Edit tour

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/pExXCW6pv9Fwzo6Un3lpc?domain=urldefense.proofpoint.com&d=DwMGaQ

Overview

General Information

Sample URL:	https://url.us.m.mimecastprotect.com/s/pExXCW6pv9Fwzo6Un3lpc?domain=urldefense.proofpoint.com&d=DwMGaQ
Analysis ID:	1436903

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.us.m.mimecastprotect.com/s/pExXCW6pv9Fwzo6Un3lpc?domain=urldefense.proofpoint.com&d=DwMGaQ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4048 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1932,i,13222946815694215147,3963510380970151997,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.88.196.112:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.88.196.112:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49726 version: TLS 1.2

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.39.228.240
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.88.196.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	DNS traffic detected: DNS query: url.us.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: urldefense.proofpoint.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.88.196.112:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.88.196.112:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49726 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@15/11@8/106

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.us.m.mimecastprotect.com/s/pExXCW6pv9Fwzo6Un3lpc?domain=urldefense.proofpoint.com&d=DwMGaQ
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1932,i,13222946815694215147,3963510380970151997,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1932,i,13222946815694215147,3963510380970151997,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://url.us.m.mimecastprotect.com/s/pExXCW6pv9Fwzo6Un3lpc?domain=urldefense.proofpoint.com&d=DwMGaQ	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
url.us.m.mimecastprotect.com	0%	Virustotal		Browse
urldefense.com	2%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
url.us.m.mimecastprotect.com	205.139.111.113	true	false	0%, Virustotal, Browse	unknown
urldefense.com	52.71.28.102	true	false	2%, Virustotal, Browse	unknown
www.google.com	142.250.64.196	true	false		high
urldefense.proofpoint.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://urldefense.proofpoint.com/jblocked?u=https-3A__url.us.m.mimecastprotect.com_s_qJHQCPNglVsqLAYTzYB59-3Fdomain-3D1drv.ms&c=ppessentials_us_hosted&sig=lGtG461s3_b0uh-6MmbDjG7SpjtTSYo8RauU37cj-zA%3D	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.189.142	unknown	United States	15169	GOOGLEUS	false
142.250.189.131	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
52.71.28.102	urldefense.com	United States	14618	AMAZON-AESUS	false
142.250.64.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.165.195	unknown	United States	15169	GOOGLEUS	false
205.139.111.113	url.us.m.mimecastprotect.com	United States	30031	MIMECAST-US	false
142.250.97.84	unknown	United States	15169	GOOGLEUS	false
142.250.217.206	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1436903
Start date and time:	2024-05-06 18:26:42 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://url.us.m.mimecastprotect.com/s/pExXCW6pv9Fwzo6Un3lpc?domain=urldefense.proofpoint.com&d=DwMGaQ
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@15/11@8/106

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.165.195, 142.250.189.142, 142.250.97.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 6 15:27:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9862724931374163
Encrypted:	false
SSDEEP:
MD5:	8B1B1CD3601D9B97024A4B44F1B1BE2F
SHA1:	967B35347D41534EDC17AD20DC982FF62835AD23
SHA-256:	D12FAD55961AFD0293C847398D7ED1FBFBD0850D8B7B888D4B269A5D3211B410
SHA-512:	85688B5DDF2C263C7165783943B617CCF53DA2B562FA7AA886F0CD5E4EED671EE6F177D011E479E052078BAC363FF6CB491D7B5C66C29282AB93CD27D87D6BE3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....R^.?...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xe.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xe.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xe............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xf............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8z!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 6 15:27:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.001358231707335
Encrypted:	false
SSDEEP:
MD5:	253882A2C12F1BBC211668E376B486CB
SHA1:	3ACD898321AEAC7EE13249217C15A36071E1D6D5
SHA-256:	0C6BE209A01C5F79437DE77FA25737C74B4445067D5B7823E12E5F402726BA7A
SHA-512:	F8B869A928C8DDF049CE920D4B7801FF32901B74A636DF747B82A91D4B9DBF3B005B4219CCA7BA8B5A2276B71FFC7DFD59F9517F0A2FCC44CE0F9DE295A7140A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....a.>...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xe.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xe.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xe............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xf............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8z!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.010231632701448
Encrypted:	false
SSDEEP:
MD5:	54BDD9999640A190EBD227EDE1139C3E
SHA1:	A9A880ECB83EAC04F96B07625AC31EE7ED941906
SHA-256:	6F8F94228C645BC26A9384F4F62D80080C5DC2A2644494095365B1790BF1FA35
SHA-512:	9ED03AFDF05E602080747EC2EFD27BAE01966564ECDB4011497E429327B8B575B353FC7B69BAA12D6AEA5F81175615B2BF41F5D9F16635608ABDB5EA9E759522
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xe.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xe.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xe............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8z!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 6 15:27:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.001886132440248
Encrypted:	false
SSDEEP:
MD5:	3C478AFA8BAD7158DE15FBFE75FBB8ED
SHA1:	0887B88E7216472B3C2B65D00F10E840A9A67443
SHA-256:	F126919D6D6B0DEA85CCA6FDFE5A766B581E52103CF10AC39626468E341FDB1E
SHA-512:	597BFAA4F5DD70BD6DEB9E343BE4AD0EBC92350EA0934A73847906445B1A97633350F2F0CC74F5512FD10E89341E14F53D9F943F079006391A3EDCADE8788A67
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....@..>...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xe.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xe.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xe............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xf............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8z!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 6 15:27:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9845663560838944
Encrypted:	false
SSDEEP:
MD5:	538049154AFA364CDDD388A9BBB3DE0E
SHA1:	092670BE1E9442F52B95E3BD59A11C8F8F7EC986
SHA-256:	69A704B875E5383F245FC2C0E01D6C23971CA4A48ABA04B5BD39FC6C6C571E75
SHA-512:	4D022197CD823F634F173A5F5BBE24843094224B5F320381B11185A7E63664BF6A3B8F270EFE5B3423208ACE588197E95AE96BF6554212138BA55AAA57148904
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....EU.?...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xe.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xe.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xe............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xf............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8z!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 6 15:27:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.000014923364132
Encrypted:	false
SSDEEP:
MD5:	B97446AD814F29A962E586F529254EA5
SHA1:	3E5742544137150BDD5BE0801BAF3874D1EEBF7D
SHA-256:	7472DFD05C5F3187102810F1C368928472EF832249067EEE13B0B26DE25C41DF
SHA-512:	A7BCA1E0703D667642CE3CA910396671E958022A2A9AA61DDD7533CE0E8184864161654A8A625184FC4DC7F6FE86E506BEC247ECC020509A88EA6557BA7BCE77
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....X.>...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X[.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xe.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xe.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xe............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xf............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8z!......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2864
Entropy (8bit):	5.139585964425596
Encrypted:	false
SSDEEP:
MD5:	2FEC9CA2BE9C015E692928EB54429CA1
SHA1:	EAD795B071563A70FB00600551DDF1C7B2E2D07D
SHA-256:	080218E94B8FBE62AB1CBA4465CD549A03737E69C25F4FC375DA5AD9DC58DC35
SHA-512:	FA7DDE474AE3E0CBFA42E93C7D6836F66610D288FF02E9739BD7C749EDC9811CC9D34AE3D770E4F044C8BDE9C7F3D76C16CE68D3417F384BABEB2B82A85B2C29
Malicious:	false
Reputation:	unknown
URL:	https://urldefense.proofpoint.com/jasset/stylesheets/common.css
Preview:	html{..min-height:100%;..background:#0094bc;..background:-moz-linear-gradient(#0094bc, #3dd6ff);..background:-ms-linear-gradient(#0094bc, #3dd6ff 100%);..background:-webkit-gradient(linear, left top, left bottom, from(#0094bc), to(#3dd6ff));..background:-webkit-linear-gradient(#0094bc, #3dd6ff 100%);..background:-o-linear-gradient(#0094bc, #3dd6ff 100%);..filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='$background-gradient-start', endColorstr='$background-gradient-end');..-ms-filter:"progid:DXImageTransform.Microsoft.gradient(startColorstr='$background-gradient-start', endColorstr='$background-gradient-end')";..background:linear-gradient(#0094bc, #3dd6ff 100%).}.body{..font-family:arial, verdana, helvetica;font-size:12px.}...warningbox{..-moz-box-shadow:3px 3px 10px 3px #006c89;..-webkit-box-shadow:3px 3px 10px 3px #006c89;..box-shadow:3px 3px 10px 3px #006c89;..-webkit-border-top-left-radius:16px;..-moz-border-top-left-radius:16px;..border-top-left-radius:16px;..-webk

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4803
Entropy (8bit):	7.945415885603797
Encrypted:	false
SSDEEP:
MD5:	B69B8937C432C824243F1FF03FE4A169
SHA1:	CFF98ABE81FE41B5A2FAF269CB0F6859B616ED51
SHA-256:	8A552613C9B52A23149A7CEFE7C15C321E62162AED70E9A736E6C96BBB07BC5F
SHA-512:	75943C9F3728E8A7BB98D5C108C5F5B7982C3C18C559353B818A4BCE1EED8CD408B868964B853BAC42A8F3BC662AE242C91D344D1D53EC4F1048C4FA59AB2DAC
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...@...@......iq.....sRGB........}IDATx..y..U..?..~U..Z.'.t..:..$$!....DV.....[D...t.:.2...#g.....D..A.....9s...,.$!!Io.[u-..{w..u7.tc....v..._u.z.{......5...rX.._.....Z..._.".........._...n....&v.......(a.Rj......[.\|./.....nR6wk..@:SQA<Q.~:.H...Z./...Jw"1.N.o.........37N....3R).g.R.:)q..P....K....e.....X....\|.P..;._.p..]{>3..7....{U.....a4.%F...K&...Q...R..-_<o....].....Cj..'6.....:_....!.....1N.."..D.H..Q...L.\....t...o\|[z.7./..=.WO..Z5..t..!.X..2.B.......q5..5....../...2\|..s.y...o?..emF;R...MW.O.W....+.&...d.}.......x.A..a.a.>Z..g..t...{..m.......I..2.k<...Q.0..,\@../A....z.6\L.I.(..C..Q..j.d.(..1..o+..:...;:.WUVi,]N,o..(.B..khy.{q^.Q......}..;.BJ%<[.S%.KRQ[..:.N......-....kj.w.tu..iSD5@.E4.'..}.z....Y.8...5M.^...."!...).YS%.%...y.=..t.[........LoCbq,J..p...yT.x<.X.QT.V...u.O^.@G.%..z.j..>.m-.;.....4..6~&...)."U.A...\|.R@oI..!Q............JjW.!.La.%......i.2.'..}...6...`..?.V....[TJ%T.J..18...NX. ......."..0...E...I)....<

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (318)
Category:	downloaded
Size (bytes):	2042
Entropy (8bit):	4.52657188515219
Encrypted:	false
SSDEEP:
MD5:	E386D4C2A6EA5B9F21569333D8816E14
SHA1:	7210EF10CE7987B4578AC2F917022EB41408E862
SHA-256:	0CC01659526FFE05371AFDA792C691600DD94CB35E12F9646307F9201B481AB1
SHA-512:	D701817924606E8DE85ABCE49BB5453F0043617DE8072AB018FEDB91AFD103FC5E9F442EC617BE30D2874C5A3109135EAADD7D403BC67D29ABDEE5EB38C4A597
Malicious:	false
Reputation:	unknown
URL:	https://urldefense.proofpoint.com/jblocked?u=https-3A__url.us.m.mimecastprotect.com_s_qJHQCPNglVsqLAYTzYB59-3Fdomain-3D1drv.ms&c=ppessentials_us_hosted&sig=lGtG461s3_b0uh-6MmbDjG7SpjtTSYo8RauU37cj-zA%3D
Preview:	<!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8">. <meta name="viewport" content="width=694, user-scalable=no">. <title>Proofpoint Essentials Targeted Attack Protection</title>. <link href="/jasset/stylesheets/common.css" media="all" rel="stylesheet" type="text/css" />. <link href='/jasset/images/favicon.ico' rel='shortcut icon'>. </head>. <body>. <div class='warningbox shadow'>. <div class='en title' style="background-image:url('/jasset/images/warning.png')">Web Site Has Been Blocked!</div>. <div class='description'>. <p style="direction:ltr">The web page you are attempting to access has been classified as malicious. This classification is determined by direct analysis of the web page. Although an entire web site may be blocked as malicious, it is very common for a single page on a valid web site to be blocked.</p>. <p style="direction:ltr">Your organization has enabled this tec

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015 (Macintosh), datetime=2015:10:01 15:42:26], baseline, precision 8, 187x64, components 1
Category:	dropped
Size (bytes):	20820
Entropy (8bit):	6.115298643155388
Encrypted:	false
SSDEEP:
MD5:	2354AE0C3B30ED5A5A6CE13853946CDE
SHA1:	62A4EDF895F221D051B6B7509490F64721A15CCD
SHA-256:	C3161B65DA3DA019547FBC4072E5E7DA13C1FABCE048107019FEFC72DE02E21A
SHA-512:	D1E3E4D245B63E6FC771213229A4533E62817F845BCBAF2249FC1377F226447D003D1469F7BB584927CD8C833ACAD8A032D4B936971BEAF4A7FC6E03EB846986
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....,.,.....nPhotoshop 3.0.8BIM.......6..Z...%G.........>..20150924..?..150838-0700.....Print8BIM.%...........~..Q.,.........Exif..MM.*.............................b...........j.(...........1.....$...r.2...........i.................,.......,....Adobe Photoshop CC 2015 (Macintosh).2015:10:01 15:42:26.................................................`....2015:09:24 15:08:38...=.http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.4.0"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:xmpTPg="http://ns.adobe.com/xap/1.0/t/pg/" xmlns:xmpG="http://ns.adobe.com/xap/1.0/g/" xmlns:stDim="http://ns.adobe.com/xap/1.0/sType/Dimensions#" xmlns:dc="http://purl.org/dc/elements/1.1/" xm

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Category:	downloaded
Size (bytes):	894
Entropy (8bit):	4.344683701204062
Encrypted:	false
SSDEEP:
MD5:	F5C7F1AA9AEB0DFA465C2FC4B66D8837
SHA1:	F219EFD04FCA7AEC4395D2910861329C164C9E22
SHA-256:	111F2D2E3DE93DE285F0AAD6B78FCFB36BDB6D0EEF4CE75491FE586E631E0C4C
SHA-512:	C95B7CD68BA2712279A0F471C721F277B053175AAE5341D06EA354EA959B4A0371B2C962ED7B7A5CF0194823A93FD74A9C3B443F1EA718917F7A4B78E9D0213F
Malicious:	false
Reputation:	unknown
URL:	https://urldefense.proofpoint.com/jasset/images/favicon.ico
Preview:	..............h.......(....... ...........@......................9.3.3.3.3.3.3.3.3.3.3.3.3.9...N.............................Z.K.............................Z.K..........`...@...............Z.K........p............ ...........Z.K........`..........................Z.K..........`....................`.....Z.K...............................p...Z.K...............................p...Z.K..........`....................`.....Z.K........`..........................Z.K........p............ ...........Z.K..........`...@...............Z.K.............................Z.N.............................].....f..f..f..f..f..f..f..f..f..f..f..f..f..f.....ME..AR..\\..ta..10..\h..e$..li...L..S_..CA..DI..C:..ro..am..il

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://url.us.m.mimecastprotect.com/s/pExXCW6pv9Fwzo6Un3lpc?domain=urldefense.proofpoint.com&d=DwMGaQ

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 61

Chrome Cache Entry: 63

Chrome Cache Entry: 65

Static File Info

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/pExXCW6pv9Fwzo6Un3lpc?domain=urldefense.proofpoint.com&d=DwMGaQ