Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	4820
Target ID:	0
Parent PID:	5500
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	11:20:52
Date:	24/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2736
Target ID:	2
Parent PID:	4820
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	11:20:55
Date:	24/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi"

Details

Is windows:	true
Is dropped:	false
PID:	6480
Target ID:	3
Parent PID:	5500
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	11:20:58
Date:	24/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

https://d156bbbb-1260ad3a.snyderinvestigationteam.us/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js

172.233.96.139

https://062c5918-1260ad3a.snyderinvestigationteam.us/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1713950501293&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

172.233.96.139

https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fsnyderinvestigationteam.snyderinvestigationteam.us%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASKm6fPE-ha4TV_Wqo914ndL2cxcsbnZJaBVa5iVCZsnP4FRsYXjIy3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFWhrnSfjA87QGLce89zUTRsdGU6x6gd6pft5mpm4OhlleiTmR1UVmJZZ-FWUhrq6FhT6ORq7FWvnJWfmlfok5xnYGlgZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzga-y7NONf-8x3Hq_4dSorU9PKyt3MPHKDIr1C8_39svyyUyrSvA3MQ02KIkK9gn0TI3MjfUsiivNtNwgwAAA1&estsfed=1&uaid=9e9783738a104aa89f96653f0ac8bbe9&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f86c4eb0b-1260ad3a.snyderinvestigationteam.us.orgid.com

172.233.96.139

https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js

172.233.96.139

https://c5f200cd-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js

172.233.96.139

https://snyderinvestigationteam.snyderinvestigationteam.us/favicon.ico

172.233.96.139

https://signup.snyderinvestigationteam.us/signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us

https://d156bbbb-1260ad3a.snyderinvestigationteam.us/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css

172.233.96.139

https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js

172.233.96.139

https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js

172.233.96.139

https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx

https://snyderinvestigationteam.snyderinvestigationteam.us/1260ad3a5b3d49ddbff8affbd3065850/

172.233.96.139

https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg

172.233.96.139

https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

172.233.96.139

https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

172.233.96.139

https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js

172.233.96.139

https://signup.snyderinvestigationteam.us/favicon.ico

172.233.96.139

https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2

172.233.96.139

https://l1ve.snyderinvestigationteam.us/Me.htm?v=3

172.233.96.139

https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

172.233.96.139

There are 12 hidden URLs, click here to show them.

Domains

Name

Malicious

l1ve.snyderinvestigationteam.us

172.233.96.139

snyderinvestigationteam.snyderinvestigationteam.us

172.233.96.139

062c5918-1260ad3a.snyderinvestigationteam.us

172.233.96.139

signup.snyderinvestigationteam.us

172.233.96.139

www.google.com

142.250.101.103

86c4eb0b-1260ad3a.snyderinvestigationteam.us

172.233.96.139

c5f200cd-1260ad3a.snyderinvestigationteam.us

172.233.96.139

d156bbbb-1260ad3a.snyderinvestigationteam.us

172.233.96.139

5b3322f3-1260ad3a.snyderinvestigationteam.us

172.233.96.139

fp2e7a.wpc.phicdn.net

192.229.211.108

IPs

Domain

Country

Malicious

142.250.101.103

www.google.com

United States

239.255.255.250

unknown

Reserved

172.233.96.139

l1ve.snyderinvestigationteam.us

United States

192.168.2.4

unknown

DOM / HTML

URL

Malicious

https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

Details

Filename:	0.1.pages.html.dom
Url:	https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish54	Phishing

https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

Details

Filename:	1.2.pages.html.dom
Url:	https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish54	Phishing

https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

Details

Filename:	1.3.pages.html.dom
Url:	https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish54	Phishing

https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

Details

Filename:	1.5.pages.html.dom
Url:	https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish54	Phishing

https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx

Details

Filename:	3.6.pages.html.dom
Url:	https://signup.snyderinvestigationteam.us/signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi