Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\Desktop\Facebook.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 08:54:44 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Facebook.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 15:01:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Facebook.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 15:01:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Chrome Cache Entry: 102

ASCII text, with very long lines (6237)

downloaded

Chrome Cache Entry: 103

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3

downloaded

Chrome Cache Entry: 104

PNG image data, 189 x 177, 8-bit colormap, non-interlaced

dropped

Chrome Cache Entry: 105

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 423x640, components 3

dropped

Chrome Cache Entry: 106

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3

downloaded

Chrome Cache Entry: 107

ASCII text, with very long lines (7990)

downloaded

Chrome Cache Entry: 108

ASCII text, with very long lines (12336)

downloaded

Chrome Cache Entry: 109

ASCII text, with very long lines (19300)

downloaded

Chrome Cache Entry: 110

PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 111

PNG image data, 189 x 177, 8-bit colormap, non-interlaced

downloaded

Chrome Cache Entry: 112

ASCII text, with very long lines (6382)

downloaded

Chrome Cache Entry: 113

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3

dropped

Chrome Cache Entry: 114

ASCII text, with very long lines (10908)

downloaded

Chrome Cache Entry: 115

MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

dropped

Chrome Cache Entry: 116

ASCII text, with very long lines (18915)

downloaded

Chrome Cache Entry: 117

ASCII text, with very long lines (7068)

downloaded

Chrome Cache Entry: 118

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3

dropped

Chrome Cache Entry: 119

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x162, components 3

dropped

Chrome Cache Entry: 120

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3

downloaded

Chrome Cache Entry: 121

ASCII text, with very long lines (4260)

downloaded

Chrome Cache Entry: 122

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 450x720, components 3

dropped

Chrome Cache Entry: 123

ASCII text, with very long lines (45939)

downloaded

Chrome Cache Entry: 124

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 125

PNG image data, 192 x 192, 8-bit colormap, non-interlaced

downloaded

Chrome Cache Entry: 126

ASCII text, with very long lines (23916)

downloaded

Chrome Cache Entry: 127

PNG image data, 512 x 512, 8-bit colormap, non-interlaced

downloaded

Chrome Cache Entry: 128

PNG image data, 33 x 584, 8-bit colormap, non-interlaced

dropped

Chrome Cache Entry: 129

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 423x640, components 3

downloaded

Chrome Cache Entry: 130

PNG image data, 192 x 192, 8-bit colormap, non-interlaced

dropped

Chrome Cache Entry: 131

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3

downloaded

Chrome Cache Entry: 132

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x162, components 3

downloaded

Chrome Cache Entry: 133

PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced

dropped

Chrome Cache Entry: 134

ASCII text, with very long lines (19762)

downloaded

Chrome Cache Entry: 135

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3

downloaded

Chrome Cache Entry: 136

PNG image data, 512 x 512, 8-bit colormap, non-interlaced

dropped

Chrome Cache Entry: 137

ASCII text, with very long lines (2096)

downloaded

Chrome Cache Entry: 138

C source, ASCII text, with very long lines (8652)

downloaded

Chrome Cache Entry: 139

ASCII text, with very long lines (5046)

downloaded

Chrome Cache Entry: 140

ASCII text, with very long lines (32301)

downloaded

Chrome Cache Entry: 141

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x486, components 3

downloaded

Chrome Cache Entry: 142

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3

dropped

Chrome Cache Entry: 143

ASCII text, with very long lines (3367)

downloaded

Chrome Cache Entry: 144

PNG image data, 33 x 584, 8-bit colormap, non-interlaced

downloaded

Chrome Cache Entry: 145

MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

downloaded

Chrome Cache Entry: 146

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x486, components 3

dropped

Chrome Cache Entry: 147

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 423x640, components 3

dropped

Chrome Cache Entry: 148

ASCII text, with very long lines (17302)

downloaded

Chrome Cache Entry: 149

ASCII text, with very long lines (29912)

downloaded

Chrome Cache Entry: 150

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 423x640, components 3

downloaded

Chrome Cache Entry: 151

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3

dropped

Chrome Cache Entry: 152

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 450x720, components 3

downloaded

Chrome Cache Entry: 153

ASCII text, with very long lines (49230)

downloaded

Chrome Cache Entry: 154

ASCII text, with very long lines (10333)

downloaded

Chrome Cache Entry: 155

ASCII text, with very long lines (22510)

downloaded

Chrome Cache Entry: 156

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3

dropped

Chrome Cache Entry: 157

ASCII text, with very long lines (4563)

downloaded

Chrome Cache Entry: 158

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3

downloaded

Chrome Cache Entry: 159

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3

dropped

Chrome Cache Entry: 160

ASCII text, with very long lines (1130)

downloaded

There are 53 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	1148
Target ID:	0
Parent PID:	4408
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	17:01:18
Date:	26/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2356,i,12125854858765299221,15088975027911277017,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	5004
Target ID:	2
Parent PID:	1148
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2356,i,12125854858765299221,15088975027911277017,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	17:01:21
Date:	26/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.facebook.com/groups/191802104561301/media/videos"

Details

Is windows:	true
Is dropped:	false
PID:	6440
Target ID:	3
Parent PID:	4408
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.facebook.com/groups/191802104561301/media/videos"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	17:01:24
Date:	26/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.facebook.com/groups/191802104561301/media/videos

https://scontent-iad3-2.xx.fbcdn.net/v/t15.5256-10/336927474_3319882898322661_4683473465336529276_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=FZusoMbXGhIAX98kDRY&_nc_ht=scontent-iad3-2.xx&oh=00_AfC5TzcLvwR8E0KjfoFgi3aCTty4_u8EoD3w1Ox0pdfqcA&oe=6608C786

157.240.229.1

https://optout.aboutads.info/

unknown

https://www.facebook.com/ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2938

157.240.229.35

http://www.facebook.com/groups/191802104561301/media/videos

31.13.66.35

https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/mM84SfiWlvq.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3ijbW4/ys/l/en_US/nSQLiQbQffO.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/hJhMncL-mDP.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=d&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709

157.240.229.35

https://static.xx.fbcdn.net/rsrc.php/v3iN2w4/yH/l/en_US/wjOcH-I6_fe.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=8&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709

157.240.229.35

https://scontent-iad3-2.xx.fbcdn.net/v/t15.5256-10/346104329_565262735721643_9219658793372446428_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=8dZ_kGEmhDsAX85Ph0z&_nc_ht=scontent-iad3-2.xx&oh=00_AfDxscQOPmDUQooFxIs1EGi5CEM_0K2ynZxX2H8vrjD37A&oe=6607C420

157.240.229.1

https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/DeNyZD1Vj3q.png

31.13.66.19

https://www.internalfb.com/intern/invariant/

unknown

https://static.xx.fbcdn.net/rsrc.php/v3iQh04/yl/l/en_US/q9mE-dy1BQ8.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/ZMDmtP-j05B.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://scontent-iad3-1.xx.fbcdn.net/v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=c24.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBxa19PYuVvdAzvgqt5d38YFDOYSpZaMMH3nqGHT4ws5g&oe=662A8448

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3imd04/y_/l/en_US/s7gvP_bieRc.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://youradchoices.ca/

unknown

https://static.xx.fbcdn.net/rsrc.php/v3iRdI4/yf/l/en_US/o66RdpHoPFZ.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3/ys/r/wV1EPAsR05q.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://scontent-iad3-1.xx.fbcdn.net/v/t15.5256-10/422970684_1757890574713454_756376464245095654_n.jpg?stp=dst-jpg_s720x720&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=107UIiOzT7gAX9j_LK6&_nc_ht=scontent-iad3-1.xx&oh=00_AfA8LKV88KVnwDwmya6T7YZvMdgapnppWYhXAjPM03dWLg&oe=66074431

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3it4v4/y7/l/en_US/Yy3UvLlQ5s2.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3ib-74/yH/l/en_US/lJVPjox8GXT.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://www.youronlinechoices.com/

unknown

https://www.facebook.com/ajax/webstorage/process_keys/?state=1

157.240.229.35

https://fburl.com/comet_preloading

unknown

https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/0dhQxNDfACl.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3iMvG4/yi/l/en_US/J6PEW1zkdET0dw91vX2QqCV5bVta2J7S4uCHGMZIDGEITtg2YRX4wVhDYvatkvPhoO.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3idBq4/yP/l/en_US/AyyGpm6_fQg.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=9&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709

157.240.229.35

https://fburl.com/dialog-provider).

unknown

https://static.xx.fbcdn.net/rsrc.php/v3i03r4/yh/l/en_US/WBgVVoYHjyJBx2ohSxNfK51trd-z_zgkrcS1tiv9hBEZlfzIGzJRT-zkSMvWi-DAk6XYYhi4epUx2joFkVjeqNmCZ_uh8Ri8EqTv4ejvoijb302ZM4-qdc884u1lhyFxJ4dCTEvncaMuwhpc3MgCmCuvkpMttPnMfQyeNxsw_y3zVOBS5r1v89-9txa.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://support.google.com/chrome/answer/95647

unknown

https://scontent-iad3-1.xx.fbcdn.net/v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_s960x960&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBinJfMHk1TYrtMfoEdUzED7UOwvi3Z6zmQwkkYIyjuVA&oe=662A8448

31.13.66.19

https://scontent-iad3-1.xx.fbcdn.net/v/t15.5256-10/344291496_941761983774142_6714898198585150208_n.jpg?stp=dst-jpg_p480x480&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ps2qWAox_o4AX_5sAkd&_nc_ht=scontent-iad3-1.xx&oh=00_AfDXCbIngEl6nKLekpfKqO62PR1XH9A8fTO3UaT9JUiAyA&oe=66079A1F

31.13.66.19

https://scontent-iad3-1.xx.fbcdn.net/v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_fb50_s320x320&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfDC1FQNbzUTX09-0lc08NGwHIjdbNpDLEXCu4RbW3H_sw&oe=662A8448

31.13.66.19

https://scontent-iad3-1.xx.fbcdn.net/v/t15.5256-10/353948418_116757841451495_7051299819541577410_n.jpg?stp=dst-jpg_s640x640&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=0q-qhw2-qZMAX8CfBwF&_nc_ht=scontent-iad3-1.xx&oh=00_AfAbn_4msclyUHq3UB_aqHff34_4jm8NlN-qQ9r7ygS_eg&oe=66079D92

31.13.66.19

https://scontent-iad3-1.xx.fbcdn.net/v/t15.5256-10/344299204_778385596974975_3925581549886345862_n.jpg?stp=dst-jpg_p480x480&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=BRYczwzYVx8AX8OlnWr&_nc_ht=scontent-iad3-1.xx&oh=00_AfDrfzFfvjJJJOWg4dEIsmiTIicKbMynrBaxObxy1-qN6g&oe=6608378A

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/YOJay7eN_PK.png

31.13.66.19

https://www.facebook.com/data/manifest/

157.240.229.35

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=7&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709

157.240.229.35

https://www.facebook.com/groups/191802104561301/media/videos

https://fburl.com/wiki/m19zmtlh

unknown

https://static.xx.fbcdn.net/rsrc.php/v3iWd-4/yc/l/en_US/Yx7PwT2JwaP.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/yT/r/aGT3gskzWBf.ico

31.13.66.19

https://fburl.com/wiki/xrzohrqb

unknown

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=6&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709

157.240.229.35

https://static.xx.fbcdn.net/rsrc.php/v3/yQ/l/0,cross/3AyonyDMJju.css?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://scontent-iad3-1.xx.fbcdn.net/v/t15.5256-10/365868153_743671090857740_6406375155720795749_n.jpg?stp=dst-jpg_s640x640&_nc_cat=101&ccb=1-7&_nc_sid=5f2048&_nc_ohc=zDOwJGShkAYAX8DcVsw&_nc_ht=scontent-iad3-1.xx&oh=00_AfD8SREs1djMaWBCEsRKckYil_1mEPLUKv1FKPDO24gXKw&oe=660867B5

31.13.66.19

https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png

157.240.229.1

https://www.facebook.com/ajax/bulk-route-definitions/

157.240.229.35

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=a&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709

157.240.229.35

https://static.xx.fbcdn.net/rsrc.php/v3ivDB4/y6/l/en_US/LqVfMHTJ9_oMY3cWsxDsim6o4gQ-2xoQcC3aoXwX7mwI_CM1jY0vDUQEoYJkKWbHxzBQbCw57inkqSJQWbQFzxtGR4v5R_4lLcx1Rdzuzi16yg2P45ax7X-hYGc1wa-Oq19c8UFGgncWcrTOmPobANp9KHpDnYRWx5vjUQhP0HLNJLur35pXyNW5O2eLF_t-hPrgmOFx37sBU74Y3_eJMlvvhSHqcRl8uZh0wwKbKOFmYVL9vR980mk9ZOI-Ip55HfXW__mMMP-5hSGBbNbgFRlCsGN0FHzi95_wmB-51YxoStyBz2gE2pEQn4HVER6qmSdmQUrU48.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://scontent-iad3-2.xx.fbcdn.net/v/t15.5256-10/345408838_554868536720991_4473956762622793907_n.jpg?stp=dst-jpg_p480x480&_nc_cat=111&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Fka_uNor5akAX_5Vx0x&_nc_ht=scontent-iad3-2.xx&oh=00_AfBneEOE2bzNnHCq-ehBwWm6GeZ-CbH_6iWYmm36nrGn5g&oe=6607DB9F

157.240.229.1

https://static.xx.fbcdn.net/rsrc.php/v3i-LK4/yC/l/en_US/6Q0E-Aihmb8.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3iEI74/ys/l/en_US/RsYgUPkiI0GIOrr8Repg2I8YKvM40ckJTsYEcTr9k1uxj9xJniev-aE7Zc-ipmmdxVkEXcCWPrroV5wrZTyFmaOOfWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=b&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709

157.240.229.35

https://static.xx.fbcdn.net/rsrc.php/v3iNTg4/ys/l/en_US/R-iMvr77wdb.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=5&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709

157.240.229.35

https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/hLElYKzBG38.png

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/eFZD1KABzRA.png

31.13.66.19

https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/noD1oQJiCYY.js?_nc_x=Ij3Wp8lg5Kz

31.13.66.19

There are 53 hidden URLs, click here to show them.

Domains

Name

Malicious

star-mini.c10r.facebook.com

31.13.66.35

scontent.xx.fbcdn.net

157.240.229.1

Details

Name:	scontent.xx.fbcdn.net
IP:	157.240.229.1
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

video.xx.fbcdn.net

157.240.229.2

www.google.com

142.251.167.105

scontent-iad3-1.xx.fbcdn.net

31.13.66.19

Details

Name:	scontent-iad3-1.xx.fbcdn.net
IP:	31.13.66.19
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

scontent-iad3-2.xx.fbcdn.net

157.240.229.1

Details

Name:	scontent-iad3-2.xx.fbcdn.net
IP:	157.240.229.1
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

fp2e7a.wpc.phicdn.net

192.229.211.108

www.facebook.com

unknown

Details

Name:	www.facebook.com
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Found strings which match to known social media urls	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

static.xx.fbcdn.net

unknown

Details

Name:	static.xx.fbcdn.net
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

IPs

Domain

Country

Malicious

31.13.66.35

star-mini.c10r.facebook.com

Ireland

31.13.66.19

scontent-iad3-1.xx.fbcdn.net

Ireland

142.251.167.105

www.google.com

United States

157.240.229.35

unknown

United States

192.168.2.4

unknown

157.240.229.1

scontent.xx.fbcdn.net

United States

192.168.2.5

unknown

239.255.255.250

unknown

Reserved

127.0.0.1

unknown

DOM / HTML

URL

Malicious

https://www.facebook.com/groups/191802104561301/media/videos

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://www.facebook.com/groups/191802104561301/media/videos

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://www.facebook.com/groups/191802104561301/media/videos

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
http://www.facebook.com/groups/191802104561301/media/videos