Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank

Details

Is windows:	true
Is dropped:	false
PID:	5576
Target ID:	0
Parent PID:	4040
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	18:19:54
Date:	07/02/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1704,i,16132118233755685620,6475161574412490261,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	4904
Target ID:	1
Parent PID:	5576
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1704,i,16132118233755685620,6475161574412490261,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	18:19:55
Date:	07/02/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meta-checkpoint-875010059.azurewebsites.net/captcha

Details

Is windows:	true
Is dropped:	false
PID:	5656
Target ID:	2
Parent PID:	4040
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meta-checkpoint-875010059.azurewebsites.net/captcha
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	18:19:56
Date:	07/02/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://meta-checkpoint-875010059.azurewebsites.net/captcha

https://newassets.hcaptcha.com/captcha/v1/5a6011a/hcaptcha.js

104.16.168.131

https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js

151.101.1.229

https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css

151.101.1.229

https://meta-checkpoint-875010059.azurewebsites.net/captcha

https://js.hcaptcha.com/1/api.js

104.16.169.131

https://hcaptcha.com/checksiteconfig?v=5a6011a&host=meta-checkpoint-875010059.azurewebsites.net&sitekey=2090dde0-1a4a-4119-ac94-68dbc4180559&sc=1&swa=1

104.16.168.131

https://newassets.hcaptcha.com/captcha/v1/5a6011a/static/hcaptcha.html

104.16.168.131

https://newassets.hcaptcha.com/i/b2a3a9e/e

104.16.168.131

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

216.58.209.45

https://newassets.hcaptcha.com/captcha/v1/5a6011a/static/hcaptcha.html#frame=checkbox&id=0x37lmbbefh&host=meta-checkpoint-875010059.azurewebsites.net&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&sitekey=2090dde0-1a4a-4119-ac94-68dbc4180559&theme=light&origin=https%3A%2F%2Fmeta-checkpoint-875010059.azurewebsites.net

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

142.250.180.174

https://newassets.hcaptcha.com/c/b2a3a9e/hsw.js

104.16.168.131

https://newassets.hcaptcha.com/captcha/v1/5a6011a/static/hcaptcha.html#frame=challenge&id=0x37lmbbefh&host=meta-checkpoint-875010059.azurewebsites.net&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&sitekey=2090dde0-1a4a-4119-ac94-68dbc4180559&theme=light&origin=https%3A%2F%2Fmeta-checkpoint-875010059.azurewebsites.net

There are 3 hidden URLs, click here to show them.

Domains

Name

Malicious

jsdelivr.map.fastly.net

151.101.1.229

hcaptcha.com

104.16.168.131

accounts.google.com

216.58.209.45

js.hcaptcha.com

104.16.169.131

clients.l.google.com

142.250.180.174

newassets.hcaptcha.com

104.16.168.131

clients2.google.com

unknown

code.jquery.com

unknown

cdn.jsdelivr.net

unknown

meta-checkpoint-875010059.azurewebsites.net

unknown

IPs

Domain

Country

Malicious

151.101.1.229

jsdelivr.map.fastly.net

United States

192.168.2.1

unknown

216.58.209.45

accounts.google.com

United States

104.16.168.131

hcaptcha.com

United States

192.168.2.4

unknown

192.168.2.3

unknown

192.168.2.5

unknown

104.16.169.131

js.hcaptcha.com

United States

239.255.255.250

unknown

Reserved

142.250.180.174

clients.l.google.com

United States

127.0.0.1

unknown

There are 1 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Microsoft\Speech_OneCore\Voices

DefaultTokenId

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.cdm.origin_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

module_blocklist_cache_md5_digest

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_username

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry

TraceTimeLast

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

There are 45 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2C31D720000

heap

page read and write

2C31D8A0000

heap

page read and write

EFA3A7C000

stack

page read and write

2C31D7C0000

trusted library allocation

page read and write

2C31D813000

heap

page read and write

2C31D83D000

heap

page read and write

2C31D862000

heap

page read and write

2C31D86D000

heap

page read and write

EFA3C7D000

stack

page read and write

EFA3B7E000

stack

page read and write

2C31D800000

heap

page read and write

2C31D84F000

heap

page read and write

2C31D83B000

heap

page read and write

EFA387C000

stack

page read and write

2C31D871000

heap

page read and write

2C31D875000

heap

page read and write

2C31D730000

heap

page read and write

EFA3D7D000

stack

page read and write

2C31D829000

heap

page read and write

2C31D902000

heap

page read and write

EFA3E7D000

stack

page read and write

2C31D7E0000

trusted library allocation

page read and write

2C31D867000

heap

page read and write

2C31E202000

trusted library allocation

page read and write

2C31D790000

heap

page read and write

2C31D846000

heap

page read and write

2C31D8AD000

heap

page read and write

There are 17 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://meta-checkpoint-875010059.azurewebsites.net/captcha

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://meta-checkpoint-875010059.azurewebsites.net/captcha

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://meta-checkpoint-875010059.azurewebsites.net/captcha

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML

IOC Report
https://meta-checkpoint-875010059.azurewebsites.net/captcha