Windows Analysis Report
https://appehmrahem.bond/

Overview

General Information

Sample URL:	https://appehmrahem.bond/
Analysis ID:	1447443
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious javascript

Detected non-DNS traffic on DNS port

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://appehmrahem.bond/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://appehmrahem.bond/webview/css/animate.css	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/media/backimg.svg	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/css/main.css	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/css/main2.css	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/css/style.css	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/fonts/weblight.woff2	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/media/logo.png	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/media/nfc.png	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/js/jquery-3.7.0.min.js	Avira URL Cloud: Label: phishing

Phishing

AI detected suspicious javascript

Source: https://appehmrahem.bond/webview/

LLM: Score: 8 Reasons: The JavaScript code collects sensitive user information such as username, password, phone number, and Android ID, and sends it to a server via an AJAX POST request. This behavior is typical of phishing attacks, especially since the destination URL is a relative path ('../api/sendLoginData.php'), which is often used in malicious scripts to obfuscate the true destination of the data. DOM: 0.0.pages.csv

Source: https://appehmrahem.bond/webview/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.6:49716 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.6:65284 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webview HTTP/1.1Host: appehmrahem.bondConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/ HTTP/1.1Host: appehmrahem.bondConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/css/main.css HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/css/main2.css HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/css/style.css HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/css/animate.css HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/js/jquery-3.7.0.min.js HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /webview/media/logo.png HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/media/nfc.png HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/media/backimg.svg HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://appehmrahem.bond/webview/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/fonts/weblight.woff2 HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://appehmrahem.bondsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://appehmrahem.bond/webview/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/media/logo.png HTTP/1.1Host: appehmrahem.bondConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/media/backimg.svg HTTP/1.1Host: appehmrahem.bondConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/media/nfc.png HTTP/1.1Host: appehmrahem.bondConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH

Source: global traffic	DNS traffic detected: DNS query: appehmrahem.bond
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeContent-Security-Policy: upgrade-insecure-requests;Date: Fri, 24 May 2024 22:54:37 GMTContent-Length: 315Content-Type: text/html; charset=iso-8859-1Age: 0DDG-Cache-Status: MISS

Source: chromecache_120.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_120.2.dr	String found in binary or memory: https://animate.style/
Source: chromecache_122.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_120.2.dr	String found in binary or memory: https://github.com/nickpettit/glide
Source: chromecache_122.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65288
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.6:49716 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@21/27@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2000,i,9033632415043992459,17109060085967981009,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://appehmrahem.bond/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2000,i,9033632415043992459,17109060085967981009,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
186.2.171.38	appehmrahem.bond	Belize	262254	DDOS-GUARDCORPBZ	false

Private

IP
192.168.2.4
192.168.2.6

Contacted Domains

Name	IP	Active
appehmrahem.bond	186.2.171.38	true
www.google.com	142.250.186.68	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://appehmrahem.bond/webview/css/style.css	false	Avira URL Cloud: phishing	unknown
https://appehmrahem.bond/webview/media/logo.png	false	Avira URL Cloud: phishing	unknown
https://appehmrahem.bond/webview/css/main2.css	false	Avira URL Cloud: phishing	unknown
https://appehmrahem.bond/webview/media/backimg.svg	false	Avira URL Cloud: phishing	unknown
https://appehmrahem.bond/webview/css/animate.css	false	Avira URL Cloud: phishing	unknown
https://appehmrahem.bond/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://appehmrahem.bond/webview	false	Avira URL Cloud: phishing	unknown
https://appehmrahem.bond/webview/	true		unknown
https://appehmrahem.bond/webview/fonts/weblight.woff2	false	Avira URL Cloud: phishing	unknown
https://appehmrahem.bond/webview/css/main.css	false	Avira URL Cloud: phishing	unknown
https://appehmrahem.bond/webview/js/jquery-3.7.0.min.js	false	Avira URL Cloud: phishing	unknown
https://appehmrahem.bond/webview/media/nfc.png	false	Avira URL Cloud: phishing	unknown
https://appehmrahem.bond/	true		unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 115	ASCII text, with no line terminators	8B3BC538C3EF0A60B8D0FBF67A3C34B7	3B10B3523A40A9856B598A2CB4ECB225E7A96AB6	0573B0E49E853DFCDFAB477295DC25FA97AE6E7C617C95AE1F86EEBE4EC9A466
Chrome Cache Entry: 116	Web Open Font Format (Version 2), TrueType, length 29284, version 1.0	EB5ADAAC0D814E1E8E5CBD75EFB9DB3E	86437711B342274A5F43BA41870B38EB6205FB97	E3822F2D078338746ADD72D0F2A1B2725DF116B9DAA09C40CF3B970742893713
Chrome Cache Entry: 117	ASCII text, with very long lines (11038)	C1E38B81B0A24A6B47A43BC9771334A7	695976B1A024DE801FE1433AA7DDED6C60124398	EB4A3F5AD74A15E159E3AB7244B51D846F3DFD7BB5EAE106A10A45528C267ADA
Chrome Cache Entry: 118	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 119	PNG image data, 250 x 177, 8-bit/color RGBA, non-interlaced	937760DE448F26FF51DB5CE53AB78F95	905A316A06F5F05406F9890F371499BDE76BF681	2140E8257715B4997AA86D16EA9033F7C3B48E9DF0E09062582F4104CD3F789C
Chrome Cache Entry: 120	ASCII text	CF2741A3A7EA8427ADE651533A54EF1B	AFCAF144854F4916F4CC4AD17D196BCA1AA66BC8	C1B6F9ED1EFFFF87233740CE612ED3CD3FBD3CB34C0863373D820FDE1B2C8D8F
Chrome Cache Entry: 121	PNG image data, 250 x 177, 8-bit/color RGBA, non-interlaced	937760DE448F26FF51DB5CE53AB78F95	905A316A06F5F05406F9890F371499BDE76BF681	2140E8257715B4997AA86D16EA9033F7C3B48E9DF0E09062582F4104CD3F789C
Chrome Cache Entry: 122	ASCII text, with very long lines (615), with CRLF line terminators	5618AD30E484121E21D8A7084317BF95	10810DD2B191AC9F8913596980BEFE33901DF672	536E6C6D46A856627C30FC51D9F536EA87025105C97A0D6388659C7545E9590D
Chrome Cache Entry: 123	ASCII text, with CRLF line terminators	843D770AFB4C8A9782E08D5C652E9F63	D6726ACD160922C5B384F4CBD3FB70A273ADDAC8	7DD37C858DF68100EB273A485CA89636EE0E0AE7E0713D82C519137F602E2EC5
Chrome Cache Entry: 124	ASCII text, with very long lines (65447)	ED4E85DDC6E188C8490191794776F22E	83B9249BBBCD563EEF7546291D0407F0E70166CE	8F764EFBB2CDB303E3019325D811225EAD27D656F8B40390DE427DB1415DC56A
Chrome Cache Entry: 125	PNG image data, 2612 x 2400, 8-bit colormap, non-interlaced	F392111B73A4892FF31A779839A0911D	ABAF20A09D8B95D075DEC838A0DC88319E80A501	D6C9E8AD0DB0155278850F60FCC7ADFF6B036B6F102FAC9362B37AA7D8719F70
Chrome Cache Entry: 126	HTML document, Unicode text, UTF-8 text, with very long lines (1854), with CRLF line terminators	7543A81734BF7DE705A72E0C625B0F25	C8B97D977EEF8E3C4F336B71CFA4717E8F420248	998BCD1D037A3E9AEA743E6ECB8B686F456D964BCD4CF4AF62E4698662333026
Chrome Cache Entry: 127	PNG image data, 2612 x 2400, 8-bit colormap, non-interlaced	F392111B73A4892FF31A779839A0911D	ABAF20A09D8B95D075DEC838A0DC88319E80A501	D6C9E8AD0DB0155278850F60FCC7ADFF6B036B6F102FAC9362B37AA7D8719F70
Chrome Cache Entry: 128	SVG Scalable Vector Graphics image	CCD4AA39C19063CB07D06DAA62874FF9	4DEFF38B5875EA55729AA5E002059C9B68AF4763	C917B66B1F26C24730DBD3DE5CFEF604A46CC47B4BE6C0D036A185E188E0BCF6
Chrome Cache Entry: 129	SVG Scalable Vector Graphics image	CCD4AA39C19063CB07D06DAA62874FF9	4DEFF38B5875EA55729AA5E002059C9B68AF4763	C917B66B1F26C24730DBD3DE5CFEF604A46CC47B4BE6C0D036A185E188E0BCF6

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://appehmrahem.bond/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://appehmrahem.bond/webview/css/animate.css	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/media/backimg.svg	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/css/main.css	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/css/main2.css	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/css/style.css	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/fonts/weblight.woff2	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/media/logo.png	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/media/nfc.png	Avira URL Cloud: Label: phishing
Source: https://appehmrahem.bond/webview/js/jquery-3.7.0.min.js	Avira URL Cloud: Label: phishing

Phishing

AI detected suspicious javascript

Source: https://appehmrahem.bond/webview/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.6:49716 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.6:65284 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webview HTTP/1.1Host: appehmrahem.bondConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/ HTTP/1.1Host: appehmrahem.bondConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/css/main.css HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/css/main2.css HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/css/style.css HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/css/animate.css HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/js/jquery-3.7.0.min.js HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /webview/media/logo.png HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/media/nfc.png HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/media/backimg.svg HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://appehmrahem.bond/webview/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/fonts/weblight.woff2 HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://appehmrahem.bondsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://appehmrahem.bond/webview/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/media/logo.png HTTP/1.1Host: appehmrahem.bondConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/media/backimg.svg HTTP/1.1Host: appehmrahem.bondConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /webview/media/nfc.png HTTP/1.1Host: appehmrahem.bondConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: appehmrahem.bondConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://appehmrahem.bond/webview/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __ddg1_=Nz6EdkzKIdNhs1jmTlmH

Source: global traffic	DNS traffic detected: DNS query: appehmrahem.bond
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

Source: chromecache_120.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_120.2.dr	String found in binary or memory: https://animate.style/
Source: chromecache_122.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_120.2.dr	String found in binary or memory: https://github.com/nickpettit/glide
Source: chromecache_122.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65288
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.6:49716 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@21/27@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2000,i,9033632415043992459,17109060085967981009,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://appehmrahem.bond/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2000,i,9033632415043992459,17109060085967981009,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1447443
Product:	CloudBasic
Start time:	00:53:37
Start date:	25.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://appehmrahem.bond/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://appehmrahem.bond/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://appehmrahem.bond/