Edit tour
Windows
Analysis Report
http://items.mbox/53286C6D-722F-423E-B715-CEFED26B892A/Data/1/5/2/Attachments/251864/2.2/041189_00950.zip
Overview
General Information
| Sample URL: | http://items.mbox/53286C6D-722F-423E-B715-CEFED26B892A/Data/1/5/2/Attachments/251864/2.2/041189_00950.zip |
| Analysis ID: | 1467814 |
| Infos: |  |
 | |
Detection
| Score: | 1 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Sigma detected: File Download From Browser Process Via Inline URL
Stores files to the Windows start menu directory
Classification
- System is w10x64_ra
chrome.exe (PID: 6232 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://i tems.mbox/ 53286C6D-7 22F-423E-B 715-CEFED2 6B892A/Dat a/1/5/2/At tachments/ 251864/2.2 /041189_00 950.zip MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 4540 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2188 --fi eld-trial- handle=190 8,i,143827 6815129058 1170,39610 4795311039 7598,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
⊘No yara matches
| Source: | Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): | ||
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||