Edit tour

Windows Analysis Report
https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20

Overview

General Information

Sample URL:	https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20
Analysis ID:	1466965

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Phishing site detected (based on shot match)

Detected non-DNS traffic on DNS port

HTML page contains hidden URLs or javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1980,i,888476322353100917,7841454618462719768,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site detected (based on shot match)

Source: https://italake.com/core/machine?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20	Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/goght/0x4AAAAAAAb5PoV5PCK_H5Jt/auto/normal	Matcher: Template: captcha matched

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/fy1hw/0x4AAAAAAAb4A0WSCv_WVh9i/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/fy1hw/0x4AAAAAAAb4A0WSCv_WVh9i/auto/normal

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/fy1hw/0x4AAAAAAAb4A0WSCv_WVh9i/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/fy1hw/0x4AAAAAAAb4A0WSCv_WVh9i/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/goght/0x4AAAAAAAb5PoV5PCK_H5Jt/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/goght/0x4AAAAAAAb5PoV5PCK_H5Jt/auto/normal	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:63096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:63097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:63098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:59988 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53
Source: global traffic	TCP traffic: 192.168.2.18:63077 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.18:59986 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	DNS traffic detected: DNS query: italake.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: s2.googleusercontent.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63092
Source: unknown	Network traffic detected: HTTP traffic on port 63107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63091
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63094
Source: unknown	Network traffic detected: HTTP traffic on port 63098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63093
Source: unknown	Network traffic detected: HTTP traffic on port 63094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63096
Source: unknown	Network traffic detected: HTTP traffic on port 59993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63097
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59988
Source: unknown	Network traffic detected: HTTP traffic on port 63085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59990
Source: unknown	Network traffic detected: HTTP traffic on port 63081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59992
Source: unknown	Network traffic detected: HTTP traffic on port 59990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63088
Source: unknown	Network traffic detected: HTTP traffic on port 63112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 59994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63099
Source: unknown	Network traffic detected: HTTP traffic on port 63111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63081
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63082
Source: unknown	Network traffic detected: HTTP traffic on port 63099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63085
Source: unknown	Network traffic detected: HTTP traffic on port 63095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:63096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:63097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:63098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.18:59988 version: TLS 1.2

Source: classification engine

Classification label: sus21.phis.win@22/15@16/125

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1980,i,888476322353100917,7841454618462719768,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1980,i,888476322353100917,7841454618462719768,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
italake.com	119.18.54.95	true	false	unknown
challenges.cloudflare.com	104.17.2.184	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.186.129	true	false	unknown
s2.googleusercontent.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/fy1hw/0x4AAAAAAAb4A0WSCv_WVh9i/auto/normal	false	unknown
https://italake.com/core/machine?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20	true	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/goght/0x4AAAAAAAb5PoV5PCK_H5Jt/auto/normal	true	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
216.58.212.131	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
216.58.206.36	unknown	United States	15169	GOOGLEUS	false
64.233.166.84	unknown	United States	15169	GOOGLEUS	false
142.250.186.129	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
142.250.185.142	unknown	United States	15169	GOOGLEUS	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
119.18.54.95	italake.com	India	394695	PUBLIC-DOMAIN-REGISTRYUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.74	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.18

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1466965
Start date and time:	2024-07-03 15:50:00 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus21.phis.win@22/15@16/125

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.185.174, 64.233.166.84, 34.104.35.123, 142.250.185.74, 216.58.206.36
Excluded domains from analysis (whitelisted): fonts.googleapis.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com, t3.gstatic.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:50:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9729882006286585
Encrypted:	false
SSDEEP:
MD5:	189AF53C3564454A9882BDCA7FF978FD
SHA1:	B542956F5DF70F998987554E20090DAF032E5CA9
SHA-256:	D37423DFD737039FCD342B7858101008B2F299A11BC63DC2255BCDA51C14B4EC
SHA-512:	12C1D568D1AFC89C8B09601EAE929509810A3C6DF3984E9530AEDECDF4CB2068D94974482994B906D22A52C6AC0E2A1C0F9FD540706AC19ABA1EB791950B72AD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......[.P.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XTn....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X\n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X\n....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X\n...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X`n.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:50:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.98791438572105
Encrypted:	false
SSDEEP:
MD5:	8346705F675F79AA4160CA9614A8BD78
SHA1:	8A410B4AAE72E4B29768FD4606B66011BEB9C3E8
SHA-256:	B4701C3568D18289F1A0619CA3A8596997529D3F788CBB5F5B1175A4924838C3
SHA-512:	FB6CC010AAE73DF650FC2E7C52E04B40AD071800C0BA96F80627ECA66F2BF746610A324FB59A2FCDEE90CE185D1B6686219648A03CC6B1DF55B85A687A723E98
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......P.P.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XTn....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X\n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X\n....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X\n...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X`n.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2691
Entropy (8bit):	3.9965442793749064
Encrypted:	false
SSDEEP:
MD5:	D31D1CA6C59391BB4A4EB9954ED9CD3D
SHA1:	425395D802D9F97C1E759696F17B9E29E8879245
SHA-256:	7C247C027EEB41B9EEC4809C1AA7839F2DFCD5A93C5E6AC6E499826E878FE7A8
SHA-512:	8EAD9B6881E8459AD8B1E69CB57D7D1FE089CF4E86A57D2BC3A6A49E2E686B324AD279A78220258D76034D24FC25670D4B625532317A799475D73C1439105E7A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XTn....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X\n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X\n....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X\n...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:50:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.984684248211562
Encrypted:	false
SSDEEP:
MD5:	E21F40C29E81995717B9E7D213D55397
SHA1:	8F803430BF29D367294D4795351AC3C3A7A54403
SHA-256:	2C068261B2659E9D575BBFDAAC4B4D7E566AAF1C7308057FF5CF154F044E81EC
SHA-512:	8A736021CA3D7AB10BEF45F19539BC6EBEAE930846667FDC934FB40A30EBB74BEE991B5DAA5C9AD4F8A28E909C8E63CBA88EF69953E5E16194C2A5B715134F80
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....C.J.P.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XTn....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X\n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X\n....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X\n...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X`n.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:50:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9732457115182345
Encrypted:	false
SSDEEP:
MD5:	801557DEC206A43784095364BB4D4EBA
SHA1:	2B8C54515B6B9F04B3A3D073DBFF28C57D9F0F49
SHA-256:	7C304ED8665002E5F91B8A930E45E71C7D38B47A3D286C24F5621371DA223DEF
SHA-512:	65EB6D67F4166057717F518C3039D59BCCC62DCBB7215CCCD79A7E65AFB4124FAE42D112BA5080FE8D696A957362AEF58E8223DF458496919BA2FE00AFB6422C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....8V.P.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XTn....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X\n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X\n....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X\n...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X`n.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:50:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.984267669528788
Encrypted:	false
SSDEEP:
MD5:	806FBFD99584F48E999C5D9F427FBD1E
SHA1:	C0D7A7CF2A337866764DB020076CA6B8DAAC1A3B
SHA-256:	1324735421FD78160C7009686D0677764B38F86E48FA8D1A188D5FE5551FD827
SHA-512:	3A7D101A64EE96B755589D6EC147A645F24D8DA6AD410A8CFC72BB14C708E985D3166B4DCA3CC017F397655B3A541D921D68ABAFBE9B4FC3A48ED5C9A63E06DB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...._QA.P.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.XTn....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X\n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X\n....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X\n...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X`n.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 87, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.068159130770307
Encrypted:	false
SSDEEP:
MD5:	91BF0DCD890C0A727270AC91FA48A949
SHA1:	B97CC887FF26B11842811C1A89F6E73BFC744D43
SHA-256:	4392099B23DE92D911B4B891B99FB5B650266F840646FC406B4FDF197B70F5EE
SHA-512:	5D5CCB424F110793D8B9B8D11C64049E53001EADD976DFAA3F59A581D0E0833692EC8CE6F4D834DC678261276AD5CA2865607DF8D31E3BCA61FBA16EF574F429
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ...W......?......IDAT.....$.....IEND.B`.

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	404
Entropy (8bit):	6.727976462198361
Encrypted:	false
SSDEEP:
MD5:	A52DB5BFA11433E884BFBCD8040A82D6
SHA1:	C05BFBF6AFA51E5DF497E757B19689BE11B706B8
SHA-256:	1C0A9202C636F20695258494505EE51E595C7F4D90F0247E6D5E7644A209F448
SHA-512:	27B43331588F6261D92B2AB6D7A91A6C364D453998A0854596CB89352D4DDB72FDE320CE20DC82F1F5C7A30CDB84C9DBA85B41D13FB35CF91D27FE215876A580
Malicious:	false
Reputation:	unknown
URL:	"https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://hydratight.com&size=16"
Preview:	.PNG........IHDR.............(-.S....PLTEGpL.........855.....................xd.......igh#. ..u...zxx...}\|\|.............................#. dbc..................PNN......EBC...IA...{Z........tRNS.9...kag...(.\....C.... .!.....IDAT..e.W..@...,$@z...l..?].PP"..c=...^8..=.1.........CQ....kW6JU..).O...).1........r..G,q^P.F}.H.7...KJ..B#.Bu..1......R^.y.^z...Q..... ..#~4}......A_......IEND.B`.

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42690)
Category:	downloaded
Size (bytes):	42691
Entropy (8bit):	5.373060430099094
Encrypted:	false
SSDEEP:
MD5:	985094F1486391033426C17505182792
SHA1:	D44FF6BEF2E3D9B2F6DEAA0170458B1AE39350D4
SHA-256:	14B108C7F687C327D6AA759FD1D255A981D5D505B241B5B968B674E3BF50B2B9
SHA-512:	D1A8015658A82AE64F2E93341B8CA15B0057DF298DF36ACB47188B330E0327CFE0392EE1FF94B9D3BE7BC7D689BDD536A86ADB873A7ADEDE10AE45AA9A9415DB
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/g/d2a97f6b6ec9/api.js
Preview:	"use strict";(function(){function Et(e,a,r,o,c,u,g){try{var b=e[u](g),_=b.value}catch(l){r(l);return}b.done?a(_):Promise.resolve(_).then(o,c)}function wt(e){return function(){var a=this,r=arguments;return new Promise(function(o,c){var u=e.apply(a,r);function g(_){Et(u,o,c,g,b,"next",_)}function b(_){Et(u,o,c,g,b,"throw",_)}g(void 0)})}}function M(e,a){return a!=null&&typeof Symbol!="undefined"&&a[Symbol.hasInstance]?!!a[Symbol.hasInstance](e):M(e,a)}function Re(e,a,r){return a in e?Object.defineProperty(e,a,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[a]=r,e}function Be(e){for(var a=1;a<arguments.length;a++){var r=arguments[a]!=null?arguments[a]:{},o=Object.keys(r);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(r).filter(function(c){return Object.getOwnPropertyDescriptor(r,c).enumerable}))),o.forEach(function(c){Re(e,c,r[c])})}return e}function fr(e,a){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	569
Entropy (8bit):	4.896633254731508
Encrypted:	false
SSDEEP:
MD5:	71D6A57D21337114032CA39B294F3591
SHA1:	ADA1D867672276F16EF4D3B8A46A519FBA8E3D4E
SHA-256:	36B2057EB5EEF261A2CBB8C149DCF3A11EDAA15CCD8E3D462EB34999F5FF8F2A
SHA-512:	BC5F5B55C2741FED993D5D25A36030028C388C8888EA2D1D1F24970AEC4F856CDA366940B99D54FF2D4D9AF16DF8DE39AB847A7BA2BE0B649DE1CE2C9E70A330
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/icon?family=Material+Icons
Preview:	/* fallback */.@font-face {. font-family: 'Material Icons';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2) format('woff2');.}...material-icons {. font-family: 'Material Icons';. font-weight: normal;. font-style: normal;. font-size: 24px;. line-height: 1;. letter-spacing: normal;. text-transform: none;. display: inline-block;. white-space: nowrap;. word-wrap: normal;. direction: ltr;. -webkit-font-feature-settings: 'liga';. -webkit-font-smoothing: antialiased;.}.

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 128352, version 1.0
Category:	downloaded
Size (bytes):	128352
Entropy (8bit):	7.998349465466699
Encrypted:	true
SSDEEP:
MD5:	53436ACA8627A49F4DEAAA44DC9E3C05
SHA1:	0BC0C675480D94EC7E8609DDA6227F88C5D08D2C
SHA-256:	8265F64786397D6B832D1CA0AAFDF149AD84E72759FFFA9F7272E91A0FB015D1
SHA-512:	6655E0426EB0C78A7CB4D4216A3AF7A6EDD50ABA8C92316608B1F79B8FC15F895CBA9314BEB7A35400228786E2A78A33E8C03322DA04E0DA94C2F109241547E8
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Preview:	wOF2.......`......~....................................D.`..........,..t..X..6.$..p. ..z. [.\.M.B.....-..VT .&"..Qc.=.U..XwD...7Q.v.a..; (...I........+.I..%...._.v.:..N.Y....;J.V...+..S..9Z...X.J........_0)c`[vb?.".P.E..Q......."p.v..........3.Zm`k":8..Kk........UR%U2...<....'a.L.4.&....P.X...,z5.j<++....ff..X1I.......%.Z<.UT.G.)L........;.A....O~ev...-z....^.\|.....pE..@.t.7...4..>...}.U[y...O8....\|m.L04....t...g...../...&.E...."...q.1.(..g.&?;...Vx..\|.-p=......;...a..Q\|L8..}..$.I.2.tI8...O..Q...k+;..N.hf.M...t..(..\...O.......:n.... v..}H...\|B<..'..r...1..B, .....6.&...6.x.i.=...r......Os.._...g.{W$VD..A1........B[.<un...t......k..n0........ ..O&.....%.@..c..Tv...pT.Np...U...%j+ZP....@.....b..........~...f..D..... ...O$....\|......$W842...S.....2.pIL.....Z.[.xo.r.{.d)I.P.-)0..K.`.~,.8..[...m..3d....A..v.s.d..KW..j.4.Ic.m..,.P........../W.j...>B..BJ.........[?.....$."...-...K.P.R..K.....Dz(..7_...=.....b.C...2..4F.+....P...f.#.q.G.G8.

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 89 x 100, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.068159130770306
Encrypted:	false
SSDEEP:
MD5:	24B81702EF87E49427AB4E9438BC4293
SHA1:	432559B445AF69B257529AD48A575D954A304B99
SHA-256:	24C42DCE56067CC495AC510EA8CE1F7F3D9181C24FB2E3183BECA03E0AF5C3E0
SHA-512:	7BD9319D0E15544BF850957D98AC54A4CF215AF717E7E8F2F281DD329EDC69DAEA8C7493CE0B92D286ED6485FB99366D6D54DA32E36B2F8D816E8E2FFE218CE7
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/89d75913cfd44380/1720014663519/3yRfIHAhr-BcrFE
Preview:	.PNG........IHDR...Y...d.....b.......IDAT.....$.....IEND.B`.

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1944
Entropy (8bit):	4.873961458607349
Encrypted:	false
SSDEEP:
MD5:	E5BB6DD1BA1C08ED23C9E4C17165F2E8
SHA1:	2CA9AF377145BCB296D32E3CC5442A4E3D84ECE3
SHA-256:	D68DCC3CF41A50D38BABD749BABD0C769C9D406235810D29C5D6EE016B6AF792
SHA-512:	8863D97E5CB7BB72ACA8C16A202CD3437483ED08B0EAFB3848937CE38F8F856A6B8BD59B488E76B9C5EF0192F06AB31F76844CCD20F6510C8726A84E03DCB0DE
Malicious:	false
Reputation:	unknown
URL:	https://italake.com/core/style.css
Preview:	@import url("https://fonts.googleapis.com/icon?family=Material+Icons");..body {. margin: 0;. overflow: hidden;.}..body * {. box-sizing: border-box;.}..img {. width: 100%;.}..#no-freeze-spinner {. position: fixed;. top: 0;. left: 0;. width: 100%;. transition: all 0.1s linear;. opacity: 1;. height: 100vh;. transform: scale(10);. z-index: -1;. background: rgba(0, 0, 0, 0.8);.}...no-freeze-spinner #no-freeze-spinner {. z-index: 9999;. opacity: 0.5;. transform: scale(1);.}..#no-freeze-spinner>div>div {. animation-play-state: paused;. border: 5px solid #c8c8c8;. border-radius: 50%;. animation: rotate 1s infinite linear;. border-left-color: rgba(255, 255, 255);. width: 100%;. height: 100%;.}..#no-freeze-spinner>div {. position: absolute;. top: 0;. left: 0;. right: 0;. bottom: 0;. margin: auto;. border-radius: 50%;. box-shadow: 0 0 0 2000px rgb(255, 255, 255);. width: 60px;. height: 60px;. padding: 5px;.}...no-freeze-spinner #no-freeze-spinner div div {. ani

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	583
Entropy (8bit):	5.11550204447751
Encrypted:	false
SSDEEP:
MD5:	59F6AE7C7F154EC74D418D4ED6FC5B0E
SHA1:	674860108A41AB23BA5F73635749332BD8A46B7E
SHA-256:	50E0767F2731DA7DDB56D719DC85A7F830C4A860D8F09D0F25401D3DC7097D7D
SHA-512:	501F35D5347BD1F20024A1C76172874E0026289F6DD60DE6A1F83EF2DEB0FFF07CD75C45B4DCF693A7C2FF903528BEDBD05C2B9F9BB439D294F5F904427173F7
Malicious:	false
Reputation:	unknown
URL:	https://italake.com/favicon.ico
Preview:	<html>.<head>. <style>. .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; }. @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }. </style>. <script language="Javascript">var _skz_pid = "9PO5645V6";</script>. <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script>.</head>.<body>.<div class="loader" id="sk-loader"></div>.</body>.</html>.

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 147

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Static File Info

Windows Analysis Report
https://italake.com/core/?requisites=JeQwvqpcjZC2JK1wvq5DjSasyqC0jKkrkO5hv20