Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank

Details

Is windows:	true
Is dropped:	false
PID:	1016
Target ID:	0
Parent PID:	7652
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Size:	2509656
MD5:	464953824E644F10FFDC9E093FD18F94
Time:	22:25:21
Date:	20/03/2023
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff71cb20000
Modulesize:	2568192
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1700,18324760747851478443,7253911549642704679,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	8132
Target ID:	1
Parent PID:	1016
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1700,18324760747851478443,7253911549642704679,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:8
Size:	2509656
MD5:	464953824E644F10FFDC9E093FD18F94
Time:	22:25:22
Date:	20/03/2023
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff71cb20000
Modulesize:	2568192
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udce7 Tax Statements-2-121_076_454656_3-4(4).hTm

Details

Is windows:	true
Is dropped:	false
PID:	4464
Target ID:	3
Parent PID:	7652
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udce7 Tax Statements-2-121_076_454656_3-4(4).hTm
Size:	2509656
MD5:	464953824E644F10FFDC9E093FD18F94
Time:	22:25:22
Date:	20/03/2023
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff71cb20000
Modulesize:	2568192
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

file:///C:/Users/user/Desktop/%23Ud83d%23Udce7%20Tax%20Statements-2-121_076_454656_3-4(4).hTm

https://www.google.com/recaptcha/api2/anchor?ar=1&k=%0A6Lcf2-EhAAAAAAb4lCjGZLljSQMQ9lL7LxhkWGBN&co=aHR0cHM6Ly9mdWFkcmFzaGlkLmNvbTo0NDM.&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=normal&cb=eys0y7domytm

142.250.185.196

https://fuadrashid.com/su35/gtl/

192.185.113.229

https://fuadrashid.com/su35/gtl/9d3844dcadd00b46e3c10b77a0a825247573748608401705203573270e089c75a6b105a2f85776e2cdd4528476e3084017052035a93c9f185932557fd997ff3a4ba3e0e124e9a338084017052035b5c58094f8174d1bce72ba953e424e3130f4df0b084017052035/gUNkRyOTOnTErUDeoDOLI

192.185.113.229

https://www.google.com/recaptcha/api.js

142.250.185.196

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

142.250.185.77

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=94.0.4606.61&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

142.250.185.142

192.185.113.229

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me

142.250.185.196

https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6Lcf2-EhAAAAAAb4lCjGZLljSQMQ9lL7LxhkWGBN

142.250.185.196

https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6Lcf2-EhAAAAAAb4lCjGZLljSQMQ9lL7LxhkWGBN

There are 3 hidden URLs, click here to show them.

Domains

Name

Malicious

accounts.google.com

142.250.185.77

Details

Name:	accounts.google.com
IP:	142.250.185.77
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

142.250.185.196

Details

Name:	www.google.com
IP:	142.250.185.196
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

clients.l.google.com

142.250.185.142

fuadrashid.com

192.185.113.229

Details

Name:	fuadrashid.com
IP:	192.185.113.229
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

clients2.google.com

unknown

IPs

Domain

Country

Malicious

142.250.185.77

accounts.google.com

United States

192.168.11.1

unknown

192.168.11.20

unknown

Details

IP:	192.168.11.20
TargetID:	0
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Private:	true

Signature Hits	Behavior Group	Mitre Attack
Sends SSDP (simple service discovery protocol) broadcast queries	Networking	Network Service Scanning
Uses secure TLS version for HTTPS connections	Compliance, Networking

239.255.255.250

unknown

Reserved

Details

IP:	239.255.255.250
TargetID:	0
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	Reserved
Countrycode:	ZZZ
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Sends SSDP (simple service discovery protocol) broadcast queries	Networking	Network Service Scanning

142.250.185.196

www.google.com

United States

142.250.185.142

clients.l.google.com

United States

192.185.113.229

fuadrashid.com

United States

127.0.0.1

unknown

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3425316567-2969588382-3778222414-1001

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

gfdkimpbcpahaombhbimeihdjnejgicl

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

gfdkimpbcpahaombhbimeihdjnejgicl

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

gfdkimpbcpahaombhbimeihdjnejgicl

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

media.cdm.origin_data

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

google.services.last_account_id

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

google.services.account_id

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

module_blocklist_cache_md5_digest

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

google.services.last_username

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3425316567-2969588382-3778222414-1001

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon

state

There are 42 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

51EEFE000

stack

page read and write

170D3265000

heap

page read and write

42EA67F000

stack

page read and write

11E2ED80000

heap

page read and write

42EA1DB000

stack

page read and write

170D2F40000

heap

page read and write

11E2ECE0000

heap

page read and write

170D3090000

heap

page read and write

11E2EF50000

heap

page read and write

11E2F015000

heap

page read and write

170D3190000

heap

page read and write

42EA4FE000

stack

page read and write

11E2EDB6000

heap

page read and write

42EA47E000

stack

page read and write

11E2ED88000

heap

page read and write

51EAEA000

stack

page read and write

42EA5FF000

stack

page read and write

170D309B000

heap

page read and write

170D3270000

heap

page read and write

170D30BB000

heap

page read and write

170D3080000

unclassified section

page readonly

11E2F020000

heap

page read and write

42EA6FA000

stack

page read and write

170D3260000

heap

page read and write

11E2F010000

heap

page read and write

42EA57F000

stack

page read and write

There are 16 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

file:///C:/Users/user/Desktop/%23Ud83d%23Udce7%20Tax%20Statements-2-121_076_454656_3-4(4).hTm

https://www.google.com/recaptcha/api2/anchor?ar=1&k=%0A6Lcf2-EhAAAAAAb4lCjGZLljSQMQ9lL7LxhkWGBN&co=aHR0cHM6Ly9mdWFkcmFzaGlkLmNvbTo0NDM.&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=normal&cb=eys0y7domytm

https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6Lcf2-EhAAAAAAb4lCjGZLljSQMQ9lL7LxhkWGBN

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
#Ud83d#Udce7 Tax Statements-2-121_076_454656_3-4(4).hTm

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report#Ud83d#Udce7 Tax Statements-2-121_076_454656_3-4(4).hTm

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML

IOC Report
#Ud83d#Udce7 Tax Statements-2-121_076_454656_3-4(4).hTm