Edit tour

Windows Analysis Report
https://t.co/IU0OeVJDt5

Overview

General Information

Sample URL:	https://t.co/IU0OeVJDt5
Analysis ID:	1546033

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6756 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1956,i,10054742530678617658,9203882097335685757,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/IU0OeVJDt5" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://o0nn8ra4fwt8mt.insightterrace.top/robot/	HTTP Parser: No favicon
Source: http://o0nn8ra4fwt8mt.insightterrace.top/robot/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49720 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 26MB later: 35MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKdate: Thu, 31 Oct 2024 10:57:09 GMTserver: Apache/2.4.62 (Debian)last-modified: Thu, 31 Oct 2024 05:47:04 GMTetag: "88c-625bf59200019-gzip"accept-ranges: bytesvary: Accept-Encodingcontent-encoding: gzipcontent-length: 957content-type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 56 5b 6f db 36 14 7e 56 7e c5 99 fa b2 00 96 e4 5b 1c 43 95 bc 16 5d 0a 6c 0f 6b b0 78 58 fb 54 d0 22 25 31 a6 48 81 a4 1c bb 45 ff fb 0e 25 f9 9a b4 7d 9c 01 49 47 e7 7e d3 47 27 bf fc fe e1 dd f2 d3 fd 1d 94 b6 12 8b ab c4 3d 40 10 59 a4 3e 93 fe e2 0a 20 29 19 a1 8e 40 b2 62 96 40 56 12 6d 98 4d fd 7f 96 ef 83 b9 0f d1 a9 50 92 8a a5 fe 86 b3 a7 5a 69 eb 43 a6 a4 65 12 95 9f 38 b5 65 4a d9 86 67 2c 68 5f 06 c0 25 b7 9c 88 c0 64 44 b0 74 14 0e 8f ce 2c b7 82 2d fe 6c 8c 05 02 95 aa d0 47 18 86 49 d4 f1 3b 1d 63 77 7b 1a 60 a5 e8 0e be f6 2f 00 39 c6 0d 72 52 71 b1 8b c1 7f 78 0f f7 5a c1 92 6d ad 3f 00 43 a4 09 0c d3 3c 7f 7d d0 5f 91 6c 5d 68 d5 48 1a c3 ab 7c 96 df e6 f3 a3 90 72 53 0b 82 8e 72 c1 b6 47 f6 23 66 c7 f3 5d d0 d7 18 43 86 77 a6 8f 0a 4e 3d a0 5c b3 cc 72 25 51 ae 44 53 c9 a3 9c 08 5e c8 80 5b 56 99 e7 c6 35 a1 94 cb 22 b0 aa 8e 61 34 dc 94 47 11 fa 51 1a f3 1c de 8c 56 e3 6c cf ff d6 3f 43 97 0f e1 92 e9 93 7e 1c eb 0b f6 d6 79 fb 7b 16 30 86 f1 b4 de f6 b7 59 4f 9d 34 4a 69 ca 74 a0 09 e5 0d 66 3d 3f 95 55 64 db 8d 36 86 e9 e4 4c d2 76 c2 94 9a cb 75 0c c3 53 6f 8e 4d a8 7a 42 36 c6 9a e0 e5 02 07 23 bc e9 62 45 7e bd 19 c0 f8 76 00 d3 e9 00 86 e1 70 7e 3d 38 d8 42 6b e1 14 e7 df b7 18 8d af 0f fd e9 1e 1e c0 15 5e ab c6 5a 25 4f 3a f4 9d 21 1f ba e2 82 8c c6 58 d4 5e 72 e5 79 3f dd 80 1f 4e b8 20 ed 64 cf ba 7b ba 86 d3 c9 74 96 b1 e7 63 bf 1c dc c5 48 5e 18 57 dc b6 c9 28 c1 29 bc 9a 90 09 5d 4d 5e 9f 7f 2a 86 7f 61 a8 35 3b b7 3d 1f ce a8 bf 86 2f 77 7a f6 6c 36 e3 5e f9 60 30 be 71 26 87 1b 0e f4 e6 1a 51 00 d1 e4 72 89 bb f1 c4 a5 da 30 3d 38 e7 e5 2a 6b cc 8b ab 1d 5f 16 f7 ed 27 96 ff 4b 81 b8 7c a1 44 24 82 af ed 2a 7a 17 8b f7 83 ad f2 f6 15 25 51 87 7d 9e c3 e7 68 0f d0 89 c3 c0 1e 1b 29 df 40 26 88 31 a9 7f 80 03 84 73 cf 4b 72 a5 2b 20 2d 22 a5 3e a6 66 89 cc 58 58 97 b5 0f 88 e0 a5 a2 a9 7f ff e1 61 d9 29 0b b2 62 02 09 8f 12 4b 82 2a 23 b5 45 f8 ff dc 68 91 fa a5 b5 75 1c 45 86 23 c8 12 bd 62 92 e5 dc 86 08 57 11 62 40 c1 6c f4 9b c1 c5 5f b3 5d fa 56 df ee d6 b3 87 ba e4 8f bb f9 a7 8f 76 33 d3 43 71 9b 35 ff 4e ea bb bf df d2 7b df 45 c0 bc 52 ff 10 e1 b3 55 6b 3c 80 9c 80 d3 67 fc a0 cd cb 49 5d 96 5e f5 ae 93 02 69 b0 00 cd bf 10 57 1d b4 aa a1 53 48 08 94 9a e5 5d ce 06 93 de fb 0b 95 2e 22 aa 32 13 35 78 20 04 15 91 0d 11 51 a9 9e 10 76 0f e5 22 a6 a1 db c6 06 8f 26 f2 61 f1 07 f6 4c 37 6d 03 4d 12 91 45 17 81 cb ba b1 60 77 35 1e 7f d6 9d 33 fd 51 78 59 11 bc 50 4e 7b ec a1 8f a8 2d cb 91 ee cd 8d f0 5c b9 eb 6b 70 32 d0 24 42 ad c5 51 bf 1f b9 5b 2f 14 f6 18 d7 25 65 9a 55 c5 91 fb d7 dd c7 65 12 75 a2 de be 8d ed f6 a2 a5 4c a6 79 6d c1 e8 ec d8 af 46 d6 eb 02 0f 96 2a 7a b3
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKdate: Thu, 31 Oct 2024 10:57:44 GMTserver: Apache/2.4.62 (Debian)last-modified: Thu, 31 Oct 2024 05:47:04 GMTetag: "88c-625bf59200019-gzip"accept-ranges: bytesvary: Accept-Encodingcontent-encoding: gzipcontent-length: 957content-type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 56 5b 6f db 36 14 7e 56 7e c5 99 fa b2 00 96 e4 5b 1c 43 95 bc 16 5d 0a 6c 0f 6b b0 78 58 fb 54 d0 22 25 31 a6 48 81 a4 1c bb 45 ff fb 0e 25 f9 9a b4 7d 9c 01 49 47 e7 7e d3 47 27 bf fc fe e1 dd f2 d3 fd 1d 94 b6 12 8b ab c4 3d 40 10 59 a4 3e 93 fe e2 0a 20 29 19 a1 8e 40 b2 62 96 40 56 12 6d 98 4d fd 7f 96 ef 83 b9 0f d1 a9 50 92 8a a5 fe 86 b3 a7 5a 69 eb 43 a6 a4 65 12 95 9f 38 b5 65 4a d9 86 67 2c 68 5f 06 c0 25 b7 9c 88 c0 64 44 b0 74 14 0e 8f ce 2c b7 82 2d fe 6c 8c 05 02 95 aa d0 47 18 86 49 d4 f1 3b 1d 63 77 7b 1a 60 a5 e8 0e be f6 2f 00 39 c6 0d 72 52 71 b1 8b c1 7f 78 0f f7 5a c1 92 6d ad 3f 00 43 a4 09 0c d3 3c 7f 7d d0 5f 91 6c 5d 68 d5 48 1a c3 ab 7c 96 df e6 f3 a3 90 72 53 0b 82 8e 72 c1 b6 47 f6 23 66 c7 f3 5d d0 d7 18 43 86 77 a6 8f 0a 4e 3d a0 5c b3 cc 72 25 51 ae 44 53 c9 a3 9c 08 5e c8 80 5b 56 99 e7 c6 35 a1 94 cb 22 b0 aa 8e 61 34 dc 94 47 11 fa 51 1a f3 1c de 8c 56 e3 6c cf ff d6 3f 43 97 0f e1 92 e9 93 7e 1c eb 0b f6 d6 79 fb 7b 16 30 86 f1 b4 de f6 b7 59 4f 9d 34 4a 69 ca 74 a0 09 e5 0d 66 3d 3f 95 55 64 db 8d 36 86 e9 e4 4c d2 76 c2 94 9a cb 75 0c c3 53 6f 8e 4d a8 7a 42 36 c6 9a e0 e5 02 07 23 bc e9 62 45 7e bd 19 c0 f8 76 00 d3 e9 00 86 e1 70 7e 3d 38 d8 42 6b e1 14 e7 df b7 18 8d af 0f fd e9 1e 1e c0 15 5e ab c6 5a 25 4f 3a f4 9d 21 1f ba e2 82 8c c6 58 d4 5e 72 e5 79 3f dd 80 1f 4e b8 20 ed 64 cf ba 7b ba 86 d3 c9 74 96 b1 e7 63 bf 1c dc c5 48 5e 18 57 dc b6 c9 28 c1 29 bc 9a 90 09 5d 4d 5e 9f 7f 2a 86 7f 61 a8 35 3b b7 3d 1f ce a8 bf 86 2f 77 7a f6 6c 36 e3 5e f9 60 30 be 71 26 87 1b 0e f4 e6 1a 51 00 d1 e4 72 89 bb f1 c4 a5 da 30 3d 38 e7 e5 2a 6b cc 8b ab 1d 5f 16 f7 ed 27 96 ff 4b 81 b8 7c a1 44 24 82 af ed 2a 7a 17 8b f7 83 ad f2 f6 15 25 51 87 7d 9e c3 e7 68 0f d0 89 c3 c0 1e 1b 29 df 40 26 88 31 a9 7f 80 03 84 73 cf 4b 72 a5 2b 20 2d 22 a5 3e a6 66 89 cc 58 58 97 b5 0f 88 e0 a5 a2 a9 7f ff e1 61 d9 29 0b b2 62 02 09 8f 12 4b 82 2a 23 b5 45 f8 ff dc 68 91 fa a5 b5 75 1c 45 86 23 c8 12 bd 62 92 e5 dc 86 08 57 11 62 40 c1 6c f4 9b c1 c5 5f b3 5d fa 56 df ee d6 b3 87 ba e4 8f bb f9 a7 8f 76 33 d3 43 71 9b 35 ff 4e ea bb bf df d2 7b df 45 c0 bc 52 ff 10 e1 b3 55 6b 3c 80 9c 80 d3 67 fc a0 cd cb 49 5d 96 5e f5 ae 93 02 69 b0 00 cd bf 10 57 1d b4 aa a1 53 48 08 94 9a e5 5d ce 06 93 de fb 0b 95 2e 22 aa 32 13 35 78 20 04 15 91 0d 11 51 a9 9e 10 76 0f e5 22 a6 a1 db c6 06 8f 26 f2 61 f1 07 f6 4c 37 6d 03 4d 12 91 45 17 81 cb ba b1 60 77 35 1e 7f d6 9d 33 fd 51 78 59 11 bc 50 4e 7b ec a1 8f a8 2d cb 91 ee cd 8d f0 5c b9 eb 6b 70 32 d0 24 42 ad c5 51 bf 1f b9 5b 2f 14 f6 18 d7 25 65 9a 55 c5 91 fb d7 dd c7 65 12 75 a2 de be 8d ed f6 a2 a5 4c a6 79 6d c1 e8 ec d8 af 46 d6 eb 02 0f 96 2a 7a b3

Source: global traffic	HTTP traffic detected: GET /?ywuiz9umdg86equfk59av HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://t.co/IU0OeVJDt5Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /robot HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://t.co/IU0OeVJDt5Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /robot/ HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://t.co/IU0OeVJDt5Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widget/?sitekey=Ar7yk6Sphijy8YXtv6r0l7cuW3pERAdP HTTP/1.1Host: similarbenefit.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://o0nn8ra4fwt8mt.insightterrace.top/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://o0nn8ra4fwt8mt.insightterrace.top/robot/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://o0nn8ra4fwt8mt.insightterrace.top/robot/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /robot/ HTTP/1.1Host: o0nn8ra4fwt8mt.insightterrace.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: o0nn8ra4fwt8mt.insightterrace.top
Source: global traffic	DNS traffic detected: DNS query: unpkg.com
Source: global traffic	DNS traffic detected: DNS query: similarbenefit.top
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49720 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@19/12@14/141

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1956,i,10054742530678617658,9203882097335685757,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/IU0OeVJDt5"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1956,i,10054742530678617658,9203882097335685757,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
t.co	172.66.0.227	true	false	unknown
similarbenefit.top	134.122.65.250	true	false	unknown
www.google.com	216.58.206.36	true	false	unknown
o0nn8ra4fwt8mt.insightterrace.top	134.122.65.250	true	false	unknown
unpkg.com	104.17.249.203	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
http://o0nn8ra4fwt8mt.insightterrace.top/robot/	false	unknown
http://o0nn8ra4fwt8mt.insightterrace.top/robot	false	unknown
http://o0nn8ra4fwt8mt.insightterrace.top/favicon.ico	false	unknown
http://similarbenefit.top/widget/?sitekey=Ar7yk6Sphijy8YXtv6r0l7cuW3pERAdP	false	unknown
http://o0nn8ra4fwt8mt.insightterrace.top/?ywuiz9umdg86equfk59av	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.217.16.206	unknown	United States	15169	GOOGLEUS	false
104.17.248.203	unknown	United States	13335	CLOUDFLARENETUS	false
173.194.76.84	unknown	United States	15169	GOOGLEUS	false
216.58.206.67	unknown	United States	15169	GOOGLEUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
216.58.206.35	unknown	United States	15169	GOOGLEUS	false
134.122.65.250	similarbenefit.top	United States	14061	DIGITALOCEAN-ASNUS	false
142.250.185.170	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.142	unknown	United States	15169	GOOGLEUS	false
104.17.249.203	unpkg.com	United States	13335	CLOUDFLARENETUS	false
172.66.0.227	t.co	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1546033
Start date and time:	2024-10-31 11:56:38 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://t.co/IU0OeVJDt5
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@19/12@14/141

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 173.194.76.84, 172.217.16.206, 34.104.35.123, 142.250.185.170, 142.250.186.138, 172.217.16.138, 142.250.181.234, 142.250.184.202, 216.58.206.74, 142.250.74.202, 142.250.185.234, 142.250.186.74, 142.250.185.74, 172.217.18.106, 142.250.185.202, 142.250.185.138, 216.58.212.170, 142.250.186.170, 142.250.186.42, 199.232.210.172
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://t.co/IU0OeVJDt5

LLM Input / Output

Input	Output
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": true, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://t.co
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: URL: http://o0nn8ra4fwt8mt.insightterrace.top
URL: http://o0nn8ra4fwt8mt.insightterrace.top/robot/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "NEXT", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: http://o0nn8ra4fwt8mt.insightterrace.top/robot/ Model: claude-3-haiku-20240307	```json { "brands": [] } ``` The provided image does not contain any visible brand logos or identifiable brands. The image shows a generic "504 Gateway Time-out" error message, which indicates a server-side issue, but does not display any brand information.

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:57:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9835654295895386
Encrypted:	false
SSDEEP:
MD5:	0CDD9D34C0FB64F99F81A2460800BD11
SHA1:	EF5D7DCF84F790C620BC370A115800F96971BC76
SHA-256:	C94C3918D9C88AE21FFBAB9F48A227A352ABBA55145BF19D60C58AD9A777E712
SHA-512:	019DF4CB3570DF574C1D812EA9A1E21D1B7DD8A24509C1265A50DB93D4F033B2E1A61C18DF92A03DBB3E3DDFDAEF569EABF25CD0618C03E2B85C30ECA3C92AA5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....q....+..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_Y.W....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y#W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_Y#W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_Y#W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_Y$W...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6[.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:57:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9978425085976608
Encrypted:	false
SSDEEP:
MD5:	709FC1733F440316F115CA214A17B5EE
SHA1:	6BEBFCEEC2067C687D55CBED685AC9CF7212B992
SHA-256:	05233009A0996F12CF3FCF83D4B60FE641B86A8730DDB96CB3CE98AD09E4994D
SHA-512:	A2B454FD497ED64C8BEED5A122D3B936F7549D4B3D920163935352BEC1E18C0BE1525C058FC7F72537EF7F18B940F33E7A96BBAF497FA35C8F928E390BCD0131
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....>....+..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_Y.W....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y#W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_Y#W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_Y#W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_Y$W...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6[.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.006743472563923
Encrypted:	false
SSDEEP:
MD5:	3B180E6A155EE83DB1D6F778B758A52E
SHA1:	775E84B1A6B517057A7E3C543492C92313B94C15
SHA-256:	7B71ABAF29615C2D797EA1CED797230243C864A2EF7E78690FE692C6F2A50521
SHA-512:	198CC76B9F57C0FA6CB20AF0A73D6C53A806EA5C91F51F4556224C70A89416C5C3BE412953778482BB2897F3F7AC5DEA47B0B01FEB49BEE052E15FE20E54480B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_Y.W....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y#W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_Y#W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_Y#W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6[.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:57:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9933697933664636
Encrypted:	false
SSDEEP:
MD5:	06DBD63298A199CF690CB519E63ED667
SHA1:	188639C55C0E0F60106C6359E8D456811F218B73
SHA-256:	EBB98BCB55EB78BA93AE636B27109664D0CD82F666CCE51A30EBEF6E72E1BDF0
SHA-512:	A26D636E7CF829E2A0B3AB89186B7438231F739B147B8B16C7347E8452E88168A7F5A5C4175A24577ED642CDF5F726527FD7DCBF36AA00DDF5D86A9371936437
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....Mr.+..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_Y.W....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y#W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_Y#W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_Y#W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_Y$W...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6[.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:57:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985691938000557
Encrypted:	false
SSDEEP:
MD5:	F03BEC63D4911E988F6FAE2BB373B826
SHA1:	045D75CA11B2B6743F88A4340DFD2B2A30457CA5
SHA-256:	D1B23FE326BC35AC39730F9817099E9ABF79617CDE6DD591E275C2A0AB5BD27B
SHA-512:	B925E3B2056EE4DEF1C6E7096741BC1B33B0BF6CAE336015643488CB2F5F3DF648689CCCB6EEF150C3F904225B6BB33D07E994BA94EF1C9D8734D30AC82D13AB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........+..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_Y.W....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y#W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_Y#W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_Y#W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_Y$W...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6[.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 09:57:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.994542825500237
Encrypted:	false
SSDEEP:
MD5:	7EBE62D8FDD33C50013324EE8BEF774D
SHA1:	EC7582887A694509BEB5589BF3952BC6A9C0CCB9
SHA-256:	F5F5E7AA91D2B0ECDD57BD339A31C29AB98532E8631EBE068632C40B5F726205
SHA-512:	DE3DC3B1D48D1D57D07B98F08B53377324620BAB0DECF28F8ED67F3DEC967DCC0AEDBEECD04BC901E8AAEC6EBC8D9AF9F472D81F165AF341DCFD8CBF18F3F979
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......+..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I_Y.W....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_Y#W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V_Y#W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V_Y#W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V_Y$W...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6[.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (379), with no line terminators
Category:	downloaded
Size (bytes):	379
Entropy (8bit):	5.0932800928696835
Encrypted:	false
SSDEEP:
MD5:	FFF2572BC53F70A24F54BBF3A7E4DCD6
SHA1:	6852BFF426206071BD7D8C3B6075887274AE4BF2
SHA-256:	36637B6332EF8C9A51AD9962641E6F57A80693C21DF02D06CE67E538B663F3E4
SHA-512:	7DDCFFE3538CA0D22777FA7162986DAF7E25E7BAECA99BE7569DF79E5B6865A54CEEC5F0933FEAD420B9D3E28BD5353A8AC6F604F6CCF27201D240D0C382FA9F
Malicious:	false
Reputation:	unknown
URL:	https://t.co/IU0OeVJDt5
Preview:	<head><meta name="referrer" content="always"><noscript><META http-equiv="refresh" content="0;URL=http://o0nn8ra4fwt8mt.insightterrace.top?ywuiz9umdg86equfk59av"></noscript><title>http://o0nn8ra4fwt8mt.insightterrace.top?ywuiz9umdg86equfk59av</title></head><script>window.opener = null; location.replace("http:\/\/o0nn8ra4fwt8mt.insightterrace.top?ywuiz9umdg86equfk59av")</script>

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 2188
Category:	downloaded
Size (bytes):	957
Entropy (8bit):	7.796476379635605
Encrypted:	false
SSDEEP:
MD5:	0001A45561AAE71A17C4E9AF4DDDBB59
SHA1:	B3C4A0F8F7BE784333D686541E26A4A6E1D38EF5
SHA-256:	66CE8DB33DBFF5DC9A28C00D50B33C24BF11413489C6122C4402BA260A390E75
SHA-512:	0D0E48D7F5309AA5E3E8ACA47DF707BA28229FFD3DDD38A4B0046E4E0DDDE152F616C34FBA76C19D08979995A33D3C867F6C19E2E083232C945DA3D2D86AABB3
Malicious:	false
Reputation:	unknown
URL:	http://o0nn8ra4fwt8mt.insightterrace.top/robot/
Preview:	...........V[o.6.~V~......[.C...].l.k.xX.T."%1.H....E...%...}..IG.~.G'...............=@.Y.>.... )...@.b.@V.m.M......P.......Zi.C..e...8.eJ.g,h_..%....dD.t....,..-.l......G..I..;.cw{.`...../.9..rRq....x..Z..m.?.C....<.}._.l]h.H..\|....rS...r..G.#f..]...C.w...N=.\..r%Q.DS...^.[V...5..."...a4.G..Q....V.l...?C....~.....y.{.0.....YO.4Ji.t....f=?.Ud.6...L.v...u..So.M.zB6.....#..bE~....v......p~=8.Bk..............^..Z%O:..!....X.^r.y?..N. .d.{....t...c....H^.W..(.)....]M^....a.5;.=..../wz.l6.^.`0.q&......Q...r.....0=8..k..._...'..K..\|.D$...z........%Q.}...h......).@&.1.....s.Kr.+ -".>.f..XX.........a.)..b....K.#.E...h....u.E.#...b....W.b@.l...._.].V.........v3.Cq.5.N...{.E..R...Uk<....g....I].^....i....W....SH....]........".2.5x .....Q...v.."......&.a...L7m.M..E....`w5...3.QxY..PN{..-....\..kp2.$B..Q...[/....%e.U.....e.u.......L.ym....F.....*z.O'... A!...?.p..l......l.>..a..%.n.....'....\|.........

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8485)
Category:	downloaded
Size (bytes):	8491
Entropy (8bit):	5.77104439280657
Encrypted:	false
SSDEEP:
MD5:	AE8E2DDAE8AA1373BF37B93EFDE877A3
SHA1:	F61800043C60CF5ED9C11572BDB2AAE8E2D8A79D
SHA-256:	23BAA60185612EEFEAFC5EEB8850F0B55598493574454AF61C3C9A103705AC59
SHA-512:	B9B54CF8311AB00B0EF794E133F05652281F29BF7EF10BE8BBA5EF4612C49AF7DFAF7972AEC1985E23F616D4B8C778C34B1F55C82FB2009D3069459875BF1D72
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["the diplomat netflix","pok.mon tcg pocket","texas teacher certification","microsoft earnings q1 2025","golden state warriors pelicans","aew dynamite results grades","louisiana ragin cajuns football injury","season 1 black ops 6 zombies"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinfo":"Cg0vZy8xMXR4NXJkel93EiBUaGUgRGlwbG9tYXQg4oCUIFRocmlsbGVyIHNlcmllczKrEGRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWJBQUFEQVFFQUF3QUFBQUFBQUFBQUFBQUZCZ2NFQXdBQkNQL0VBRGdRQUFJQkF3TUNCQU1GQlFrQUFBQUFBQUVDQXdRRkVRQVNJUVl4RTBGUllTSnhnUWNVa2FHeEZTTXpRdkFXRnpKaWNvS2lzdEgv

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4386), with no line terminators
Category:	dropped
Size (bytes):	4386
Entropy (8bit):	5.220718084737945
Encrypted:	false
SSDEEP:
MD5:	2E83C49B37BDD1D72763257A388C05B8
SHA1:	22FC9B9E93EABC4F54DADC0F1F84F27B379CC48F
SHA-256:	7E4136A97B924F39B858CA3C29B9B826D66D08FC128EE5188530BA3318836B0E
SHA-512:	9110766F7706A68CFC3AED69BF6DF7AA71D9E6593B7BCC261A94C4D5BEC17AE8A4C661E6A57F9CF14D8BC5C354A05D49D837B163B770EC8D65C05A01DACB6864
Malicious:	false
Reputation:	unknown
Preview:	!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.mcaptchaGlue=t():e.mcaptchaGlue=t()}(self,(()=>{return e={260:function(e){var t;t=()=>(()=>{"use strict";var e={};return{166:function(e,t){var n,i=this&&this.__extends\|\|(n=function(e,t){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])},n(e,t)},function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function i(){this.constructor=e}n(e,t),e.prototype=null===t?Object.create(t):(i.prototype=t.prototype,new i)});Object.defineProperty(t,"__esModule",{value:!0}),t.ConfigurationError=void 0;var r=function(e){function t(){var t=null!==e&&e.apply(this,arguments)\|\|this;return t.message="Provide either widget link or site key to

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	92
Entropy (8bit):	4.688496604084424
Encrypted:	false
SSDEEP:
MD5:	DDA6A9BF091D412CBDC2226CE3EB1059
SHA1:	437E841F9374C52EE3D2A30ED5A8C80E86600FFE
SHA-256:	BEF140A1A96994029153DCA8C00B1750B9A5A764FB9DB2DC68D7BB40E8A29E8A
SHA-512:	F34EF98029367DF99202B9C78321923E4014847D30EFAD21C35705EB9D9DA018914D5A9F07F067E16BB343F41D63E736BA0A5780EA764A405726BDCF9F3480A8
Malicious:	false
Reputation:	unknown
URL:	http://similarbenefit.top/widget/?sitekey=Ar7yk6Sphijy8YXtv6r0l7cuW3pERAdP
Preview:	<html><body><h1>504 Gateway Time-out</h1>.The server didn't respond in time..</body></html>.

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	B9C851D1C81E864D111510E5D1A1E2F9
SHA1:	0F08DC93ACDBBF85898FCD6F2150EDEDDFD343B1
SHA-256:	F76B74F9F0970BFD035A35C34B7000F425B485149EDF35A1E2EF0183A6CA4CFC
SHA-512:	A5DC12309EEE208773DF84CB8C59C8E4257A4D0A9561599E170E82251A1E7150BBC3497D66076AE14BBA0AAE5EED58D1EBCC5CAF553E65B36DE82AD0C11BF92E
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkG_EKHklBceBIFDXpuF-M=?alt=proto
Preview:	CgkKBw16bhfjGgA=

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://t.co/IU0OeVJDt5

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 58

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Static File Info

Windows Analysis Report
https://t.co/IU0OeVJDt5