

page readonly

7FF5A8736000

unkown

page readonly

1D99A68D000

unkown

page read and write

7FF5A86BE000

unkown

page readonly

9CD494B000

unkown

page read and write

1D99A65A000

unkown

page read and write

7FF5BCB94000

unkown

page readonly

5068077000

unkown

page read and write

7FF5A8728000

unkown

page readonly

7FF5BCC7A000

unkown

page readonly

2817803C000

unkown

page read and write

7FF5A8563000

unkown

page readonly

7FF5BC9A7000

unkown

page readonly

1D99A5E0000

unkown

page readonly

7FF5A8613000

unkown

page readonly

1D99A67C000

unkown

page read and write

1D99A600000

unkown

page read and write

506827F000

unkown

page read and write

7FF5BCC35000

unkown

page readonly

28178670000

unkown

page readonly

1D99B000000

unkown

page readonly

7FF5BCC9E000

unkown

page readonly

1D99A654000

unkown

page read and write

7FF5BCCAD000

unkown

page readonly

9CD51FE000

unkown

page read and write

9CD4EFE000

unkown

page read and write

7FF5BC9B0000

unkown

page readonly

9CD4E7B000

unkown

page read and write

28178102000

unkown

page read and write

28178802000

unkown

page read and write

7FF5BCC8F000

unkown

page readonly

5067D7E000

unkown

page read and write

281782D0000

unkown

page readonly

1D99A708000

unkown

page read and write

506817F000

unkown

page read and write

7FF5A870A000

unkown

page readonly

7FF5A8437000

unkown

page readonly

7FF5A86EF000

unkown

page readonly

1D99A702000

unkown

page read and write

7FF5A86EC000

unkown

page readonly

1D99A66F000

unkown

page read and write

7FF5A86D7000

unkown

page readonly

28177FF0000

heap default

page read and write

7FF5A872E000

unkown

page readonly

9CD49CE000

unkown

page read and write

7FF5BCC1A000

unkown

page readonly

7FF5BCC5F000

unkown

page readonly

7FF5BCCA6000

unkown

page readonly

1D99A5F0000

unkown

page read and write

1D99A65D000

unkown

page read and write

7FF5A85BB000

unkown

page readonly

7FF5BCC1C000

unkown

page readonly

7FF5BC7F0000

unkown

page readonly

7FF5A87B1000

unkown

page readonly

7FF5BCC47000

unkown

page readonly

7FF5A8624000

unkown

page readonly

28178113000

unkown

page read and write

1D99A63C000

unkown

page read and write

7FF5BC7F6000

unkown

page readonly

7FF5BCC2A000

unkown

page readonly

7FF5A86BA000

unkown

page readonly

7FF5BCC84000

unkown

page readonly

7FF5BCC3B000

unkown

page readonly

1D99A664000

unkown

page read and write

7FF5A8739000

unkown

page readonly

5067CFD000

unkown

page read and write

9CD50FF000

unkown

page read and write

1D99A613000

unkown

page read and write

2817808A000

unkown

page read and write

9CD4FF7000

unkown

page read and write

2817802A000

unkown

page read and write

7FF5A86AC000

unkown

page readonly

1D99A713000

unkown

page read and write

28177F90000

heap private

page read and write

7FF5A833A000

unkown

page readonly

1D99A490000

heap private

page read and write

5067C7B000

unkown

page read and write

28178A00000

unkown

page readonly

1D99A62A000

unkown

page read and write

7FF5BCD21000

unkown

page readonly

5067F7B000

unkown

page read and write

7FF5A7B74000

unkown

page readonly

7FF5BC0DE000

unkown

page readonly

7FF5BCB7D000

unkown

page readonly

28178200000

unkown

page readonly

7FF5A8714000

unkown

page readonly

7FF5A87B2000

unkown

page readonly

1D99A800000

unkown

page readonly

7FF5BCA81000

unkown

page readonly

1D99A5D0000

unkown

page readonly

1D99A500000

unkown

page readonly

7FF5BCCA9000

unkown

page readonly

1D99A67C000

unkown

page read and write

7FF5A86C5000

unkown

page readonly

7FF5BCAD3000

unkown

page readonly

7FF5A85A1000

unkown

page readonly

1D99A700000

unkown

page read and write

1D99A65F000

unkown

page read and write

7FF5A8704000

unkown

page readonly

7FF5BCC98000

unkown

page readonly

7FF5BCB9C000

unkown

page readonly

7FF5A8295000

unkown

page readonly

2817806A000

unkown

page read and write

7FF5BCB2B000

unkown

page readonly

7FF5A86AA000

unkown

page readonly

There are 134 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps