Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\login.html

Details

Is windows:	true
Is dropped:	false
PID:	5996
Target ID:	0
Parent PID:	3840
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\login.html
Size:	2852640
MD5:	7BC7B4AEDC055BB02BCB52710132E9E1
Time:	12:48:58
Date:	26/05/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff70f0c0000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1768,i,8600265007674146631,948493388715969417,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2480
Target ID:	1
Parent PID:	5996
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1768,i,8600265007674146631,948493388715969417,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Size:	2852640
MD5:	7BC7B4AEDC055BB02BCB52710132E9E1
Time:	12:49:00
Date:	26/05/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff70f0c0000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

file:///C:/Users/user/Desktop/login.html

http://underscorejs.org/LICENSE

unknown

http://www.apache.org/licenses/LICENSE-2.0

unknown

https://jquery.org/license

unknown

https://g.co/ng/security#xss)

unknown

http://www.broofa.com

unknown

https://github.com/dcodeIO/long.js

unknown

https://github.com/dcodeIO/protobuf.js

unknown

https://jquery.com/

unknown

https://angular.io/api/core/Component#animations).

unknown

https://angular.io/errors/$

unknown

https://angular.io/

unknown

https://lodash.com/

unknown

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

216.58.212.173

https://github.com/dcodeIO/bytebuffer.js

unknown

https://lodash.com/license

unknown

https://angular.io/license

unknown

https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_animated_properties)

unknown

https://openjsf.org/

unknown

https://sizzlejs.com/

unknown

https://js.foundation/

unknown

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

142.250.186.78

There are 12 hidden URLs, click here to show them.

Domains

Name

Malicious

accounts.google.com

216.58.212.173

Details

Name:	accounts.google.com
IP:	216.58.212.173
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

142.250.186.132

Details

Name:	www.google.com
IP:	142.250.186.132
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

clients.l.google.com

142.250.186.78

clients2.google.com

unknown

Details

Name:	clients2.google.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

142.250.186.78

clients.l.google.com

United States

192.168.2.1

unknown

239.255.255.250

unknown

Reserved

216.58.212.173

accounts.google.com

United States

192.168.8.1

unknown

172.217.16.196

unknown

United States

Memdumps

Base Address

Regiontype

Protect

Malicious

1A8D7E7F000

heap

page read and write

1A8D8712000

heap

page read and write

1A8D7E6A000

heap

page read and write

67683FE000

stack

page read and write

676807B000

stack

page read and write

1A8D7E2B000

heap

page read and write

1A8D7EF6000

heap

page read and write

67680FE000

stack

page read and write

67684FB000

stack

page read and write

1A8D7D70000

heap

page read and write

67685FD000

stack

page read and write

6767F7E000

stack

page read and write

676877C000

stack

page read and write

6767E7B000

stack

page read and write

1A8D7E13000

heap

page read and write

676827F000

stack

page read and write

6768A7C000

stack

page read and write

67682FC000

stack

page read and write

1A8D8602000

heap

page read and write

1A8D7EC9000

heap

page read and write

1A8D7D60000

heap

page read and write

67686FF000

stack

page read and write

1A8D7E97000

heap

page read and write

1A8D873E000

heap

page read and write

1A8D8700000

heap

page read and write

1A8D7F02000

heap

page read and write

1A8D7F13000

heap

page read and write

1A8D8718000

heap

page read and write

1A8D7E8A000

heap

page read and write

1A8D8743000

heap

page read and write

676897F000

stack

page read and write

1A8D7DD0000

heap

page read and write

1A8D8530000

trusted library allocation

page read and write

1A8D7EDA000

heap

page read and write

1A8D7ED2000

heap

page read and write

1A8D7E00000

heap

page read and write

676887C000

stack

page read and write

6767EFD000

stack

page read and write

1A8D7E3F000

heap

page read and write

There are 29 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

file:///C:/Users/user/Desktop/login.html

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
login.html

Processes

URLs

Domains

IPs

Memdumps

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportlogin.html

Processes

URLs

Domains

IPs

Memdumps

DOM / HTML

IOC Report
login.html