Edit tour

Windows Analysis Report
http://videograbber.cc

Overview

General Information

Sample URL:	http://videograbber.cc
Analysis ID:	1279964

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://videograbber.cc/ MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 3108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1832,i,9314377844405182503,14667879858062192713,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 7592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3208 --field-trial-handle=1832,i,9314377844405182503,14667879858062192713,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 7600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1832,i,9314377844405182503,14667879858062192713,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

Snort Signatures

ET DNS Query for .cc TLD - Source IP: 192.168.2.3 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.31.1.1.165421532027758 07/26/23-11:01:03.538097
SID:	2027758
Source Port:	65421
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

ET DNS Query for .cc TLD - Source IP: 192.168.2.3 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.31.1.1.159991532027758 07/26/23-11:01:03.691681
SID:	2027758
Source Port:	59991
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

ET DNS Query to a *.top domain - Likely Hostile - Source IP: 192.168.2.3 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.31.1.1.149656532023883 07/26/23-11:02:07.537676
SID:	2023883
Source Port:	49656
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

ET DNS Query for .cc TLD - Source IP: 192.168.2.3 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.31.1.1.163525532027758 07/26/23-11:02:22.389787
SID:	2027758
Source Port:	63525
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

HTTP traffic detected: GET / HTTP/1.1Host: videograbber.ccConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.181.23:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.3:49830 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@41/295@78/439

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://videograbber.cc/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1832,i,9314377844405182503,14667879858062192713,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3208 --field-trial-handle=1832,i,9314377844405182503,14667879858062192713,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1832,i,9314377844405182503,14667879858062192713,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1832,i,9314377844405182503,14667879858062192713,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3208 --field-trial-handle=1832,i,9314377844405182503,14667879858062192713,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1832,i,9314377844405182503,14667879858062192713,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://videograbber.cc	1%	Virustotal		Browse
http://videograbber.cc	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://videograbber.cc/	0%	Avira URL Cloud	safe
https://videograbber.cc/	1%	Virustotal		Browse
https://c.adsco.re/#0.8036162523308397	1%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
1503693843.rsc.cdn77.org	195.181.175.41	true	false	unknown
qr-captcha.com	139.45.197.167	true	false	unknown
beacons-handoff.gcp.gvt2.com	142.251.143.35	true	false	unknown
mobile-gtalk.l.google.com	64.233.184.188	true	false	high
beacons6.gvt2.com	142.250.185.67	true	false	unknown
propeller-tracking.com	139.45.197.240	true	false	unknown
ddtvskish.com	139.45.197.250	true	false	unknown
6.adsco.re	104.17.167.186	true	false	unknown
displayvertising.com	216.59.56.9	true	false	unknown
mtwdmk9ic.com	62.122.171.6	true	false	unknown
www.google.com	142.250.186.132	true	false	high
wiyhtps22hgs.n4.adsco.re	38.132.109.186	true	false	unknown
wiyhtps22hgs.s4.adsco.re	185.200.116.90	true	false	unknown
datatechone.com	37.48.68.71	true	false	unknown
wiyhtps22hgs.l4.adsco.re	185.200.118.90	true	false	unknown
android.l.google.com	142.250.186.142	true	false	high
adsco.re	162.252.214.5	true	false	unknown
qe3lttfgf2fr.l4.adsco.re	185.200.118.90	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
accounts.google.com	142.250.185.173	true	false	high
videograbber.cc	104.21.42.234	true	false	unknown
4.adsco.re	162.252.214.5	true	false	unknown
ggbetapk.com	188.114.97.3	true	false	unknown
c.adsco.re	104.17.167.186	true	false	unknown
qe3lttfgf2fr.s4.adsco.re	185.200.116.90	true	false	unknown
amunfezanttor.com	139.45.197.250	true	false	unknown
graizoah.com	139.45.195.9	true	false	unknown
qe3lttfgf2fr.n4.adsco.re	38.132.109.186	true	false	unknown
datatechonert.com	139.45.195.253	true	false	unknown
e2c11.gcp.gvt2.com	34.129.38.245	true	false	unknown
my.rtmark.net	139.45.195.8	true	false	high
fuzakumpaks.com	139.45.197.245	true	false	unknown
flerap.com	139.45.195.254	true	false	unknown
tzegilo.com	104.21.22.245	true	false	unknown
fleraprt.com	139.45.195.254	true	false	unknown
y.jokekroako.com	172.64.166.17	true	false	unknown
clients.l.google.com	142.250.185.206	true	false	high
confirm.95urbehxy2dh.top	194.63.143.96	true	false	unknown
jokekroako.com	172.64.166.17	true	false	unknown
beacons.gcp.gvt2.com	unknown	unknown	false	unknown
clients2.google.com	unknown	unknown	false	high
ak.deephicy.net	unknown	unknown	false	unknown
beacons.gvt2.com	unknown	unknown	false	unknown
www.displayvertising.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
about:blank	false		low
https://videograbber.cc/download?url=lord+of+the+rings	false		unknown
https://c.adsco.re/#0.8036162523308397	false	1%, Virustotal, Browse	unknown
https://ggbetapk.com/	false		unknown
http://videograbber.cc/	false	Avira URL Cloud: safe	unknown
https://videograbber.cc/	false	1%, Virustotal, Browse	unknown
https://jokekroako.com/?s=707992860729020523&ssk=ded966bc6969a1fb6d1068a2f9d9cada&svar=1690362170&z=3004838&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb	false		unknown
https://ggbetapk.com/no-deposit-cash-bonus/&os_version=8.0.0&oaid=6d22ae6ced2d4680afeb12e5101faf36	false		unknown
https://ak.deephicy.net/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&os=windows&os_version=8.0.0	false		unknown
https://ggbetapk.com/download/	false		unknown
https://jokekroako.com/?s=707992561331216563&ssk=a5ecfdd652ebadc8546180e9a49c96aa&svar=1690362099&z=3004838&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb	false		unknown
https://ggbetapk.com/esports-betting/	false		unknown
https://jokekroako.com/?s=707992654943883845&ssk=c54e7edf8a24aebfed7c19a353771e47&svar=1690362122&z=3004838&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.200.116.90	wiyhtps22hgs.s4.adsco.re	United Kingdom	9009	M247GB	false
62.122.171.6	mtwdmk9ic.com	Czech Republic	50245	SERVEREL-ASNL	false
216.239.34.36	unknown	United States	15169	GOOGLEUS	false
104.21.42.234	videograbber.cc	United States	13335	CLOUDFLARENETUS	false
142.250.185.142	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.184.228	unknown	United States	15169	GOOGLEUS	false
142.250.186.74	unknown	United States	15169	GOOGLEUS	false
142.250.185.67	beacons6.gvt2.com	United States	15169	GOOGLEUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	true
216.58.206.40	unknown	United States	15169	GOOGLEUS	false
37.48.68.71	datatechone.com	Netherlands	60781	LEASEWEB-NL-AMS-01NetherlandsNL	false
172.217.18.3	unknown	United States	15169	GOOGLEUS	false
34.129.38.245	e2c11.gcp.gvt2.com	United States	2686	ATGS-MMD-ASUS	false
64.233.184.188	mobile-gtalk.l.google.com	United States	15169	GOOGLEUS	false
216.59.56.9	displayvertising.com	United States	53334	TUT-ASUS	false
104.17.166.186	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	ggbetapk.com	European Union	13335	CLOUDFLARENETUS	false
142.250.186.142	android.l.google.com	United States	15169	GOOGLEUS	false
195.181.175.41	1503693843.rsc.cdn77.org	United Kingdom	60068	CDN77GB	false
104.17.167.186	6.adsco.re	United States	13335	CLOUDFLARENETUS	false
142.250.185.206	clients.l.google.com	United States	15169	GOOGLEUS	false
185.200.118.90	wiyhtps22hgs.l4.adsco.re	United Kingdom	9009	M247GB	false
172.64.166.17	y.jokekroako.com	United States	13335	CLOUDFLARENETUS	false
139.45.195.8	my.rtmark.net	Netherlands	9002	RETN-ASEU	false
162.252.214.5	adsco.re	United States	53334	TUT-ASUS	false
139.45.197.250	ddtvskish.com	Netherlands	9002	RETN-ASEU	false
139.45.195.9	graizoah.com	Netherlands	9002	RETN-ASEU	false
216.239.32.36	unknown	United States	15169	GOOGLEUS	false
142.250.185.202	unknown	United States	15169	GOOGLEUS	false
194.63.143.96	confirm.95urbehxy2dh.top	Russian Federation	50113	SUPERSERVERSDATACENTERRU	false
104.21.22.245	tzegilo.com	United States	13335	CLOUDFLARENETUS	false
172.217.18.99	unknown	United States	15169	GOOGLEUS	false
95.101.54.210	unknown	European Union	34164	AKAMAI-LONGB	false
142.250.184.200	unknown	United States	15169	GOOGLEUS	false
142.250.186.99	unknown	United States	15169	GOOGLEUS	false
142.250.184.202	unknown	United States	15169	GOOGLEUS	false
9.9.9.9	unknown	United States	19281	QUAD9-AS-1US	false
38.132.109.186	wiyhtps22hgs.n4.adsco.re	United States	9009	M247GB	false
172.67.211.60	unknown	United States	13335	CLOUDFLARENETUS	false
139.45.197.240	propeller-tracking.com	Netherlands	9002	RETN-ASEU	false
139.45.197.245	fuzakumpaks.com	Netherlands	9002	RETN-ASEU	false
139.45.195.253	datatechonert.com	Netherlands	9002	RETN-ASEU	false
139.45.195.254	flerap.com	Netherlands	9002	RETN-ASEU	false
139.45.197.167	qr-captcha.com	Netherlands	9002	RETN-ASEU	false
142.250.185.173	accounts.google.com	United States	15169	GOOGLEUS	false
142.251.143.35	beacons-handoff.gcp.gvt2.com	United States	15169	GOOGLEUS	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
142.250.186.164	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.3

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1279964
Start date and time:	2023-07-26 11:00:35 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://videograbber.cc
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@41/295@78/439

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 142.250.184.200, 34.104.35.123, 142.250.184.202, 142.250.184.195, 142.250.186.99, 142.250.185.202, 142.250.185.106, 172.217.16.138, 142.250.185.170, 142.250.186.106, 142.250.186.74, 172.217.16.202, 142.250.186.170, 142.250.185.234, 142.250.185.74, 216.58.206.42, 172.217.18.106, 142.250.181.234, 142.250.185.138, 142.250.184.234, 142.250.186.142, 216.239.34.36, 216.239.32.36
Excluded domains from analysis (whitelisted): fonts.googleapis.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, login.live.com, slscr.update.microsoft.com, www.googletagmanager.com, fonts.gstatic.com, clientservices.googleapis.com, region1.google-analytics.com, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://videograbber.cc/

Source: https://c.adsco.re/#0.8036162523308397	HTTP Parser: No favicon
Source: https://jokekroako.com/?s=707992561331216563&ssk=a5ecfdd652ebadc8546180e9a49c96aa&svar=1690362099&z=3004838&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb	HTTP Parser: No favicon
Source: https://jokekroako.com/?s=707992561331216563&ssk=a5ecfdd652ebadc8546180e9a49c96aa&svar=1690362099&z=3004838&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb	HTTP Parser: No favicon
Source: https://jokekroako.com/?s=707992654943883845&ssk=c54e7edf8a24aebfed7c19a353771e47&svar=1690362122&z=3004838&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb	HTTP Parser: No favicon
Source: https://ak.deephicy.net/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&os=windows&os_version=8.0.0	HTTP Parser: No favicon
Source: https://jokekroako.com/?s=707992860729020523&ssk=ded966bc6969a1fb6d1068a2f9d9cada&svar=1690362170&z=3004838&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb	HTTP Parser: No favicon

Source: Traffic	Snort IDS: 2027758 ET DNS Query for .cc TLD 192.168.2.3:65421 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2027758 ET DNS Query for .cc TLD 192.168.2.3:59991 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.3:49656 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2027758 ET DNS Query for .cc TLD 192.168.2.3:63525 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.23
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.179

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	17049
Entropy (8bit):	4.3822809477459534
Encrypted:	false
SSDEEP:
MD5:	E3DE2F8668EF5DBE82E1C2415BFDB790
SHA1:	02F81CE510801467950E56D39C19767AC7AD36C7
SHA-256:	11CF94AA9A2A5AC79515D0989E3D23490A994344A32BD21FF631D10E69933FFF
SHA-512:	559F5686AD01F804B3A20B674F70406FAEFB5D2BAE719922290BC82068CCDAD0F568892FF8EA1A628D73EC2DDCB70DC24BA2134C68EA70D226B43EC35B371C80
Malicious:	false
Reputation:	low
URL:	https://videograbber.cc/assets/css/responsive.css
Preview:	@media screen and (max-width:1500px) {.. .tabs-switcher {.. bottom: 0;.. }.... .home-carousel {.. padding: 120px 0;.. }.... .custom-width {.. width: 1170px;.. }.... .pricing-tables .price {.. width: 180px;.. font-size: 16px;.. }.... .img-section .text::after {.. right: 212px;.. }..}....@media screen and (max-width:1400px) {.. .home-title h2 {.. font-size: 47px;.. }.... .aligment-for-home {.. position: relative;.. left: 80px;.. }.... .home-carousel img.img-responsive {.. margin-left: 0;.. }.... nav.bootsnav .megamenu-content {.. width: 80% !important;.. }.... .custom-width {.. width: auto;.. padding: 0 50px;.. }.... .img-section.custom-width {.. width: 1200px;.. padding: 0;.. margin-right: auto;.. margin-left: auto;.. }.... .features-two .main-title {.. width: auto;.. }.... .home-carousel

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1238)
Category:	downloaded
Size (bytes):	1239
Entropy (8bit):	5.068464054671174
Encrypted:	false
SSDEEP:
MD5:	9E8F56E8E1806253BA01A95CFC3D392C
SHA1:	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
SHA-256:	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
SHA-512:	63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
Malicious:	false
Reputation:	low
URL:	https://ggbetapk.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Preview:	!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,""")+'"></a>',d.childNodes[0].getAttribute("href")\|\|""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (10669), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	39228
Entropy (8bit):	5.602566145001835
Encrypted:	false
SSDEEP:
MD5:	15641E8C12723EABF354D9E52B9DA689
SHA1:	2C37D513FDF5AC198A01719EC31347EA51E69EF6
SHA-256:	221E40DDE022FE689E8C6719D138A51C69BDC6AEBAB609362F60C56AE1F046F8
SHA-512:	8DC4F0233EF5E52C977E761665D9A890609CEE12790C900A0147620D291D01F80B20FF3FF3D55DE884BC7F42B1BCE0340DF26D9035B027D325021E277709B731
Malicious:	false
Reputation:	low
URL:	https://jokekroako.com/?s=707992561331216563&ssk=a5ecfdd652ebadc8546180e9a49c96aa&svar=1690362099&z=3004838&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Preview:	.<!DOCTYPE html>.<html>.<head>.<meta charset="UTF-8">.<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no">.<meta http-equiv="X-UA-Compatible" content="ie=edge">.<meta name="google" content="notranslate">.<script>. function getCookie(name) {. let cookie = {};.. document.cookie.split(';').forEach((e) => {. let [key, value] = e.split('=');. cookie[key.trim()] = value;. }).. return cookie[name];. }.</script>.<script>. function rtrDebugLog() { }. </script>.<script>. . . let originalOaidValue = '303a4ce7099fd865945e7af5652bb774';. const cookieOAID = getCookie('OAID');. let syncedOaidValue = cookieOAID ? cookieOAID :'303a4ce7099fd865945e7af5652bb774';. let isOaidSyncFinished = false;. let isMarkerUpdatedOaid = false;.. function getGid() {. rtrDebugLog('[getGID] Start...');.. return new Promise((resolve, reject) => {. try {. const oaidRegexp = /^([0-9a-z]{32

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14239), with no line terminators
Category:	downloaded
Size (bytes):	14239
Entropy (8bit):	5.33042281088163
Encrypted:	false
SSDEEP:
MD5:	70B4897108480DBE11C443C2AB7679C9
SHA1:	70DBFD38A0F1FC3B1A7D9FADAB58786484C34F17
SHA-256:	F268612BA59EAD1B24353BB77D66783BCC435AFF1C22BE5F93C40BAC3869968E
SHA-512:	466084FA711D299E394E96C2260BD8BDF103CF75DA8869934C997A19FC884D6DDFA2E92CE253533A4A0C5D627D580E9A40EFB7155F1C8C0E9FBD3A2C3A06C2AE
Malicious:	false
Reputation:	low
URL:	https://videograbber.cc/assets/js/aos.js
Preview:	!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.AOS=t():e.AOS=t()}(this,function(){return function(e){function t(o){if(n[o])return n[o].exports;var i=n[o]={exports:{},id:o,loaded:!1};return e[o].call(i.exports,i,i.exports,t),i.loaded=!0,i.exports}var n={};return t.m=e,t.c=n,t.p="dist/",t(0)}([function(e,t,n){"use strict";function o(e){return e&&e.__esModule?e:{default:e}}var i=Object.assign\|\|function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)Object.prototype.hasOwnProperty.call(n,o)&&(e[o]=n[o])}return e},r=n(1),a=(o(r),n(6)),u=o(a),c=n(7),f=o(c),s=n(8),d=o(s),l=n(9),p=o(l),m=n(10),b=o(m),v=n(11),y=o(v),g=n(14),h=o(g),w=[],k=!1,x=document.all&&!window.atob,j={offset:120,delay:0,easing:"ease",duration:400,disable:!1,once:!1,startEvent:"DOMContentLoaded",throttleDelay:99,debounceDelay:50,disableMutationObserver:!1},O=function(){var e=argum

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (10669), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	39228
Entropy (8bit):	5.6022781701917745
Encrypted:	false
SSDEEP:
MD5:	817036E77507115D5D77BEAFF078CD88
SHA1:	D5C540E201A8DE5404CC7E13B50F7989E6A7AD23
SHA-256:	D7B634726F235BF12E6A0F575CA0B38433F638B2476C5A334CAC1418509FD228
SHA-512:	B85A1BE8F718F30C5A9921A67EB94D7FA0E8415A410B8F71F2FBE718CD40DFECF90B8BC82A4D035F4C2F06C9F7DB9294AAA787647FE6AB041FB224671A372E75
Malicious:	false
Reputation:	low
URL:	https://jokekroako.com/?s=707992654943883845&ssk=c54e7edf8a24aebfed7c19a353771e47&svar=1690362122&z=3004838&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Preview:	.<!DOCTYPE html>.<html>.<head>.<meta charset="UTF-8">.<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no">.<meta http-equiv="X-UA-Compatible" content="ie=edge">.<meta name="google" content="notranslate">.<script>. function getCookie(name) {. let cookie = {};.. document.cookie.split(';').forEach((e) => {. let [key, value] = e.split('=');. cookie[key.trim()] = value;. }).. return cookie[name];. }.</script>.<script>. function rtrDebugLog() { }. </script>.<script>. . . let originalOaidValue = '6d22ae6ced2d4680afeb12e5101faf36';. const cookieOAID = getCookie('OAID');. let syncedOaidValue = cookieOAID ? cookieOAID :'6d22ae6ced2d4680afeb12e5101faf36';. let isOaidSyncFinished = false;. let isMarkerUpdatedOaid = false;.. function getGid() {. rtrDebugLog('[getGID] Start...');.. return new Promise((resolve, reject) => {. try {. const oaidRegexp = /^([0-9a-z]{32

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://videograbber.cc

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 249

Chrome Cache Entry: 251

Chrome Cache Entry: 253

Chrome Cache Entry: 254

Chrome Cache Entry: 256

Chrome Cache Entry: 257

Chrome Cache Entry: 258

Chrome Cache Entry: 259

Chrome Cache Entry: 260

Chrome Cache Entry: 262

Chrome Cache Entry: 263

Chrome Cache Entry: 264

Chrome Cache Entry: 265

Chrome Cache Entry: 267

Chrome Cache Entry: 268

Chrome Cache Entry: 269

Chrome Cache Entry: 274

Chrome Cache Entry: 277

Chrome Cache Entry: 279

Chrome Cache Entry: 280

Chrome Cache Entry: 281

Chrome Cache Entry: 282

Chrome Cache Entry: 285

Chrome Cache Entry: 286

Chrome Cache Entry: 288

Chrome Cache Entry: 289

Chrome Cache Entry: 290

Chrome Cache Entry: 291

Chrome Cache Entry: 292

Chrome Cache Entry: 295

Chrome Cache Entry: 296

Chrome Cache Entry: 298

Chrome Cache Entry: 300

Chrome Cache Entry: 301

Chrome Cache Entry: 302

Chrome Cache Entry: 303

Chrome Cache Entry: 304

Chrome Cache Entry: 305

Chrome Cache Entry: 307

Chrome Cache Entry: 309

Windows Analysis Report
http://videograbber.cc