Windows
Analysis Report
http://cdn.fbsbx.com
Overview
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
chrome.exe (PID: 6260 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://c dn.fbsbx.c om/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 6084 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2160 --fi eld-trial- handle=192 8,i,440974 4897765162 080,675483 5288671255 182,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Timestamp: | 2024-07-16T18:23:20.677041+0200 |
SID: | 2840787 |
Source Port: | 49716 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-16T18:23:20.583977+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49715 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-16T18:23:57.889166+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49718 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
- • Compliance
- • Networking
- • System Summary
- • Boot Survival
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
scontent.xx.fbcdn.net | 157.240.0.6 | true | false | unknown | |
www.google.com | 142.250.184.228 | true | false | unknown | |
cdn.fbsbx.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
74.125.71.84 | unknown | United States | 15169 | GOOGLEUS | false | |
157.240.0.6 | scontent.xx.fbcdn.net | United States | 32934 | FACEBOOKUS | false | |
157.240.251.9 | unknown | United States | 32934 | FACEBOOKUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.185.195 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.186.110 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.184.227 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.184.228 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
192.168.2.13 |
192.168.2.23 |
192.168.2.15 |
192.168.2.14 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1474331 |
Start date and time: | 2024-07-16 18:22:41 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | http://cdn.fbsbx.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@14/7@8/108 |
- Exclude process from analysis
(whitelisted): svchost.exe - Excluded IPs from analysis (wh
itelisted): 142.250.185.195, 7 4.125.71.84, 142.250.186.110, 34.104.35.123 - Excluded domains from analysis
(whitelisted): clients2.googl e.com, accounts.google.com, ed gedl.me.gvt1.com, clientservic es.googleapis.com, clients.l.g oogle.com - Not all processes where analyz
ed, report is missing behavior information - VT rate limit hit for: http:/
/cdn.fbsbx.com
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.985378923339918 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8608BCF0AE08B3ECB08FF404E8E65661 |
SHA1: | BC8DD4F13440B8A6ED4C4A2A0A3F281ECFA942B0 |
SHA-256: | 6229AE930BC37AD6BA426A33C70B90C34BDEC4CD210AB44860FF0B9CA2929BB9 |
SHA-512: | 3B54038B7AB93A7E3A31D502315C392F151FE2E234A5B6B91385BF1FEC52B93A68D9708804FFA05082DC51366C7C2480AF806885AC204095DDFD9BF232BE3A61 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.001354295711056 |
Encrypted: | false |
SSDEEP: | |
MD5: | D37470DBB117BBAD806B84AE1CA2E479 |
SHA1: | 134E0474CF3032E3F216FB38AC9F6AF16E17DD15 |
SHA-256: | 6E14BEDC3117FCC435125E9A4D09BD735D28E0EA123D2FF135F3A1A429094447 |
SHA-512: | 07CAE5BB863B585C82DE27AC1DBA9E81B218A7E7A9256F38BB898C2665B02EB71F0C8B0E64EBF6D542A6CED22AF053AA1008A8906D090C0383961A54B25DBFB6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.008430594490359 |
Encrypted: | false |
SSDEEP: | |
MD5: | 10CF37E7307F515356E265023120FCE4 |
SHA1: | 14E6F4D273BA36DA84460A6E39AFF6B4F9AFB0FA |
SHA-256: | B76CC329B2D765CFA4181E69B8C6A577841E217B31DDB9628E05FB592029BC33 |
SHA-512: | EA05F30A014FC65AF0FC4121A60DBE2D7630320651E8C71E6CFC8DEAD3A4BC79C6186EAA91D569F700578CA54D9C3B3255356152C144815D6A621803D9ED38F4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9971038415861346 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6C272494B2B448F6C1AD80C56CF145F3 |
SHA1: | 6A68193AE52E9FA2EB6723085EE47F7C6CE76DB3 |
SHA-256: | 916C871878CD45829D8C7644DB031AE6E18A34540E0A462C048690EAC63B96A3 |
SHA-512: | 696468F2255E1E5870CBEDA4B6CE9071ACCB4CFF2A1A69FC3C847C2CEAE7FF534C9EFF492C4E529BA0F4F4584D0F0322D2F8AADAD31ABEC51BB0F4D6DE29E3F2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9863067045300213 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7BC7075BD9F9C60538EFD95964A19CE3 |
SHA1: | 77DA8D3E3766877B9A58CA5FDCF95A8831506703 |
SHA-256: | 23DAD466D241E716E1173018F3DAEEABBDDEBB5E88F6DD4E158AEB40A3F4D42F |
SHA-512: | 03BB72510A769D7F73C5AC64163DF28000E30D4ACFD0DB05FF6EB4E0557BF60481AEA3D373CF0444C2EC87BFB5D8CFF78FBB0E2876C9DB33BDD7B3EF1B3F6B56 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9964354299501403 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2FF657D60039711621B7C7AE120C8EA8 |
SHA1: | 8EC6FB043B8BB1090C2F998B9883AD4B6C207FC5 |
SHA-256: | 8FBDAB15F8F0C4FE286D5107129394EB16FE5A7E47CB819EAE3BF3231D0F14E0 |
SHA-512: | C0818602847F82045D1FE3A72079A2296E69F5952BC59299FFBCF16C5D303AE89A6CD5FA35E2FC2EABC562B0810E45DCC08D7E4CAD6D8CB00E53B902C6E4D12B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 803 |
Entropy (8bit): | 5.15256924899907 |
Encrypted: | false |
SSDEEP: | |
MD5: | 376C68DA4E63B23DE362903D041AF004 |
SHA1: | 3562A00379D0082E2C78ED675C7614EA51893F1C |
SHA-256: | 22A5BED97FCDB95BEE0EEBA701F16FA09646CC14DB542595016762E1F9E0534D |
SHA-512: | A8004B726C0ABCF96C7D1543B5C89C25760E947CA3D40FC1FA8BFFEEC5ED6BBC879BC503B67F464FF6C5D48128E75DA7884CF5265930DD55CF6E56740B53F34D |
Malicious: | false |
Reputation: | unknown |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
Preview: |