Edit tour

Windows Analysis Report
https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login

Overview

General Information

Sample URL:	https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login
Analysis ID:	1355094
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Creates files inside the system directory

Program does not show much activity (idle)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4432 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,3439788408382844397,3715083207217335801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6396 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• AV Detection
• Phishing
• Networking
• System Summary
• Malware Analysis System Evasion
• Anti Debugging

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://www.techniel.fr	Avira URL Cloud: Label: phishing
Source: https://www.officences.com	Avira URL Cloud: Label: phishing
Source: https://www.prizewings.com	Avira URL Cloud: Label: phishing
Source: https://www.templateau.com	Avira URL Cloud: Label: phishing
Source: https://www.financerta.es	Avira URL Cloud: Label: phishing
Source: https://www.prizeably.it	Avira URL Cloud: Label: phishing
Source: https://www.securembly.org	Avira URL Cloud: Label: phishing
Source: https://www.doctorican.es	Avira URL Cloud: Label: phishing
Source: https://www.prizeably.com	Avira URL Cloud: Label: phishing
Source: https://www.resetts.org	Avira URL Cloud: Label: phishing
Source: https://www.techniel.es	Avira URL Cloud: Label: phishing
Source: https://www.techidal.fr	Avira URL Cloud: Label: phishing
Source: https://www.doctorican.de	Avira URL Cloud: Label: phishing
Source: https://www.financerta.org	Avira URL Cloud: Label: phishing
Source: https://www.supportres.de	Avira URL Cloud: Label: phishing
Source: https://www.doctrings.it	Avira URL Cloud: Label: phishing
Source: https://www.financerta.de	Avira URL Cloud: Label: phishing
Source: https://www.financerts.org	Avira URL Cloud: Label: phishing
Source: https://www.doctrical.com	Avira URL Cloud: Label: phishing
Source: https://www.supportres.fr	Avira URL Cloud: Label: phishing
Source: https://www.securembly.it	Avira URL Cloud: Label: phishing
Source: https://www.doctorican.fr	Avira URL Cloud: Label: phishing
Source: https://www.prizemons.com	Avira URL Cloud: Label: phishing
Source: https://www.supportres.es	Avira URL Cloud: Label: phishing
Source: https://www.techidal.com	Avira URL Cloud: Label: phishing
Source: https://www.techidal.de	Avira URL Cloud: Label: phishing
Source: https://www.hrsupportint.com	Avira URL Cloud: Label: phishing
Source: https://www.doctorican.it	Avira URL Cloud: Label: phishing
Source: https://www.resetts.fr	Avira URL Cloud: Label: phishing
Source: https://www.banknown.es	Avira URL Cloud: Label: phishing
Source: https://www.financerts.com	Avira URL Cloud: Label: phishing
Source: https://www.doctrings.de	Avira URL Cloud: Label: phishing
Source: https://www.doctrical.fr	Avira URL Cloud: Label: phishing
Source: https://www.banknown.org	Avira URL Cloud: Label: phishing
Source: https://www.officentry.com	Avira URL Cloud: Label: phishing
Source: https://www.templatern.com	Avira URL Cloud: Label: phishing
Source: https://www.resetts.es	Avira URL Cloud: Label: phishing
Source: https://www.doctrings.es	Avira URL Cloud: Label: phishing
Source: https://www.banknown.fr	Avira URL Cloud: Label: phishing
Source: https://www.sharession.com	Avira URL Cloud: Label: phishing
Source: https://www.financerta.com	Avira URL Cloud: Label: phishing
Source: https://www.mcsharepoint.com	Avira URL Cloud: Label: phishing
Source: https://www.doctrical.es	Avira URL Cloud: Label: phishing
Source: https://www.templatent.com	Avira URL Cloud: Label: phishing
Source: https://www.banknown.de	Avira URL Cloud: Label: phishing
Source: https://www.techidal.it	Avira URL Cloud: Label: phishing
Source: https://www.doctrings.org	Avira URL Cloud: Label: phishing
Source: https://www.officenced.com	Avira URL Cloud: Label: phishing
Source: https://www.techniel.de	Avira URL Cloud: Label: phishing
Source: https://www.doctrings.fr	Avira URL Cloud: Label: phishing
Source: https://www.resetts.de	Avira URL Cloud: Label: phishing
Source: https://www.salarytoolint.net	Avira URL Cloud: Label: phishing
Source: https://www.doctrical.de	Avira URL Cloud: Label: phishing
Source: https://www.financerts.it	Avira URL Cloud: Label: phishing
Source: https://www.supportres.it	Avira URL Cloud: Label: phishing
Source: https://www.bankmenia.org	Avira URL Cloud: Label: phishing
Source: https://www.passwordle.org	Avira URL Cloud: Label: phishing
Source: https://www.mesharepoint.com	Avira URL Cloud: Label: phishing
Source: https://www.securetta.it	Avira URL Cloud: Label: phishing
Source: https://www.salarytoolint.com	Avira URL Cloud: Label: phishing
Source: https://www.payrolltooling.com	Avira URL Cloud: Label: phishing
Source: https://www.hardwarecheck.net	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for domain / URL

Source: https://www.templateau.com	Virustotal: Detection: 7%	Perma Link
Source: https://www.officences.com	Virustotal: Detection: 11%	Perma Link
Source: https://www.prizeably.it	Virustotal: Detection: 11%	Perma Link
Source: https://www.prizewings.com	Virustotal: Detection: 12%	Perma Link
Source: https://www.securembly.org	Virustotal: Detection: 14%	Perma Link
Source: https://www.financerta.org	Virustotal: Detection: 11%	Perma Link
Source: https://www.supportres.de	Virustotal: Detection: 5%	Perma Link
Source: https://www.doctrical.com	Virustotal: Detection: 5%	Perma Link
Source: https://www.doctorican.fr	Virustotal: Detection: 5%	Perma Link
Source: https://www.securembly.it	Virustotal: Detection: 11%	Perma Link
Source: https://www.hrsupportint.com	Virustotal: Detection: 5%	Perma Link
Source: https://www.doctorican.it	Virustotal: Detection: 5%	Perma Link
Source: https://www.financerts.com	Virustotal: Detection: 7%	Perma Link
Source: https://www.officentry.com	Virustotal: Detection: 13%	Perma Link

Multi AV Scanner detection for submitted file

Source: https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login

Virustotal: Detection: 6%

Perma Link

Source: https://www.officence.com/nam/Error	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide#simulations	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide#simulations	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide#main	HTTP Parser: No favicon
Source: https://learn.microsoft.com/pdf?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Ftoc.json%3Fview%3Do365-worldwide	HTTP Parser: No favicon
Source: https://www.microsoft.com/en-US/cloudskillschallenge/ignite/registration/2023?ocid=ignite23_CSC_bbanner_cnl	HTTP Parser: No favicon
Source: https://www.microsoft.com/en-US/cloudskillschallenge/ignite/registration/2023?ocid=ignite23_CSC_bbanner_cnl	HTTP Parser: No favicon

Source: chromecache_102.2.dr	String found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${l}" equals www.facebook.com (Facebook)
Source: chromecache_102.2.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${l}" equals www.linkedin.com (Linkedin)
Source: chromecache_102.2.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${encodeURIComponent(t)}&text=${encodeURIComponent(VC.replace("{credentialName}",e.title))}" equals www.linkedin.com (Linkedin)
Source: chromecache_102.2.dr	String found in binary or memory: </div>`,i};function n(s){if(s.parentElement?.classList.contains("is-active")){let i=s.getAttribute("id"),a=Number(s.dataset.totalItems),l=e.querySelector(".card-footer");t?.setAttribute("id",`${i}-card-content-container`);let c=Array.from(e.querySelectorAll(".is-expanded"));c.length!==0&&c.forEach(u=>u.classList.remove("is-expanded")),a>3?l\|\|t?.parentNode?.insertBefore(r(i\|\|""),t?.nextSibling):l&&l.remove()}}o.forEach(s=>{n(s),new MutationObserver(()=>{n(s)}).observe(s,{attributes:!0,attributeFilter:["aria-selected","tabindex"]})})}var z6e;function H6e(){let e=document.getElementById("share-to-linkedin-profile");e&&e.addEventListener("click",t=>{let o=t.currentTarget,r=JSON.parse(o.dataset.credential),n=document.createElement("div"),s=Ipt(r);x(s,n),z6e=new ge(n),z6e.show();let i=document.getElementById("share-to-feed-button"),a=document.getElementById("linkedin-feed-message"),l=new URL(decodeURI(i.getAttribute("href")));a.onchange=()=>{l.searchParams.set("text",a.value),i.setAttribute("href",l.toString())}})}function Ipt(e){let t=encodeURI(`https://${location.host}/api/credentials/share/${_.data.userLocale}/${w.userName}/${e?.credentialId}?sharingId=${w.sharingId}`),o=1035,r=i=>new Date(i).getFullYear(),n=i=>new Date(i).getMonth()+1,s=encodeURI(`https://www.linkedin.com/profile/add?startTask=CERTIFICATION_NAME&name=${e.title}&organizationId=${o}&issueYear=${r(e.awardedOn)}&issueMonth=${n(e.awardedOn)}&expirationYear=${e.expiresOn?r(e.expiresOn):""}&expirationMonth=${e.expiresOn?n(e.expiresOn):""}&certUrl=${t}&certId=${e.credentialId}&skills=${e.skills?`${e.skills.map(i=>encodeURIComponent(i)).join(",")}`:""}`);return d` equals www.linkedin.com (Linkedin)
Source: chromecache_102.2.dr	String found in binary or memory: `};function xet(e){let t=Array.from(e.querySelectorAll('iframe[src^="https://channel9.msdn.com/"]'));t.length&&t.forEach(o=>{let r=o.src.split("/"),n=r[r.length-2],s=`${DN}: ${n}`;o.title=o.title\|\|s})}function Tet(e){let t=Array.from(e.querySelectorAll('iframe[src^="https://www.youtube"]'));t.length&&t.forEach(o=>{let r=o.src.split("/").pop(),n=`${DN}: ${r}`;o.title=o.title\|\|n})}function wet(e){let t=[],o=[];window.addEventListener("beforeprint",()=>{Array.from(e.querySelectorAll(".embeddedvideo iframe")).forEach(n=>{if(n.offsetParent!==null){let s=n.src,i=document.createElement("a");i.href=s,i.target="_blank",i.text=s,n.parentElement.appendChild(i),n.hidden=!0,t.push(n),o.push(i)}})}),window.addEventListener("afterprint",()=>{t.forEach(r=>r.hidden=!1),o.forEach(r=>r.remove()),t=[],o=[]})}var Eet=e=>{let t=new URL(e);return t.protocol="https",t.host.localeCompare("channel9.msdn.com",void 0,{sensitivity:"base"})===0?t.searchParams.set("nocookie","true"):(t.host.localeCompare("youtube.com",void 0,{sensitivity:"base"})===0\|\|t.host.localeCompare("www.youtube.com",void 0,{sensitivity:"base"})===0)&&(t.host="www.youtube-nocookie.com"),t.href};function QL(e){Tet(e),xet(e),wet(e)}var qNe=(e,t)=>{let o=t\|\|Au;return d`<div class="embeddedvideo"> equals www.youtube.com (Youtube)
Source: chromecache_102.2.dr	String found in binary or memory: `)}`,y=encodeURIComponent(`https://${W.host}/api/achievements/share/${_.data.userLocale}/${w.userName}/${m.id}?sharingId=${w.sharingId}`),v=f==="badge"?"MSLearnBadge":f==="trophy"?"MSLearnTrophy":"";return{linkedIn:{href:`https://www.linkedin.com/feed/?shareUrl=${y}&shareActive=true&text=${b}`},email:{href:`mailto:?subject=${h}&body=${b}${y}`},twitter:{href:`https://twitter.com/share?url=${y}&text=${b}&hashtags=${v}`},facebook:{href:`https://www.facebook.com/sharer/sharer.php?u=${y}&quote=${b}&hashtag=${v}`},copy:{href:y}}}let p=d` equals www.facebook.com (Facebook)
Source: chromecache_102.2.dr	String found in binary or memory: `)}`,y=encodeURIComponent(`https://${W.host}/api/achievements/share/${_.data.userLocale}/${w.userName}/${m.id}?sharingId=${w.sharingId}`),v=f==="badge"?"MSLearnBadge":f==="trophy"?"MSLearnTrophy":"";return{linkedIn:{href:`https://www.linkedin.com/feed/?shareUrl=${y}&shareActive=true&text=${b}`},email:{href:`mailto:?subject=${h}&body=${b}${y}`},twitter:{href:`https://twitter.com/share?url=${y}&text=${b}&hashtags=${v}`},facebook:{href:`https://www.facebook.com/sharer/sharer.php?u=${y}&quote=${b}&hashtag=${v}`},copy:{href:y}}}let p=d` equals www.linkedin.com (Linkedin)
Source: chromecache_102.2.dr	String found in binary or memory: `)}`,y=encodeURIComponent(`https://${W.host}/api/achievements/share/${_.data.userLocale}/${w.userName}/${m.id}?sharingId=${w.sharingId}`),v=f==="badge"?"MSLearnBadge":f==="trophy"?"MSLearnTrophy":"";return{linkedIn:{href:`https://www.linkedin.com/feed/?shareUrl=${y}&shareActive=true&text=${b}`},email:{href:`mailto:?subject=${h}&body=${b}${y}`},twitter:{href:`https://twitter.com/share?url=${y}&text=${b}&hashtags=${v}`},facebook:{href:`https://www.facebook.com/sharer/sharer.php?u=${y}&quote=${b}&hashtag=${v}`},copy:{href:y}}}let p=d` equals www.twitter.com (Twitter)

Source: chromecache_122.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_137.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_130.2.dr	String found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWMpiv?ver=d9d3
Source: chromecache_102.2.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_102.2.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_102.2.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_102.2.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_96.2.dr, chromecache_136.2.dr	String found in binary or memory: http://schema.org/Organization
Source: chromecache_115.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_122.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_96.2.dr	String found in binary or memory: https://aka.ms/IgniteCSC/officialrules?ocid=ignite23_CSC_landingpage-web_cnl
Source: chromecache_102.2.dr	String found in binary or memory: https://aka.ms/certhelp
Source: chromecache_103.2.dr, chromecache_107.2.dr	String found in binary or memory: https://aka.ms/hacktogether/dotnet
Source: chromecache_102.2.dr	String found in binary or memory: https://aka.ms/ignitecsc?ocid=ignite23_CSC_bbanner_cnl
Source: chromecache_96.2.dr	String found in binary or memory: https://aka.ms/ignitecsc?ocid=ignite23_CSC_landingpage-web_cnl
Source: chromecache_103.2.dr, chromecache_107.2.dr	String found in binary or memory: https://aka.ms/ignitecsc?ocid=ignite23_CSC_sbanner1_cnl
Source: chromecache_102.2.dr	String found in binary or memory: https://aka.ms/pshelpmechoose
Source: chromecache_96.2.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_136.2.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/0a2fc935-5977-4aa6-9f55-0be03bd2acb8
Source: chromecache_136.2.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/131ba09e-4280-4ae7-8622-1f9f1c0daad1
Source: chromecache_136.2.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/1af30562-083a-42e2-aad4-17ae29f4ad72
Source: chromecache_136.2.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/1dd701e0-441f-4b0a-9806-aa47decc4e35
Source: chromecache_136.2.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/609dad7f-61d2-4958-9386-e6e4bb38d61e
Source: chromecache_136.2.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/6ab06385-661e-4214-8870-bbe4071c960d
Source: chromecache_102.2.dr	String found in binary or memory: https://channel9.msdn.com/
Source: chromecache_100.2.dr, chromecache_101.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_102.2.dr	String found in binary or memory: https://github.com/$
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/American-Dipper
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/Dansimp
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/Gopal-MSFT
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/JamesTran-MSFT
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/MicrosoftDocs/microsoft-365-docs-pr/blob/ad035b290acb9f8026430ec028e7c4c1e13545c3
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/MicrosoftDocs/microsoft-365-docs-pr/blob/live/microsoft-365/security/office-365-s
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/microsoft-365/security/office-365-se
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/MicrosoftDocs/microsoft-365-docs/issues
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/RatulaC
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/Ratulch
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/VipulMSFT
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/Zephyr-Koo
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/chrisda
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/denisebmsft
Source: chromecache_102.2.dr	String found in binary or memory: https://github.com/dotnet/try
Source: chromecache_102.2.dr	String found in binary or memory: https://github.com/jonschlinkert/is-plain-object
Source: chromecache_102.2.dr, chromecache_104.2.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/kasarma
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/richa-b23
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/stuartcl
Source: chromecache_100.2.dr, chromecache_101.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_101.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/v-mathavale
Source: chromecache_136.2.dr	String found in binary or memory: https://github.com/v-ratulach
Source: chromecache_96.2.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: chromecache_112.2.dr	String found in binary or memory: https://jqueryvalidation.org/
Source: chromecache_96.2.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/b/ai.2.min.js
Source: chromecache_96.2.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js
Source: chromecache_136.2.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Source: chromecache_102.2.dr	String found in binary or memory: https://labclient.labondemand.com
Source: chromecache_102.2.dr	String found in binary or memory: https://learn-video.azurefd.net/
Source: chromecache_102.2.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player
Source: chromecache_102.2.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player?id=235e7a95-82c6-4693-859f-2ab7597ab168&embedUrl=%2ftrain
Source: chromecache_102.2.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player?id=b7179148-9d19-41b1-ad18-fb7f0d1dad97&embedUrl=%2ftrain
Source: chromecache_96.2.dr	String found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0
Source: chromecache_102.2.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
Source: chromecache_102.2.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2017-0
Source: chromecache_102.2.dr	String found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
Source: chromecache_102.2.dr	String found in binary or memory: https://octokit.github.io/rest.js/#throttling
Source: chromecache_132.2.dr, chromecache_130.2.dr	String found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RWMhvB-enus?ver=c6e8
Source: chromecache_132.2.dr, chromecache_130.2.dr	String found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RWMhvB-tscriptenus?ve
Source: chromecache_136.2.dr	String found in binary or memory: https://protection.office.com/attacksimulator
Source: chromecache_102.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_136.2.dr	String found in binary or memory: https://support.google.com/chrome/a/answer/7532419
Source: chromecache_102.2.dr	String found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
Source: chromecache_102.2.dr	String found in binary or memory: https://twitter.com/share?url=$
Source: chromecache_96.2.dr	String found in binary or memory: https://westus3-1.in.applicationinsights.azure.com/
Source: chromecache_132.2.dr, chromecache_130.2.dr	String found in binary or memory: https://wus-streaming-video-rt-microsoft-com.akamaized.net/6c04acde-cecb-4598-b142-32510e2e3c87/2e41
Source: chromecache_130.2.dr	String found in binary or memory: https://wus-streaming-video-rt-microsoft-com.akamaized.net/9e3895a9-298b-486e-ab8a-88b9315558d7/2e41
Source: chromecache_136.2.dr	String found in binary or memory: https://www.attemplate.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.bankmenia.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.bankmenia.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.bankmenia.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.bankmenia.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.bankmenia.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.bankmenia.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.banknown.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.banknown.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.banknown.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.banknown.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.banknown.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.browsersch.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.browsersch.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.browsersch.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.browsersch.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.browsersch.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.browsersch.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.docdeliveryapp.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.docdeliveryapp.net
Source: chromecache_136.2.dr	String found in binary or memory: https://www.docstoreinternal.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.docstoreinternal.net
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctorican.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctorican.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctorican.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctorican.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctorican.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrical.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrical.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrical.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrical.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrical.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrical.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctricant.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrings.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrings.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrings.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrings.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrings.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.doctrings.org
Source: chromecache_107.2.dr	String found in binary or memory: https://www.dotnetconf.net/?utm_source=dotnet
Source: chromecache_136.2.dr	String found in binary or memory: https://www.exportants.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.exportants.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.exportants.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.exportants.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.exportants.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.exportants.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerta.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerta.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerta.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerta.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerta.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerta.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerts.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerts.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerts.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerts.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerts.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.financerts.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.hardwarecheck.net
Source: chromecache_136.2.dr	String found in binary or memory: https://www.hrsupportint.com
Source: chromecache_102.2.dr	String found in binary or memory: https://www.linkedin.com/cws/share?url=$
Source: chromecache_102.2.dr	String found in binary or memory: https://www.linkedin.com/feed/?shareUrl=$
Source: chromecache_102.2.dr	String found in binary or memory: https://www.linkedin.com/profile/add?startTask=CERTIFICATION_NAME&name=$
Source: chromecache_136.2.dr	String found in binary or memory: https://www.mcsharepoint.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.mesharepoint.com
Source: chromecache_96.2.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayAddEditPaymentPage/
Source: chromecache_96.2.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayEditProfilePage/tab.profile
Source: chromecache_96.2.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountO
Source: chromecache_96.2.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountR
Source: chromecache_96.2.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayDownload
Source: chromecache_96.2.dr	String found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/wishlists?Wt.mc_id=wishlist_landingpage
Source: chromecache_136.2.dr	String found in binary or memory: https://www.officence.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.officenced.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.officences.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.officentry.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.officested.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.passwordle.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.passwordle.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.passwordle.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.passwordle.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.payrolltooling.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.payrolltooling.net
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizeably.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizeably.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizeably.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizeably.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizeably.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizeably.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizegiveaway.net
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizegives.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizemons.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizesforall.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizewel.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.prizewings.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.resetts.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.resetts.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.resetts.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.resetts.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.resetts.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.salarytoolint.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.salarytoolint.net
Source: chromecache_136.2.dr	String found in binary or memory: https://www.securembly.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.securembly.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.securembly.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.securembly.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.securembly.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.securembly.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.securetta.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.securetta.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.securetta.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.securetta.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.shareholds.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.sharepointen.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.sharepointin.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.sharepointle.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.sharesbyte.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.sharession.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.sharestion.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.supportin.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.supportin.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.supportin.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.supportin.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.supportres.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.supportres.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.supportres.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.supportres.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.supportres.org
Source: chromecache_136.2.dr	String found in binary or memory: https://www.techidal.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.techidal.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.techidal.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.techidal.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.techniel.de
Source: chromecache_136.2.dr	String found in binary or memory: https://www.techniel.es
Source: chromecache_136.2.dr	String found in binary or memory: https://www.techniel.fr
Source: chromecache_136.2.dr	String found in binary or memory: https://www.techniel.it
Source: chromecache_136.2.dr	String found in binary or memory: https://www.templateau.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.templatent.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.templatern.com
Source: chromecache_136.2.dr	String found in binary or memory: https://www.windocyte.com

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_4432_851933978

Jump to behavior

Source: classification engine

Classification label: mal72.win@23/66@0/37

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,3439788408382844397,3715083207217335801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,3439788408382844397,3715083207217335801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Run
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Run
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Run
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login	100%	Avira URL Cloud	phishing
https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login	7%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://www.techniel.fr	100%	Avira URL Cloud	phishing
https://www.officences.com	100%	Avira URL Cloud	phishing
https://www.prizewings.com	100%	Avira URL Cloud	phishing
https://www.templateau.com	100%	Avira URL Cloud	phishing
https://www.financerta.es	100%	Avira URL Cloud	phishing
https://www.prizeably.it	100%	Avira URL Cloud	phishing
https://www.securembly.org	100%	Avira URL Cloud	phishing
https://www.doctorican.es	100%	Avira URL Cloud	phishing
https://www.templateau.com	8%	Virustotal		Browse
https://www.prizeably.com	100%	Avira URL Cloud	phishing
https://www.officences.com	11%	Virustotal		Browse
https://www.prizeably.it	11%	Virustotal		Browse
https://www.prizewings.com	12%	Virustotal		Browse
https://www.financerta.es	1%	Virustotal		Browse
https://www.doctorican.es	1%	Virustotal		Browse
https://www.resetts.org	100%	Avira URL Cloud	phishing
https://www.prizeably.com	1%	Virustotal		Browse
http://polymer.github.io/AUTHORS.txt	0%	Avira URL Cloud	safe
https://www.techniel.es	100%	Avira URL Cloud	phishing
https://www.techniel.fr	1%	Virustotal		Browse
https://www.techidal.fr	100%	Avira URL Cloud	phishing
http://polymer.github.io/AUTHORS.txt	0%	Virustotal		Browse
https://www.doctorican.de	2%	Virustotal		Browse
https://www.securembly.org	14%	Virustotal		Browse
https://www.doctorican.de	100%	Avira URL Cloud	phishing
https://www.financerta.org	100%	Avira URL Cloud	phishing
https://www.supportres.de	100%	Avira URL Cloud	phishing
https://www.doctrings.it	100%	Avira URL Cloud	phishing
https://www.resetts.org	1%	Virustotal		Browse
https://www.financerta.org	11%	Virustotal		Browse
https://www.financerta.de	100%	Avira URL Cloud	phishing
https://www.financerts.org	100%	Avira URL Cloud	phishing
https://www.techidal.fr	1%	Virustotal		Browse
https://learn-video.azurefd.net/	0%	Avira URL Cloud	safe
https://www.supportres.de	6%	Virustotal		Browse
https://www.doctrical.com	100%	Avira URL Cloud	phishing
https://www.financerta.de	1%	Virustotal		Browse
https://www.doctrings.it	3%	Virustotal		Browse
https://www.supportres.fr	100%	Avira URL Cloud	phishing
https://www.techniel.es	3%	Virustotal		Browse
https://www.financerts.org	1%	Virustotal		Browse
https://www.dotnetconf.net/?utm_source=dotnet	0%	Avira URL Cloud	safe
https://www.doctrical.com	6%	Virustotal		Browse
http://polymer.github.io/PATENTS.txt	0%	Avira URL Cloud	safe
https://www.securembly.it	100%	Avira URL Cloud	phishing
https://www.doctorican.fr	100%	Avira URL Cloud	phishing
https://www.prizemons.com	100%	Avira URL Cloud	phishing
https://learn-video.azurefd.net/	0%	Virustotal		Browse
https://octokit.github.io/rest.js/#throttling	0%	Avira URL Cloud	safe
https://www.supportres.es	100%	Avira URL Cloud	phishing
https://www.supportres.fr	1%	Virustotal		Browse
https://www.techidal.com	100%	Avira URL Cloud	phishing
https://octokit.github.io/rest.js/#throttling	0%	Virustotal		Browse
https://www.prizemons.com	3%	Virustotal		Browse
https://www.supportres.es	1%	Virustotal		Browse
http://polymer.github.io/PATENTS.txt	0%	Virustotal		Browse
https://www.techidal.de	100%	Avira URL Cloud	phishing
https://www.hrsupportint.com	100%	Avira URL Cloud	phishing
https://www.techidal.com	1%	Virustotal		Browse
https://www.doctorican.fr	6%	Virustotal		Browse
https://www.doctorican.it	100%	Avira URL Cloud	phishing
https://www.securembly.it	11%	Virustotal		Browse
https://www.resetts.fr	100%	Avira URL Cloud	phishing
https://www.banknown.es	100%	Avira URL Cloud	phishing
https://www.financerts.com	100%	Avira URL Cloud	phishing
https://www.doctrings.de	100%	Avira URL Cloud	phishing
https://www.hrsupportint.com	6%	Virustotal		Browse
https://www.techidal.de	1%	Virustotal		Browse
https://www.doctrical.fr	100%	Avira URL Cloud	phishing
https://www.resetts.fr	2%	Virustotal		Browse
https://www.doctorican.it	6%	Virustotal		Browse
https://www.banknown.org	100%	Avira URL Cloud	phishing
https://www.banknown.es	1%	Virustotal		Browse
https://www.officentry.com	100%	Avira URL Cloud	phishing
https://www.templatern.com	100%	Avira URL Cloud	phishing
https://www.financerts.com	8%	Virustotal		Browse
https://www.resetts.es	100%	Avira URL Cloud	phishing
https://www.doctrings.de	1%	Virustotal		Browse
https://www.doctrings.es	100%	Avira URL Cloud	phishing
https://www.doctrical.fr	3%	Virustotal		Browse
https://www.banknown.org	1%	Virustotal		Browse
https://www.banknown.fr	100%	Avira URL Cloud	phishing
https://www.sharession.com	100%	Avira URL Cloud	phishing
http://polymer.github.io/CONTRIBUTORS.txt	0%	Avira URL Cloud	safe
https://www.financerta.com	100%	Avira URL Cloud	phishing
https://www.officentry.com	13%	Virustotal		Browse
https://www.mcsharepoint.com	100%	Avira URL Cloud	phishing
https://www.doctrical.es	100%	Avira URL Cloud	phishing
https://www.templatent.com	100%	Avira URL Cloud	phishing
https://www.banknown.de	100%	Avira URL Cloud	phishing
https://www.techidal.it	100%	Avira URL Cloud	phishing
https://www.doctrings.org	100%	Avira URL Cloud	phishing
https://www.officenced.com	100%	Avira URL Cloud	phishing
https://www.techniel.de	100%	Avira URL Cloud	phishing
https://www.doctrings.fr	100%	Avira URL Cloud	phishing
https://www.resetts.de	100%	Avira URL Cloud	phishing
https://www.salarytoolint.net	100%	Avira URL Cloud	phishing
https://www.doctrical.de	100%	Avira URL Cloud	phishing
https://www.financerts.it	100%	Avira URL Cloud	phishing
https://www.supportres.it	100%	Avira URL Cloud	phishing

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.officences.com	chromecache_136.2.dr	false	11%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.techniel.fr	chromecache_136.2.dr	true	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.financerta.es	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.templateau.com	chromecache_136.2.dr	false	8%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.prizewings.com	chromecache_136.2.dr	false	12%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.prizeably.it	chromecache_136.2.dr	false	11%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.securembly.org	chromecache_136.2.dr	false	14%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.linkedin.com/cws/share?url=$	chromecache_102.2.dr	false		high
https://authoring-docs-microsoft.poolparty.biz/devrel/1dd701e0-441f-4b0a-9806-aa47decc4e35	chromecache_136.2.dr	false		high
https://www.doctorican.es	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://github.com/richa-b23	chromecache_136.2.dr	false		high
https://www.prizeably.com	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.resetts.org	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js	chromecache_96.2.dr	false		high
http://polymer.github.io/AUTHORS.txt	chromecache_102.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://authoring-docs-microsoft.poolparty.biz/devrel/0a2fc935-5977-4aa6-9f55-0be03bd2acb8	chromecache_136.2.dr	false		high
https://www.techniel.es	chromecache_136.2.dr	false	3%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://www.opensource.org/licenses/mit-license.php	chromecache_122.2.dr	false		high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_101.2.dr	false		high
https://www.techidal.fr	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://labclient.labondemand.com	chromecache_102.2.dr	false		high
https://www.doctorican.de	chromecache_136.2.dr	false	2%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.financerta.org	chromecache_136.2.dr	false	11%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://aka.ms/pshelpmechoose	chromecache_102.2.dr	false		high
https://www.doctrings.it	chromecache_136.2.dr	false	3%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.supportres.de	chromecache_136.2.dr	false	6%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.financerta.de	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.financerts.org	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://learn-video.azurefd.net/	chromecache_102.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.doctrical.com	chromecache_136.2.dr	false	6%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.dotnetconf.net/?utm_source=dotnet	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/microsoft-365/security/office-365-se	chromecache_136.2.dr	false		high
https://www.supportres.fr	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://polymer.github.io/PATENTS.txt	chromecache_102.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/Ratulch	chromecache_136.2.dr	false		high
https://aka.ms/hacktogether/dotnet	chromecache_103.2.dr, chromecache_107.2.dr	false		high
https://schema.org	chromecache_102.2.dr	false		high
https://www.securembly.it	chromecache_136.2.dr	false	11%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.doctorican.fr	chromecache_136.2.dr	false	6%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.prizemons.com	chromecache_136.2.dr	false	3%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://octokit.github.io/rest.js/#throttling	chromecache_102.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.supportres.es	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.techidal.com	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://github.com/VipulMSFT	chromecache_136.2.dr	false		high
https://www.techidal.de	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://github.com/js-cookie/js-cookie	chromecache_102.2.dr, chromecache_104.2.dr	false		high
https://www.hrsupportint.com	chromecache_136.2.dr	false	6%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.doctorican.it	chromecache_136.2.dr	false	6%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.resetts.fr	chromecache_136.2.dr	false	2%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayDownload	chromecache_96.2.dr	false		high
https://www.banknown.es	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://github.com/v-mathavale	chromecache_136.2.dr	false		high
https://www.financerts.com	chromecache_136.2.dr	false	8%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.doctrings.de	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://github.com/JamesTran-MSFT	chromecache_136.2.dr	false		high
https://www.doctrical.fr	chromecache_136.2.dr	false	3%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://github.com/Zephyr-Koo	chromecache_136.2.dr	false		high
https://www.microsoftstore.com/store/msusa/en_US/DisplayEditProfilePage/tab.profile	chromecache_96.2.dr	false		high
https://www.banknown.org	chromecache_136.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://www.officentry.com	chromecache_136.2.dr	false	13%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://authoring-docs-microsoft.poolparty.biz/devrel/6ab06385-661e-4214-8870-bbe4071c960d	chromecache_136.2.dr	false		high
https://www.templatern.com	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.resetts.es	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.doctrings.es	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://github.com/RatulaC	chromecache_136.2.dr	false		high
https://www.sharession.com	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.banknown.fr	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.financerta.com	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
http://polymer.github.io/CONTRIBUTORS.txt	chromecache_102.2.dr	false	Avira URL Cloud: safe	unknown
https://www.linkedin.com/profile/add?startTask=CERTIFICATION_NAME&name=$	chromecache_102.2.dr	false		high
https://www.mcsharepoint.com	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.doctrical.es	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.templatent.com	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://aka.ms/ignitecsc?ocid=ignite23_CSC_bbanner_cnl	chromecache_102.2.dr	false		high
https://www.banknown.de	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js	chromecache_136.2.dr	false		high
https://www.techidal.it	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.doctrings.org	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.officenced.com	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.techniel.de	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.doctrings.fr	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://getbootstrap.com/)	chromecache_100.2.dr, chromecache_101.2.dr	false		high
https://www.resetts.de	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.salarytoolint.net	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://aka.ms/yourcaliforniaprivacychoices	chromecache_96.2.dr	false		high
https://github.com/Gopal-MSFT	chromecache_136.2.dr	false		high
https://www.doctrical.de	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://github.com/denisebmsft	chromecache_136.2.dr	false		high
https://www.financerts.it	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://authoring-docs-microsoft.poolparty.biz/devrel/1af30562-083a-42e2-aad4-17ae29f4ad72	chromecache_136.2.dr	false		high
https://www.supportres.it	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.bankmenia.org	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.passwordle.org	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://github.com/jonschlinkert/is-plain-object	chromecache_102.2.dr	false		high
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2017-0	chromecache_102.2.dr	false		high
https://www.securetta.it	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.mesharepoint.com	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.salarytoolint.com	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.hardwarecheck.net	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown
https://www.payrolltooling.com	chromecache_136.2.dr	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
63.140.38.169	unknown	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
13.107.246.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
192.178.50.35	unknown	United States	15169	GOOGLEUS	false
184.31.50.39	unknown	United States	16625	AKAMAI-ASUS	false
104.94.110.183	unknown	United States	16625	AKAMAI-ASUS	false
2.16.169.242	unknown	European Union	34164	AKAMAI-LONGB	false
13.107.21.200	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.189.173.4	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
63.140.38.160	unknown	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
72.21.81.200	unknown	United States	15133	EDGECASTUS	false
184.28.165.191	unknown	United States	20940	AKAMAI-ASN1EU	false
52.182.141.63	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.38.150.4	unknown	United States	16625	AKAMAI-ASUS	false
172.217.15.196	unknown	United States	15169	GOOGLEUS	false
20.189.173.10	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.54.202.74	unknown	United States	16625	AKAMAI-ASUS	false
23.54.201.219	unknown	United States	16625	AKAMAI-ASUS	false
142.250.64.142	unknown	United States	15169	GOOGLEUS	false
13.107.213.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.189.173.18	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.221.212.210	unknown	United States	35994	AKAMAI-ASUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.150.130.241	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.2.205	unknown	United States	15169	GOOGLEUS	false
184.87.56.233	unknown	United States	16625	AKAMAI-ASUS	false
23.221.212.197	unknown	United States	35994	AKAMAI-ASUS	false
2.16.169.228	unknown	European Union	34164	AKAMAI-LONGB	false
63.140.38.113	unknown	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
20.14.121.192	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.217.206	unknown	United States	15169	GOOGLEUS	false
23.46.250.160	unknown	United States	16625	AKAMAI-ASUS	false
52.45.157.3	unknown	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.217.234	unknown	United States	15169	GOOGLEUS	false
23.221.212.200	unknown	United States	35994	AKAMAI-ASUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1355094
Start date and time:	2023-12-07 02:48:23 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.win@23/66@0/37
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide#simulations Browse: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide#main Browse: https://aka.ms/ignitecsc?ocid=ignite23_CSC_bbanner_cnl

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Skipping network analysis since amount of network traffic is too extensive

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65301), with CRLF line terminators
Category:	downloaded
Size (bytes):	162726
Entropy (8bit):	5.059959643576294
Encrypted:	false
SSDEEP:	1536:QtawT8if0W8DsEBpy0cuJBf2rIWn5gyVUpz600I4f3:QtawEyVUpz600I4f3
MD5:	B43DDE58FE773293F072902815449A2D
SHA1:	8EDB075AC78B6DCFBEDA4209683DA02F82EB79E8
SHA-256:	4A221530681185D5E32924C875D5FB9A1F486CE5D573041673BFE9E274BA0FFD
SHA-512:	6E3CC4C18E4801EEF50D5A05E4DBBD5AD30EDCDBD2ADDFC94D05EE00F5E75761D0A1E596ABDBE76AC987BFE1BB1BCC9017CC90B200B1CB0F1396348519FDA585
Malicious:	false
Reputation:	low
URL:	https://www.microsoft.com/cloudskillschallenge/lib/bootstrap/dist/css/bootstrap.min.css
Preview:	@charset "UTF-8";/!.. Bootstrap v5.1.0 (https://getbootstrap.com/).. * Copyright 2011-2021 The Bootstrap Authors.. * Copyright 2011-2021 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE).. */:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs-success-rgb:25,135,84;--bs-info-rgb:13,202,240;--bs-warning-rgb:255,193,7;--bs-danger-rgb:2

Target ID:	0
Start time:	02:49:11
Start date:	07/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	02:49:12
Start date:	07/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,3439788408382844397,3715083207217335801,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	02:49:14
Start date:	07/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46312), with CRLF line terminators
Category:	downloaded
Size (bytes):	2189955
Entropy (8bit):	5.5018865355911295
Encrypted:	false
SSDEEP:	49152:kEzHSaSB1DkCXW7OBzLRYjWcbS2BqAE0hCt:hPSB1DkCXWirt
MD5:	6C2B310E962BBF4AF35725BBACE8CA4F
SHA1:	EDA9B8EC3C09E64D0471C6AC5622D833509D2EF3
SHA-256:	B646BEDCFED187D972A89032F54B5412F571DE5B483C24C82A42F11AE38B9E57
SHA-512:	26BE3EE1EE1D6A9350F13D1825F49179D3621C569C1D032F4AA8AC825D96B0F51E2CAD6E0EFE64E7066EDA83083792EA3C43B104D6AFEE072DA342CB53B262F6
Malicious:	false
Reputation:	low
URL:	https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/6accbbea.index-docs.js
Preview:	"use strict";(()=>{var U3e=Object.create;var Tv=Object.defineProperty;var N4=Object.getOwnPropertyDescriptor;var z3e=Object.getOwnPropertyNames;var H3e=Object.getPrototypeOf,B3e=Object.prototype.hasOwnProperty;var G3e=(e,t,o)=>t in e?Tv(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Me=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports),V3e=(e,t)=>{for(var o in t)Tv(e,o,{get:t[o],enumerable:!0})},Y3e=(e,t,o,r)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let n of z3e(t))!B3e.call(e,n)&&n!==o&&Tv(e,n,{get:()=>t[n],enumerable:!(r=N4(t,n))\|\|r.enumerable});return e};var Op=(e,t,o)=>(o=e!=null?U3e(H3e(e)):{},Y3e(t\|\|!e\|\|!e.__esModule?Tv(o,"default",{value:e,enumerable:!0}):o,e));var j=(e,t,o,r)=>{for(var n=r>1?void 0:r?N4(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(n=(r?i(t,o,n):i(n))\|\|n);return r&&n&&Tv(t,o,n),n};var cc=(e,t,o)=>(G3e(e,typeof t!="symbol"?t+"":t,o),o);var oU=Me((eU,tU)=>{(function(e,t){typeof eU=="object"&&typeof tU<"u"?tU.exports=t():typeof de

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4762
Entropy (8bit):	5.150799521287783
Encrypted:	false
SSDEEP:	96:gjlJFCCLPffZCtCCLGffZxu9ZceNxed6t4Z3D1LxLDiL+BxgXvZAicjM:QTFDpCt6pxujcewHuL+i8M
MD5:	FC91F0E666C0A92CD4123B952D621C35
SHA1:	912CB17D693DD3E4E442AA82C1E11EA356A9CA9A
SHA-256:	B1E35EBEF1E39162E139B9F950AE811DB64AAE3CB587FE5CE80BE3C671C788E3
SHA-512:	E74695139AD5E21565FD64616185C5E1839A3C00DE51533C8CD65C3A80DDCA1C8B8E06C18536A3BF4E4C3D8C5218CD8FEFE4785FDDE3BCC8D5E109D77C69602E
Malicious:	false
Reputation:	low
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"https://www.dotnetconf.net/?utm_source=dotnet\u0026utm_medium=docs\u0026utm_campaign=savedate","title":"Save the Date"},"text":".NET Conf 2023 \| .NET Conf is a free, three-day, live virtual event for developers that celebrates the major releases of the .NET development platform. Come celebrate with us and learn about what you can do with .NET 8."},"dismissable":true,"displayType":"event-card","location":"sectional","scope":{"accessLevels

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (54649), with CRLF line terminators
Category:	downloaded
Size (bytes):	106026
Entropy (8bit):	5.171529071699513
Encrypted:	false
SSDEEP:	1536:JXQw7M1QH3FHimDA4A6b3UBm5AcTO5uIod:JXQ2tXUBmhLd
MD5:	A76A653DAAA136B17D3ABB880C159606
SHA1:	CEACBC85439BC26B17CB6B4422A8907CF446469C
SHA-256:	F50053CCD6D8CD18E2736166CE8376BBA8BC673C49AF7D96DFB8DFF7EC9BF715
SHA-512:	3FDAB4797F3CC73F2279887913970146894F441BE361512A2E5D14117B760AA193656B357CE8061E22967354544DC431599C1191860996EC3993FED5CA00B7E0
Malicious:	false
Reputation:	low
URL:	https://learn.microsoft.com/static/third-party/adobe-target/at-js/2.9.0/at.js
Preview:	// No custom JavaScript../*.. @license.. * at.js 2.9.0 \| (c) Adobe Systems Incorporated \| All rights reserved.. * zepto.js \| (c) 2010-2016 Thomas Fuchs \| zeptojs.com/license..*/..window.adobe=window.adobe\|\|{},window.adobe.target=function(){"use strict";var t=window,e=document,n=!e.documentMode\|\|e.documentMode>=11;var r,o,i,c=e.compatMode&&"CSS1Compat"===e.compatMode&&n&&(r=window.navigator.userAgent,o=r.indexOf("MSIE ")>0,i=r.indexOf("Trident/")>0,!(o\|\|i)),s=t.targetGlobalSettings;if(!c\|\|s&&!1===s.enabled)return t.adobe=t.adobe\|\|{},t.adobe.target={VERSION:"",event:{},getOffer:Ke,getOffers:yt,applyOffer:Ke,applyOffers:yt,sendNotifications:yt,trackEvent:Ke,triggerView:Ke,registerExtension:Ke,init:Ke},t.mboxCreate=Ke,t.mboxDefine=Ke,t.mboxUpdate=Ke,"console"in t&&"warn"in t.console&&(c\|\|t.console.warn("AT: Adobe Target content delivery is disabled. Update your DOCTYPE to support Standards mode."),t.console.warn("AT: Adobe Target content delivery is disabled in targetGlobalSettings.")),

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	4762
Entropy (8bit):	5.150799521287783
Encrypted:	false
SSDEEP:	96:gjlJFCCLPffZCtCCLGffZxu9ZceNxed6t4Z3D1LxLDiL+BxgXvZAicjM:QTFDpCt6pxujcewHuL+i8M
MD5:	FC91F0E666C0A92CD4123B952D621C35
SHA1:	912CB17D693DD3E4E442AA82C1E11EA356A9CA9A
SHA-256:	B1E35EBEF1E39162E139B9F950AE811DB64AAE3CB587FE5CE80BE3C671C788E3
SHA-512:	E74695139AD5E21565FD64616185C5E1839A3C00DE51533C8CD65C3A80DDCA1C8B8E06C18536A3BF4E4C3D8C5218CD8FEFE4785FDDE3BCC8D5E109D77C69602E
Malicious:	false
Reputation:	low
URL:	https://learn.microsoft.com/en-us/banners/index.json
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"https://www.dotnetconf.net/?utm_source=dotnet\u0026utm_medium=docs\u0026utm_campaign=savedate","title":"Save the Date"},"text":".NET Conf 2023 \| .NET Conf is a free, three-day, live virtual event for developers that celebrates the major releases of the .NET development platform. Come celebrate with us and learn about what you can do with .NET 8."},"dismissable":true,"displayType":"event-card","location":"sectional","scope":{"accessLevels

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Windows Analysis Report
https://www.officence.com/nam/d22d141f-ae37-447f-acfa-2e1d0e5b4969/5b612265-0eea-4eb4-af80-6e0eff5a34f2/9bba8c17-6f40-430f-a99e-bc600154d01c/login