Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank

Details

Is windows:	true
Is dropped:	false
PID:	5156
Target ID:	0
Parent PID:	2508
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	18:21:31
Date:	07/02/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6f9750000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1636 --field-trial-handle=1772,i,10089015272738415623,17700598493285716523,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	4904
Target ID:	1
Parent PID:	5156
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1636 --field-trial-handle=1772,i,10089015272738415623,17700598493285716523,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	18:21:33
Date:	07/02/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6f9750000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.canva.com

Details

Is windows:	true
Is dropped:	false
PID:	5692
Target ID:	2
Parent PID:	2508
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.canva.com
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	18:21:34
Date:	07/02/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6f9750000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6180 --field-trial-handle=1772,i,10089015272738415623,17700598493285716523,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	1592
Target ID:	4
Parent PID:	5156
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6180 --field-trial-handle=1772,i,10089015272738415623,17700598493285716523,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	18:21:45
Date:	07/02/2023
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6f9750000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://www.canva.com

https://www.canva.com/_ajax/consent/check

104.17.114.17

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.95

157.240.17.15

https://accounts.google.com/gsi/status?client_id=779010036194-lf6spugv22vvj41pqjdj4d8k2tq7o5fd.apps.googleusercontent.com&as=bCClXdV%2FZODP%2FJcmsRgmBQ

216.58.209.45

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-37190734-9&cid=1615252243.1675822951&jid=2044558087&gjid=1841022744&_gid=481059741.1675822953&_u=YCDAgEABAAAAAEgFK~&z=1047222868

142.251.31.157

https://static.canva.com/web/93daaef2e244cef5.ltr.css

104.17.114.17

https://static.canva.com/web/f8551c82c4f183cf.vendor.js

104.17.114.17

https://static.canva.com/static/images/android-192x192-2.png

104.17.114.17

https://content-management-files.canva.com/cdn-cgi/image/format=auto,w=800/9690b17e-f3ad-4278-8680-f3c35d6549d5/hero-banner-en-1600x852-placeholder.jpg

104.17.114.17

https://static.canva.com/web/7b9533eb05694c5c.runtime.js

104.17.114.17

https://www.canva.com/

104.17.114.17

https://accounts.google.com/gsi/style

216.58.209.45

https://www.canva.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1675814400

104.17.114.17

https://www.canva.com/cdn-cgi/challenge-platform/h/g/cv/result/795dcd8ccaa9bb43

104.17.114.17

https://accounts.google.com/gsi/client

216.58.209.45

https://static.canva.com/web/d6c62c87c7343321.js

104.17.114.17

https://www.canva.com/_ajax/consent/add

104.17.114.17

https://www.canva.com/_ajax/csrf3/consent

104.17.114.17

https://static.canva.com/static/images/favicon-1.ico

104.17.114.17

https://static.canva.com/web/9e60d146b34626d3.vendor.js

104.17.114.17

https://content-management-files.canva.com/943bd1b3-ffd6-4892-a4df-b107cb33e657/hero-banner-en-1600x852.mp4

104.17.114.17

https://content-management-files.canva.com/cdn-cgi/image/format=auto,w=454/b3bbd63b-12e6-43de-abe6-d6652fb3deea/template-2.jpg

104.17.114.17

https://connect.facebook.net/en_US/fbevents.js

157.240.17.15

https://static.canva.com/web/e3cc65ee81118233.vendor.js

104.17.114.17

https://static.canva.com/static/lib/sentry/7.16.0.min.js

104.17.114.17

https://www.canva.com/_ajax/csrf3/ae

104.17.114.17

https://static.canva.com/web/c2d180aa5829c77d.strings.js

104.17.114.17

https://static.canva.com/web/8cf1e53e7c516ca0.ltr.css

104.17.114.17

https://static.canva.com/web/7737b0b6b6b0cd06.js

104.17.114.17

https://static.canva.com/web/af9330c9659a5a59.js

104.17.114.17

https://static.canva.com/web/987f23139cf1f7a4.ltr.css

104.17.114.17

https://static.canva.com/web/18493a962b2a29d9.js

104.17.114.17

https://static.canva.com/web/b2ed1d602f16eb9e.runtime.js

104.17.114.17

https://static.canva.com/web/9b8a5b85111cafd4.ltr.css

104.17.114.17

https://static.canva.com/web/1bc16f36a7578f71.js

104.17.114.17

https://static.canva.com/web/0ab07b37dd750274.vendor.js

104.17.114.17

https://static.canva.com/web/bb5f427f24ae06c8.vendor.js

104.17.114.17

https://content-management-files.canva.com/cdn-cgi/image/format=auto,w=340/35b5c343-4194-4ae8-90f1-7ec803d4600d/template-4.jpg

104.17.114.17

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

216.58.209.45

https://static.canva.com/web/images/12487a1e0770d29351bd4ce4f87ec8fe.svg

104.17.114.17

https://www.canva.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js

104.17.114.17

https://www.canva.com/cdn-cgi/rum?

104.17.114.17

https://www.canva.com/_online?1675822957483

104.17.114.17

https://www.canva.com/_ajax/ae/createBatch

104.17.114.17

https://static.canva.com/web/606e898f092126b7.en.js

104.17.114.17

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-37190734-9&cid=1615252243.1675822951&jid=2044558087&_u=YCDAgEABAAAAAEgFK~&z=498658461

142.250.184.100

https://o13855.ingest.sentry.io/api/5862012/envelope/?sentry_key=3e6b0deb414549c8901b5382885e478b&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.16.0

34.120.195.249

https://static.canva.com/web/fce11b7cbfb0248a.js

104.17.114.17

https://static.canva.com/web/d25dfa802c8b885c.js

104.17.114.17

https://static.canva.com/web/images/cff149ee1e9d2be50ac77bcd86769d05.woff2

104.17.114.17

https://content-management-files.canva.com/cdn-cgi/image/format=auto,w=300/22f18aa3-ac5c-45b6-bd4a-93fbfdd754f2/template-1.jpg

104.17.114.17

https://www.facebook.com/tr/?id=844585682227065&ev=ViewContent&dl=https%3A%2F%2Fwww.canva.com%2F&rl=&if=false&ts=1675822961012&sw=1280&sh=1024&ud[product_variant]=612f7a0edd33d5c1a7f59b38db605f5f0f9bf63cb4ce753b9bad0ff3aa941412&ud[country]=343677762813eaeb65704cc8d9e96f7a444ba0cca92ff861af7f68648b3e6ef1&v=2.9.95&r=stable&ec=1&o=30&fbp=fb.1.1675822961005.401739065&it=1675822953891&coo=false&eid=1675822927425_e044d839-6497-49c8-b55b-862f1c8ed02b_33&tm=1&rqm=GET

157.240.253.35

https://static.canva.com/web/abd4708436db3a4f.strings.js

104.17.114.17

https://static.canva.com/web/ba17ed9d9da61a7f.vendor.js

104.17.114.17

https://static.canva.com/web/8022d546fc18572e.js

104.17.114.17

https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

104.16.56.101

https://www.canva.com/_online?1675822930156

104.17.114.17

https://www.canva.com/

https://static.canva.com/web/ddb0f29556b417a7.js

104.17.114.17

https://content-management-files.canva.com/cdn-cgi/image/format=auto,w=306/673b652f-2614-43ff-8647-81ecbdb04678/template-3.jpg

104.17.114.17

https://www.canva.com/_ajax/designspec/spec/search?query=&limit=15

104.17.114.17

https://static.canva.com/web/4dc453f1b320cee8.runtime.js

104.17.114.17

https://www.facebook.com/tr/

157.240.253.35

https://www.canva.com/_online?1675822993078

104.17.114.17

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

142.250.180.174

https://static.canva.com/web/ec3712e0406a8a87.js

104.17.114.17

https://static.canva.com/web/d787ac8bca204aa4.vendor.js

104.17.114.17

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-37190734-9&cid=1615252243.1675822951&jid=2044558087&_u=YCDAgEABAAAAAEgFK~&z=498658461

142.251.209.3

https://www.facebook.com/tr/?id=844585682227065&ev=homepage_visit&dl=https%3A%2F%2Fwww.canva.com%2F&rl=&if=false&ts=1675822961007&sw=1280&sh=1024&ud[product_variant]=612f7a0edd33d5c1a7f59b38db605f5f0f9bf63cb4ce753b9bad0ff3aa941412&ud[country]=343677762813eaeb65704cc8d9e96f7a444ba0cca92ff861af7f68648b3e6ef1&v=2.9.95&r=stable&ec=0&o=30&fbp=fb.1.1675822961005.401739065&it=1675822953891&coo=false&eid=1675822927425_e044d839-6497-49c8-b55b-862f1c8ed02b_33&tm=2&rqm=GET

157.240.253.35

https://connect.facebook.net/signals/config/844585682227065?v=2.9.95&r=stable

157.240.17.15

There are 59 hidden URLs, click here to show them.

Domains

Name

Malicious

star-mini.c10r.facebook.com

157.240.253.35

content-management-files.canva.com

104.17.114.17

scontent.xx.fbcdn.net

157.240.17.15

static.cloudflareinsights.com

104.16.56.101

accounts.google.com

216.58.209.45

o13855.ingest.sentry.io

34.120.195.249

static.canva.com

104.17.114.17

www.google.co.uk

142.251.209.3

www.google.com

142.250.184.100

clients.l.google.com

142.250.180.174

www.canva.com

104.17.114.17

stats.g.doubleclick.net

142.251.31.157

www.facebook.com

unknown

sdk.iad-01.braze.com

unknown

connect.facebook.net

unknown

clients2.google.com

unknown

There are 6 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

192.168.2.1

unknown

104.17.114.17

content-management-files.canva.com

United States

142.251.31.157

stats.g.doubleclick.net

United States

142.251.209.3

www.google.co.uk

United States

216.58.209.45

accounts.google.com

United States

157.240.17.15

scontent.xx.fbcdn.net

United States

239.255.255.250

unknown

Reserved

104.16.56.101

static.cloudflareinsights.com

United States

157.240.253.35

star-mini.c10r.facebook.com

United States

142.250.184.100

www.google.com

United States

142.250.180.174

clients.l.google.com

United States

34.120.195.249

o13855.ingest.sentry.io

United States

There are 2 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Microsoft\Speech_OneCore\Voices

DefaultTokenId

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.cdm.origin_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

module_blocklist_cache_md5_digest

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_username

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry

TraceTimeLast

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

There are 42 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2118B23E000

heap

page read and write

2118B279000

heap

page read and write

F18E87B000

stack

page read and write

2118B213000

heap

page read and write

2118B150000

heap

page read and write

2118B300000

heap

page read and write

2118B268000

heap

page read and write

2118B302000

heap

page read and write

F18E97E000

stack

page read and write

2118B200000

heap

page read and write

F18EA7F000

stack

page read and write

2118BC02000

trusted library allocation

page read and write

2118B202000

heap

page read and write

2118B228000

heap

page read and write

2118B257000

heap

page read and write

F18EB7D000

stack

page read and write

2118B1E0000

trusted library allocation

page read and write

2118B140000

heap

page read and write

2118B313000

heap

page read and write

2118B1B0000

heap

page read and write

F18E32C000

stack

page read and write

There are 11 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://www.canva.com/

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://www.canva.com

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://www.canva.com

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML

IOC Report
https://www.canva.com