Edit tour
Windows
Analysis Report
https://attachments.office.net/owa/scharfi%40healthesystems.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGRiNDRhZDRjLTU5MDYtNGIxZi1iZWEzLTMxNzAxNDc1MDlkYwBGAAAAAABKaGeaik1pTJKS753XARkPBwA2TQ%2BJRvilSZw5ZwX6ZVMcAAAAMPLNAABjlmxW0OkeRYTsmXxki7u0AARkFkARAAABEgAQAL9k38PsJtdGhGfMC27r7wA%3D&thumbnailTy
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Creates files inside the system directory
Stores files to the Windows start menu directory
Classification
- System is w10x64
- chrome.exe (PID: 6584 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2076 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2352 --fi eld-trial- handle=229 2,i,935572 2068866127 456,139204 4221296193 8397,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 3560 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://attac hments.off ice.net/ow a/scharfi% 40healthes ystems.com /service.s vc/s/GetAt tachmentTh umbnail?id =AAMkAGRiN DRhZDRjLTU 5MDYtNGIxZ i1iZWEzLTM xNzAxNDc1M DlkYwBGAAA AAABKaGeai k1pTJKS753 XARkPBwA2T Q%2BJRvilS Zw5ZwX6ZVM cAAAAMPLNA ABjlmxW0Ok eRYTsmXxki 7u0AARkFkA RAAABEgAQA L9k38PsJtd GhGfMC27r7 wA%3D&thum bnailType= 2&token=ey JhbGciOiJS UzI1NiIsIm tpZCI6IkU1 RDJGMEY4RE E5M0I2NzA5 QzQzQTlFOE E2MTQzQzAz RDYyRjlBOD AiLCJ0eXAi OiJKV1QiLC J4NXQiOiI1 ZEx3LU5xVH RuQ2NRNm5v cGhROEE5WX Ztb0EifQ.e yJvcmlnaW4 iOiJodHRwc zovL291dGx vb2sub2Zma WNlLmNvbSI sInVjIjoiM zFjZTY1ZmV iM2MzNGNlZ Tg0NDNiZTJ iNDU3MDBiN jUiLCJzaWd uaW5fc3Rhd GUiOlsiZHZ jX21uZ2QiL CJkdmNfZG1 qZCIsImttc 2kiXSwidmV yIjoiRXhja GFuZ2UuQ2F sbGJhY2suV jEiLCJhcHB jdHhzZW5kZ XIiOiJPd2F Eb3dubG9hZ EA0MzY3N2Z iNy1iODk0L TQ1NDktOGU wMS0zOGMzZ jI3MWM0N2Y iLCJpc3Nya W5nIjoiV1c iLCJhcHBjd HgiOiJ7XCJ tc2V4Y2hwc m90XCI6XCJ vd2FcIixcI nB1aWRcIjp cIjExNTM5M DY2NjExMzQ wMDQ1NjRcI ixcInNjb3B lXCI6XCJPd 2FEb3dubG9 hZFwiLFwib 2lkXCI6XCJ mODk4MWNhN C05M2JkLTQ xMzktYWU5Z C0yYTY0ZGN kYzU4NzJcI ixcInByaW1 hcnlzaWRcI jpcIlMtMS0 1LTIxLTE3O Dk4MTM1NDU tOTMzNDAxM DMyLTI1NTY wNTY0NzMtM TI4MjAzOTF cIn0iLCJuY mYiOjE3MTk 4NzgxNzQsI mV4cCI6MTc xOTg3ODQ3N CwiaXNzIjo iMDAwMDAwM DItMDAwMC0 wZmYxLWNlM DAtMDAwMDA wMDAwMDAwQ DQzNjc3ZmI 3LWI4OTQtN DU0OS04ZTA xLTM4YzNmM jcxYzQ3ZiI sImF1ZCI6I jAwMDAwMDA yLTAwMDAtM GZmMS1jZTA wLTAwMDAwM DAwMDAwMC9 hdHRhY2htZ W50cy5vZmZ pY2UubmV0Q DQzNjc3ZmI 3LWI4OTQtN DU0OS04ZTA xLTM4YzNmM jcxYzQ3ZiI sImhhcHAiO iJvd2EifQ. t5Xgv8eR_T fatMktqJ7J jnJafROB0f ji1czP9ZR9 6nX1FkAZML 1FJvdPeDk0 V2rp3m5jEe RWloFmtz2A YTzKhNPMeP SO4GYvWWuB ayNL0IEBCV jKw0knfZiz 5WH7T9cC5W xhV-x3NmUm 9SWBHBq0k6 xxrfPaB9Bi mtTzPrRiaj TPIJqs6wrs jIEbrquToH hyr_zMYiPK zCwj2z5nrw 4bGeOeE6CE p4XMdHBj9F oc22X451Be yyuCzZdQjE oC6Bw1frHC Lp0hgQuKTU 065FcItCBe ADkzDu5Z4Y nXlCj7pRkW dzpszu5Hye vcvmqO-66A 60nqvJduSH HjtP-urytS JQ&X-OWA-C ANARY=X-OW A-CANARY_c ookie_is_n ull_or_emp ty&owa=out look.offic e.com&scri ptVer=2024 0621005.09 &clientId= C58FAA7FDA 564195AA57 7D7CEEBC73 43&animati on=true&pe rsistenceI d=267c1982 -ca11-413d -9839-5d83 4b1d45cb" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- mspaint.exe (PID: 4476 cmdline:
mspaint.ex e "C:\User s\user\Des ktop\" MD5: 986A191E95952C9E3FE6BE112FB92026)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |