Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank

Details

Is windows:	true
Is dropped:	false
PID:	5508
Target ID:	0
Parent PID:	3176
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	11:35:19
Date:	26/05/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1768,i,3249229338383296899,15023654663304245028,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2968
Target ID:	2
Parent PID:	5508
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1768,i,3249229338383296899,15023654663304245028,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	11:35:20
Date:	26/05/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s3.amazonaws.com/v5c323s5fg7hnj-794372450934/tv.html

Details

Is windows:	true
Is dropped:	false
PID:	6384
Target ID:	3
Parent PID:	3176
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s3.amazonaws.com/v5c323s5fg7hnj-794372450934/tv.html
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	11:35:23
Date:	26/05/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://s3.amazonaws.com/v5c323s5fg7hnj-794372450934/tv.html

Details

Filetype:	URL
Filename:	https://s3.amazonaws.com/v5c323s5fg7hnj-794372450934/tv.html

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Downloads files from webservers via HTTP	Networking	Non-Application Layer Protocol Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking
Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)	Networking
Classification label	System Summary
Creates files inside the program directory	System Summary	Masquerading
Uses HTTPS	Networking	Encrypted Channel
Spawns processes	System Summary	Process Injection
Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Posts data to webserver	Networking
Creates a directory in C:\Program Files	Compliance, System Summary
Found graphical window changes (likely an installer)	System Summary

https://s3.amazonaws.com/favicon.ico

52.217.87.206

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

216.58.215.238

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

172.217.168.45

https://s3.amazonaws.com/v5c323s5fg7hnj-794372450934/tv.html

52.217.87.206

Details

Name:	https://s3.amazonaws.com/v5c323s5fg7hnj-794372450934/tv.html
IP:	52.217.87.206
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

s3.amazonaws.com

52.217.122.24

Details

Name:	s3.amazonaws.com
IP:	52.217.122.24
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Spawns processes	System Summary	Process Injection

accounts.google.com

172.217.168.45

Details

Name:	accounts.google.com
IP:	172.217.168.45
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

142.250.203.100

Details

Name:	www.google.com
IP:	142.250.203.100
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

clients.l.google.com

216.58.215.238

clients2.google.com

unknown

Details

Name:	clients2.google.com
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

IPs

Domain

Country

Malicious

172.217.168.45

accounts.google.com

United States

192.168.2.1

unknown

239.255.255.250

unknown

Reserved

216.58.215.238

clients.l.google.com

United States

142.250.203.100

www.google.com

United States

52.217.87.206

unknown

United States

Memdumps

Base Address

Regiontype

Protect

Malicious

246989A0000

trusted library allocation

page read and write

24698670000

trusted library allocation

page read and write

246989F9000

heap

page read and write

246989F5000

heap

page read and write

2469871C000

heap

page read and write

24698A00000

trusted library allocation

page read and write

246989E0000

trusted library allocation

page read and write

24698720000

heap

page read and write

24698739000

heap

page read and write

246994F0000

trusted library allocation

page read and write

246988C0000

heap

page read and write

E4790CB000

stack

page read and write

24698940000

trusted library allocation

page read and write

24698660000

heap

page read and write

2469871D000

heap

page read and write

246986D8000

heap

page read and write

24698930000

trusted library allocation

page read and write

246986D0000

heap

page read and write

E4794F9000

stack

page read and write

24698720000

heap

page read and write

24699710000

trusted library allocation

page read and write

246986F5000

heap

page read and write

24698720000

heap

page read and write

24698718000

heap

page read and write

246988A0000

heap

page read and write

E479479000

stack

page read and write

246989F0000

heap

page read and write

E4795FB000

stack

page read and write

24699770000

trusted library allocation

page read and write

24699720000

trusted library allocation

page read and write

E47957E000

stack

page read and write

24699700000

heap

page readonly

There are 22 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://s3.amazonaws.com/v5c323s5fg7hnj-794372450934/tv.html

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://s3.amazonaws.com/v5c323s5fg7hnj-794372450934/tv.html

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
https://s3.amazonaws.com/v5c323s5fg7hnj-794372450934/tv.html