Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff2

Overview

General Information

Sample URL:https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff2
Analysis ID:1466759
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1892,i,13164569031032215832,12959837454332518080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 7108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff2" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • OpenWith.exe (PID: 3628 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficDNS traffic detected: DNS query: static2.sharepointonline.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: classification engineClassification label: clean1.win@18/10@4/3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3628:120:WilError_03
Source: C:\Windows\System32\OpenWith.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1892,i,13164569031032215832,12959837454332518080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff2"
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1892,i,13164569031032215832,12959837454332518080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
File and Directory Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory11
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1466759 URL: https://static2.sharepointo... Startdate: 03/07/2024 Architecture: WINDOWS Score: 1 5 chrome.exe 20 2->5         started        8 OpenWith.exe 18 9 2->8         started        10 chrome.exe 2->10         started        dnsIp3 15 192.168.2.8, 138, 443, 49706 unknown unknown 5->15 17 239.255.255.250 unknown Reserved 5->17 12 chrome.exe 5->12         started        process4 dnsIp5 19 www.google.com 142.250.186.164, 443, 49716, 49728 GOOGLEUS United States 12->19 21 static2.sharepointonline.com 12->21

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff20%Avira URL Cloudsafe
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff20%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
static2.sharepointonline.com0%VirustotalBrowse
fp2e7a.wpc.phicdn.net0%VirustotalBrowse
www.google.com0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.186.164
truefalseunknown
fp2e7a.wpc.phicdn.net
192.229.221.95
truefalseunknown
static2.sharepointonline.com
unknown
unknownfalseunknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
239.255.255.250
unknownReserved
unknownunknownfalse
142.250.186.164
www.google.comUnited States
15169GOOGLEUSfalse

Private

IP
192.168.2.8

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1466759
Start date and time:2024-07-03 11:05:09 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 31s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff2
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean1.win@18/10@4/3
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 142.250.74.195, 142.250.186.174, 64.233.166.84, 34.104.35.123, 23.199.223.63, 40.68.123.157, 2.19.126.163, 2.19.126.137, 192.229.221.95, 20.166.126.56, 52.165.164.15, 142.250.186.35
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, e13287.dscg.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, static2.sharepointonline.com.edgekey.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

TimeTypeDescription
05:07:34API Interceptor1x Sleep call for process: OpenWith.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:06:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2677
Entropy (8bit):3.9845785625563557
Encrypted:false
SSDEEP:48:8TR0dzT7LfHSidAKZdA1oehwiZUklqehRy+3:8TR8bxqy
MD5:05125C98705295E683401B13FA76CEEC
SHA1:C6AA1428E9D93E3C15A85E5BBFA567D7E285866E
SHA-256:CC56D80F70CDCF0725C3C80502A4799073CCCA8E010FF010494973115FB185BE
SHA-512:A40A9AB6BF1C511DD48803EC06D9B55B2E39204209320435D4664DF797EBE4A9FCC253C8734A96DD4071238F603CDBD257C71E93BFA760F5799C6E63420C979B
Malicious:false
Reputation:low
Preview:L..................F.@.. ...$+.,....7.zC(...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.H....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.H...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Zru.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:06:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2679
Entropy (8bit):3.999146333310874
Encrypted:false
SSDEEP:48:8VR0dzT7LfHSidAKZdA1leh/iZUkAQkqehay+2:8VR8bj9Q/y
MD5:021BB38DA9CF99D9E9EAB788EF5F9861
SHA1:56CAD9C449AEBED3D41895D7ACED683990249793
SHA-256:76620E710E3FF3C8FC868A8F5D13A089FB96227C588254FF843E65720DB5ADD2
SHA-512:63D25EC203D3D76F1DB2FD2656D936A465EAD06C96B1BF42CD148B3E0E8DB7D89E31BAC27662695738D94C50FD7C3D12BB15F97464FE13FCD1319BBB6F319DDF
Malicious:false
Reputation:low
Preview:L..................F.@.. ...$+.,....^.oC(...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.H....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.H...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Zru.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2693
Entropy (8bit):4.009458012632261
Encrypted:false
SSDEEP:48:8C0dzT7LbHSidAKZdA14t5eh7sFiZUkmgqeh7soy+BX:8C8bHnGy
MD5:F935D35ACA34BF9085E33612C6441C05
SHA1:101BB78094C179E17B0173AE16B1434ACB9D149E
SHA-256:5F4110DFEF2B05C194597EE9F12719D680FF454586FC4993FE24271620505DA1
SHA-512:4D006FC1D8B6C8047CC411C3F0DE5FB2CB1B6CF215DBB1B6218E45492923D4BF1FB1377746B5F94DF8F32955FFF7B23602D0C0F7A1EFD6D05790853B79C6D2A7
Malicious:false
Reputation:low
Preview:L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.H....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Zru.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:06:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2681
Entropy (8bit):3.998575757201026
Encrypted:false
SSDEEP:48:81R0dzT7LfHSidAKZdA16ehDiZUkwqehuy+R:81R8bQQy
MD5:C4DD4BFA9A4E850807821CFEDFF12494
SHA1:37BFAE3F5692A12CFDCD104F74EED682E8E2D6E6
SHA-256:B67ABCBC032A2775D761EDD2F3B4E09D27DC0DA9B3DA5187563B44F218320CBA
SHA-512:0E0F9B6D84542DF779757155174D9C697154E66074039A2B8FC173E80AFE19EAF6939DAC2DF617EE55AB2B023C7FAC49EB712BE0B12C7159B8FD2B5765983AF7
Malicious:false
Reputation:low
Preview:L..................F.@.. ...$+.,......hC(...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.H....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.H...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Zru.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:06:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2681
Entropy (8bit):3.9864728457754723
Encrypted:false
SSDEEP:48:8OR0dzT7LfHSidAKZdA1UehBiZUk1W1qehUy+C:8OR8bQ90y
MD5:A491F80FE43E2B803A34D5AFE5DCC7F8
SHA1:2235AC24555088FD41E164F323FA5AA3A56461AC
SHA-256:CFBCAF4DD1FFCF79490800B698762D5BC13435C5BC41197E43573227436B6272
SHA-512:C1E0FCBB7A72439C1CD939E3C117184EA56D97F10C0033E64C53CE444C588A590916611AFA293C10A19570304920440F6926D01A3B1568BB157FE27806D4A3ED
Malicious:false
Reputation:low
Preview:L..................F.@.. ...$+.,....>.uC(...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.H....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.H...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Zru.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 08:06:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2683
Entropy (8bit):3.99669029945673
Encrypted:false
SSDEEP:48:8vR0dzT7LfHSidAKZdA1duTrehOuTbbiZUk5OjqehOuTbGy+yT+:8vR8b9TYTbxWOvTbGy7T
MD5:D00F7C5F7D9EAD41DE417B439F4D0A8F
SHA1:811A7861AA6ECD9C9E1899A2990271E5A389F898
SHA-256:470C6BAD0734531ECB0DE5C52C8C5B6E52F0B6F786C5EAAD83DE1C418C972A5E
SHA-512:20745A88114DDF4CB9FC78038FCB35FDC06FF7F93F006FCFFEA1605151C9DB6D98C99710B5C7E98F9FA5A99C067AEB05A75032E32717ECD77C7B7E186BDA75FD
Malicious:false
Reputation:low
Preview:L..................F.@.. ...$+.,....CX^C(...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.H....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.H...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Zru.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\segoeui-light.woff2 (copy)

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:Web Open Font Format (Version 2), TrueType, length 28740, version 0.0
Category:dropped
Size (bytes):28740
Entropy (8bit):7.99094566451361
Encrypted:true
SSDEEP:384:+W6q2qYn+Uh/UBlruLKWN4yKTDAj8T2rrOciQHyMRLfVZSmVTQoUwSTaVDCiU7Mu:lxoy6LtN4yrwTs+mVQoUwZCiFQt2Dg
MD5:330E17BEEEECEE428DEA32F39B679D3B
SHA1:0287E124B90084127EBD975D9F3FC92EBAAF53E2
SHA-256:D12E9086B74EF50E35760E4F40BD5411D1B2B657E33E4A09C5FC4861BEBF0752
SHA-512:2D8F0D315A75527D5D198F09BD9CF685CCD2971960CB54EE4AFB56BE3CCDFB0AFA757ADC93EAD412D6C975B4786BA8D0B10912EE4F23E4977528002BDA6B4668
Malicious:false
Reputation:low
Preview:wOF2......pD.........o..........................`.. ..L...........].6.$..H..T..L.. ..0. ..i.....T......F.....I?......n....../....?.....3p\.u..<Og.....R.:.:......K.......H..C....>.F.Zy..X.4.; ....2yJ.Li..1.?.....}...U?....!.s.P*vU..H=._...'I....Z{.|E..n..;@z._..-..1.Hh...vH.;.. .HB.;.1....[..UZJ....5....~...6..K.<.3.....`.:8@..S.=kk..^G.#.o...}M.....?..)...e.JY.Z5I..v..G.u.X...K..4x../z.@3|[.Sw-...i.U].T.U.VK-..[R..kH.%..h...4.....-7....:ao.g......<O..v.....d.E..T..."F]Y..5..WE...o+.1c.*kS.+.0.....g..t.5g....)..42[..Jw.....R]..3)*..t....P....>.Z.T .......e....T.E u..@%.tN5%...s....W..wa/@..J.%y.P\..H.vA.fA.c.t$.D...E.........B...B.qQ.M.JEU..].....7m.f9 9.]9....h.uW../..5.gXc.Yf..JGPU..L(.PN..*U..I_.c.U......"K..Q..v....Bl..3.nD...m!l...b..W"@.j.;.&.i5.Yl..v#...x..hd'.F.mX.e..jp..\.....Q:....7..$=.a(...Z.G..I.7K....w...!.D.-..@ZJG.,.d.De.,.e.R....g..L.a>a.JH.hW.PY*O..J.Q.U}.RuV.Wq.Tw.'..t..<....q.:.3...j..k.........8-...;..x......U.T.

C:\Users\user\Downloads\segoeui-light.woff2.crdownload

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:Web Open Font Format (Version 2), TrueType, length 28740, version 0.0
Category:dropped
Size (bytes):28740
Entropy (8bit):7.99094566451361
Encrypted:true
SSDEEP:384:+W6q2qYn+Uh/UBlruLKWN4yKTDAj8T2rrOciQHyMRLfVZSmVTQoUwSTaVDCiU7Mu:lxoy6LtN4yrwTs+mVQoUwZCiFQt2Dg
MD5:330E17BEEEECEE428DEA32F39B679D3B
SHA1:0287E124B90084127EBD975D9F3FC92EBAAF53E2
SHA-256:D12E9086B74EF50E35760E4F40BD5411D1B2B657E33E4A09C5FC4861BEBF0752
SHA-512:2D8F0D315A75527D5D198F09BD9CF685CCD2971960CB54EE4AFB56BE3CCDFB0AFA757ADC93EAD412D6C975B4786BA8D0B10912EE4F23E4977528002BDA6B4668
Malicious:false
Reputation:low
Preview:wOF2......pD.........o..........................`.. ..L...........].6.$..H..T..L.. ..0. ..i.....T......F.....I?......n....../....?.....3p\.u..<Og.....R.:.:......K.......H..C....>.F.Zy..X.4.; ....2yJ.Li..1.?.....}...U?....!.s.P*vU..H=._...'I....Z{.|E..n..;@z._..-..1.Hh...vH.;.. .HB.;.1....[..UZJ....5....~...6..K.<.3.....`.:8@..S.=kk..^G.#.o...}M.....?..)...e.JY.Z5I..v..G.u.X...K..4x../z.@3|[.Sw-...i.U].T.U.VK-..[R..kH.%..h...4.....-7....:ao.g......<O..v.....d.E..T..."F]Y..5..WE...o+.1c.*kS.+.0.....g..t.5g....)..42[..Jw.....R]..3)*..t....P....>.Z.T .......e....T.E u..@%.tN5%...s....W..wa/@..J.%y.P\..H.vA.fA.c.t$.D...E.........B...B.qQ.M.JEU..].....7m.f9 9.]9....h.uW../..5.gXc.Yf..JGPU..L(.PN..*U..I_.c.U......"K..Q..v....Bl..3.nD...m!l...b..W"@.j.;.&.i5.Yl..v#...x..hd'.F.mX.e..jp..\.....Q:....7..$=.a(...Z.G..I.7K....w...!.D.-..@ZJG.,.d.De.,.e.R....g..L.a>a.JH.hW.PY*O..J.Q.U}.RuV.Wq.Tw.'..t..<....q.:.3...j..k.........8-...;..x......U.T.

Chrome Cache Entry: 65

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:Web Open Font Format (Version 2), TrueType, length 28740, version 0.0
Category:downloaded
Size (bytes):28740
Entropy (8bit):7.99094566451361
Encrypted:true
SSDEEP:384:+W6q2qYn+Uh/UBlruLKWN4yKTDAj8T2rrOciQHyMRLfVZSmVTQoUwSTaVDCiU7Mu:lxoy6LtN4yrwTs+mVQoUwZCiFQt2Dg
MD5:330E17BEEEECEE428DEA32F39B679D3B
SHA1:0287E124B90084127EBD975D9F3FC92EBAAF53E2
SHA-256:D12E9086B74EF50E35760E4F40BD5411D1B2B657E33E4A09C5FC4861BEBF0752
SHA-512:2D8F0D315A75527D5D198F09BD9CF685CCD2971960CB54EE4AFB56BE3CCDFB0AFA757ADC93EAD412D6C975B4786BA8D0B10912EE4F23E4977528002BDA6B4668
Malicious:false
Reputation:low
URL:https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff2
Preview:wOF2......pD.........o..........................`.. ..L...........].6.$..H..T..L.. ..0. ..i.....T......F.....I?......n....../....?.....3p\.u..<Og.....R.:.:......K.......H..C....>.F.Zy..X.4.; ....2yJ.Li..1.?.....}...U?....!.s.P*vU..H=._...'I....Z{.|E..n..;@z._..-..1.Hh...vH.;.. .HB.;.1....[..UZJ....5....~...6..K.<.3.....`.:8@..S.=kk..^G.#.o...}M.....?..)...e.JY.Z5I..v..G.u.X...K..4x../z.@3|[.Sw-...i.U].T.U.VK-..[R..kH.%..h...4.....-7....:ao.g......<O..v.....d.E..T..."F]Y..5..WE...o+.1c.*kS.+.0.....g..t.5g....)..42[..Jw.....R]..3)*..t....P....>.Z.T .......e....T.E u..@%.tN5%...s....W..wa/@..J.%y.P\..H.vA.fA.c.t$.D...E.........B...B.qQ.M.JEU..].....7m.f9 9.]9....h.uW../..5.gXc.Yf..JGPU..L(.PN..*U..I_.c.U......"K..Q..v....Bl..3.nD...m!l...b..W"@.j.;.&.i5.Yl..v#...x..hd'.F.mX.e..jp..\.....Q:....7..$=.a(...Z.G..I.7K....w...!.D.-..@ZJG.,.d.De.,.e.R....g..L.a>a.JH.hW.PY*O..J.Q.U}.RuV.Wq.Tw.'..t..<....q.:.3...j..k.........8-...;..x......U.T.

Static File Info

No static file info

File Icon

Icon Hash:00b29a8e86828200

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Jul 3, 2024 11:06:11.677870035 CEST49673443192.168.2.823.206.229.226
Jul 3, 2024 11:06:12.052889109 CEST49672443192.168.2.823.206.229.226
Jul 3, 2024 11:06:13.552944899 CEST49676443192.168.2.852.182.143.211
Jul 3, 2024 11:06:16.177939892 CEST4967780192.168.2.8192.229.211.108
Jul 3, 2024 11:06:21.053000927 CEST49716443192.168.2.8142.250.186.164
Jul 3, 2024 11:06:21.053054094 CEST44349716142.250.186.164192.168.2.8
Jul 3, 2024 11:06:21.053131104 CEST49716443192.168.2.8142.250.186.164
Jul 3, 2024 11:06:21.053392887 CEST49716443192.168.2.8142.250.186.164
Jul 3, 2024 11:06:21.053411007 CEST44349716142.250.186.164192.168.2.8
Jul 3, 2024 11:06:21.294946909 CEST49673443192.168.2.823.206.229.226
Jul 3, 2024 11:06:21.654337883 CEST49672443192.168.2.823.206.229.226
Jul 3, 2024 11:06:21.733545065 CEST44349716142.250.186.164192.168.2.8
Jul 3, 2024 11:06:21.779323101 CEST49716443192.168.2.8142.250.186.164
Jul 3, 2024 11:06:21.782896996 CEST49717443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:21.782952070 CEST44349717184.28.90.27192.168.2.8
Jul 3, 2024 11:06:21.783020973 CEST49717443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:21.796370029 CEST49717443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:21.796427011 CEST44349717184.28.90.27192.168.2.8
Jul 3, 2024 11:06:21.833288908 CEST49716443192.168.2.8142.250.186.164
Jul 3, 2024 11:06:21.833316088 CEST44349716142.250.186.164192.168.2.8
Jul 3, 2024 11:06:21.834651947 CEST44349716142.250.186.164192.168.2.8
Jul 3, 2024 11:06:21.834726095 CEST49716443192.168.2.8142.250.186.164
Jul 3, 2024 11:06:21.922007084 CEST49716443192.168.2.8142.250.186.164
Jul 3, 2024 11:06:21.922239065 CEST44349716142.250.186.164192.168.2.8
Jul 3, 2024 11:06:21.966846943 CEST49716443192.168.2.8142.250.186.164
Jul 3, 2024 11:06:21.966880083 CEST44349716142.250.186.164192.168.2.8
Jul 3, 2024 11:06:22.013708115 CEST49716443192.168.2.8142.250.186.164
Jul 3, 2024 11:06:22.462435961 CEST44349717184.28.90.27192.168.2.8
Jul 3, 2024 11:06:22.462507963 CEST49717443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:22.475100994 CEST49717443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:22.475126028 CEST44349717184.28.90.27192.168.2.8
Jul 3, 2024 11:06:22.475439072 CEST44349717184.28.90.27192.168.2.8
Jul 3, 2024 11:06:22.529315948 CEST49717443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:22.678623915 CEST49717443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:22.720503092 CEST44349717184.28.90.27192.168.2.8
Jul 3, 2024 11:06:22.870011091 CEST44349717184.28.90.27192.168.2.8
Jul 3, 2024 11:06:22.870090961 CEST44349717184.28.90.27192.168.2.8
Jul 3, 2024 11:06:22.870143890 CEST49717443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:22.870264053 CEST49717443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:22.870264053 CEST49717443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:22.870285988 CEST44349717184.28.90.27192.168.2.8
Jul 3, 2024 11:06:22.870299101 CEST44349717184.28.90.27192.168.2.8
Jul 3, 2024 11:06:22.909286022 CEST49718443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:22.909338951 CEST44349718184.28.90.27192.168.2.8
Jul 3, 2024 11:06:22.909408092 CEST49718443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:22.909673929 CEST49718443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:22.909688950 CEST44349718184.28.90.27192.168.2.8
Jul 3, 2024 11:06:23.302033901 CEST4434970623.206.229.226192.168.2.8
Jul 3, 2024 11:06:23.302262068 CEST49706443192.168.2.823.206.229.226
Jul 3, 2024 11:06:23.547678947 CEST44349718184.28.90.27192.168.2.8
Jul 3, 2024 11:06:23.547779083 CEST49718443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:23.550420046 CEST49718443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:23.550446987 CEST44349718184.28.90.27192.168.2.8
Jul 3, 2024 11:06:23.550714970 CEST44349718184.28.90.27192.168.2.8
Jul 3, 2024 11:06:23.552875996 CEST49718443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:23.600507975 CEST44349718184.28.90.27192.168.2.8
Jul 3, 2024 11:06:23.823702097 CEST44349718184.28.90.27192.168.2.8
Jul 3, 2024 11:06:23.823782921 CEST44349718184.28.90.27192.168.2.8
Jul 3, 2024 11:06:23.823940039 CEST49718443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:23.825340986 CEST49718443192.168.2.8184.28.90.27
Jul 3, 2024 11:06:23.825362921 CEST44349718184.28.90.27192.168.2.8
Jul 3, 2024 11:06:31.631738901 CEST44349716142.250.186.164192.168.2.8
Jul 3, 2024 11:06:31.631814003 CEST44349716142.250.186.164192.168.2.8
Jul 3, 2024 11:06:31.631855011 CEST49716443192.168.2.8142.250.186.164
Jul 3, 2024 11:06:32.884156942 CEST49716443192.168.2.8142.250.186.164
Jul 3, 2024 11:06:32.884180069 CEST44349716142.250.186.164192.168.2.8
Jul 3, 2024 11:07:21.039449930 CEST49728443192.168.2.8142.250.186.164
Jul 3, 2024 11:07:21.039500952 CEST44349728142.250.186.164192.168.2.8
Jul 3, 2024 11:07:21.039572954 CEST49728443192.168.2.8142.250.186.164
Jul 3, 2024 11:07:21.040045977 CEST49728443192.168.2.8142.250.186.164
Jul 3, 2024 11:07:21.040062904 CEST44349728142.250.186.164192.168.2.8
Jul 3, 2024 11:07:21.671885014 CEST44349728142.250.186.164192.168.2.8
Jul 3, 2024 11:07:21.672879934 CEST49728443192.168.2.8142.250.186.164
Jul 3, 2024 11:07:21.672899008 CEST44349728142.250.186.164192.168.2.8
Jul 3, 2024 11:07:21.673228025 CEST44349728142.250.186.164192.168.2.8
Jul 3, 2024 11:07:21.673619032 CEST49728443192.168.2.8142.250.186.164
Jul 3, 2024 11:07:21.673677921 CEST44349728142.250.186.164192.168.2.8
Jul 3, 2024 11:07:21.721365929 CEST49728443192.168.2.8142.250.186.164
Jul 3, 2024 11:07:31.577601910 CEST44349728142.250.186.164192.168.2.8
Jul 3, 2024 11:07:31.577660084 CEST44349728142.250.186.164192.168.2.8
Jul 3, 2024 11:07:31.577717066 CEST49728443192.168.2.8142.250.186.164
Jul 3, 2024 11:07:32.797605991 CEST49728443192.168.2.8142.250.186.164
Jul 3, 2024 11:07:32.797650099 CEST44349728142.250.186.164192.168.2.8

UDP Packets

TimestampSource PortDest PortSource IPDest IP
Jul 3, 2024 11:06:16.627417088 CEST53515001.1.1.1192.168.2.8
Jul 3, 2024 11:06:16.642944098 CEST53607921.1.1.1192.168.2.8
Jul 3, 2024 11:06:17.622497082 CEST53507361.1.1.1192.168.2.8
Jul 3, 2024 11:06:18.153933048 CEST5679453192.168.2.81.1.1.1
Jul 3, 2024 11:06:18.154088020 CEST5883053192.168.2.81.1.1.1
Jul 3, 2024 11:06:20.986519098 CEST6473053192.168.2.81.1.1.1
Jul 3, 2024 11:06:20.986761093 CEST5838253192.168.2.81.1.1.1
Jul 3, 2024 11:06:20.993948936 CEST53583821.1.1.1192.168.2.8
Jul 3, 2024 11:06:20.994757891 CEST53647301.1.1.1192.168.2.8
Jul 3, 2024 11:06:34.789493084 CEST53606241.1.1.1192.168.2.8
Jul 3, 2024 11:06:53.633312941 CEST53532271.1.1.1192.168.2.8
Jul 3, 2024 11:06:54.377859116 CEST138138192.168.2.8192.168.2.255
Jul 3, 2024 11:07:16.150981903 CEST53565491.1.1.1192.168.2.8
Jul 3, 2024 11:07:16.225400925 CEST53551771.1.1.1192.168.2.8

DNS Queries

TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
Jul 3, 2024 11:06:18.153933048 CEST192.168.2.81.1.1.10xa4deStandard query (0)static2.sharepointonline.comA (IP address)IN (0x0001)false
Jul 3, 2024 11:06:18.154088020 CEST192.168.2.81.1.1.10xc7cdStandard query (0)static2.sharepointonline.com65IN (0x0001)false
Jul 3, 2024 11:06:20.986519098 CEST192.168.2.81.1.1.10x2defStandard query (0)www.google.comA (IP address)IN (0x0001)false
Jul 3, 2024 11:06:20.986761093 CEST192.168.2.81.1.1.10x23c8Standard query (0)www.google.com65IN (0x0001)false

DNS Answers

TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
Jul 3, 2024 11:06:18.161221981 CEST1.1.1.1192.168.2.80xa4deNo error (0)static2.sharepointonline.comstatic2.sharepointonline.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
Jul 3, 2024 11:06:18.164222956 CEST1.1.1.1192.168.2.80xc7cdNo error (0)static2.sharepointonline.comstatic2.sharepointonline.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
Jul 3, 2024 11:06:20.993948936 CEST1.1.1.1192.168.2.80x23c8No error (0)www.google.com65IN (0x0001)false
Jul 3, 2024 11:06:20.994757891 CEST1.1.1.1192.168.2.80x2defNo error (0)www.google.com142.250.186.164A (IP address)IN (0x0001)false
Jul 3, 2024 11:06:33.099617958 CEST1.1.1.1192.168.2.80xfde4No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
Jul 3, 2024 11:06:33.099617958 CEST1.1.1.1192.168.2.80xfde4No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
Jul 3, 2024 11:06:46.789964914 CEST1.1.1.1192.168.2.80x4913No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
Jul 3, 2024 11:06:46.789964914 CEST1.1.1.1192.168.2.80x4913No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
Jul 3, 2024 11:07:08.742993116 CEST1.1.1.1192.168.2.80xe1feNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
Jul 3, 2024 11:07:08.742993116 CEST1.1.1.1192.168.2.80xe1feNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
Jul 3, 2024 11:07:29.278117895 CEST1.1.1.1192.168.2.80x6e11No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
Jul 3, 2024 11:07:29.278117895 CEST1.1.1.1192.168.2.80x6e11No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

HTTP Request Dependency Graph

  • fs.microsoft.com

HTTPS Proxied Packets

Session IDSource IPSource PortDestination IPDestination PortPIDProcess
0192.168.2.849717184.28.90.27443
TimestampBytes transferredDirectionData
2024-07-03 09:06:22 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: fs.microsoft.com
2024-07-03 09:06:22 UTC467INHTTP/1.1 200 OK
Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
Content-Type: application/octet-stream
ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
Last-Modified: Tue, 16 May 2017 22:58:00 GMT
Server: ECAcc (lpl/EF06)
X-CID: 11
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-neu-z1
Cache-Control: public, max-age=111762
Date: Wed, 03 Jul 2024 09:06:22 GMT
Connection: close
X-CID: 2


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
1192.168.2.849718184.28.90.27443
TimestampBytes transferredDirectionData
2024-07-03 09:06:23 UTC239OUTGET /fs/windows/config.json HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
Range: bytes=0-2147483646
User-Agent: Microsoft BITS/7.8
Host: fs.microsoft.com
2024-07-03 09:06:23 UTC515INHTTP/1.1 200 OK
ApiVersion: Distribute 1.1
Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
Content-Type: application/octet-stream
ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
Last-Modified: Tue, 16 May 2017 22:58:00 GMT
Server: ECAcc (lpl/EF06)
X-CID: 11
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-weu-z1
Cache-Control: public, max-age=111771
Date: Wed, 03 Jul 2024 09:06:23 GMT
Content-Length: 55
Connection: close
X-CID: 2
2024-07-03 09:06:23 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:05:06:12
Start date:03/07/2024
Path:C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:0x7ff678760000
File size:3'242'272 bytes
MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

General

Target ID:2
Start time:05:06:14
Start date:03/07/2024
Path:C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1892,i,13164569031032215832,12959837454332518080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:0x7ff678760000
File size:3'242'272 bytes
MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

General

Target ID:3
Start time:05:06:16
Start date:03/07/2024
Path:C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.woff2"
Imagebase:0x7ff678760000
File size:3'242'272 bytes
MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

General

Target ID:9
Start time:05:07:34
Start date:03/07/2024
Path:C:\Windows\System32\OpenWith.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\OpenWith.exe -Embedding
Imagebase:0x7ff76bfe0000
File size:123'984 bytes
MD5 hash:E4A834784FA08C17D47A1E72429C5109
Has elevated privileges:false
Has administrator privileges:false
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

Disassembly

No disassembly