Windows
Analysis Report
http://prebid.cootlogix.com
Overview
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64_ra
chrome.exe (PID: 6380 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 6868 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2036 --fi eld-trial- handle=195 2,i,108091 6227438588 6494,99205 7939529485 1357,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
chrome.exe (PID: 6660 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://prebid .cootlogix .com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
- • Phishing
- • Compliance
- • Networking
- • System Summary
- • Boot Survival
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.181.132 | true | false | high | |
vidazoo-openrtb-prebid-p-us-nyc1b-lb.vidazoo.services | 104.248.109.184 | true | false | unknown | |
prebid.cootlogix.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.19.206 | unknown | United States | 15169 | GOOGLEUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.217.17.35 | unknown | United States | 15169 | GOOGLEUS | false | |
172.217.21.35 | unknown | United States | 15169 | GOOGLEUS | false | |
64.233.162.84 | unknown | United States | 15169 | GOOGLEUS | false | |
104.248.109.184 | vidazoo-openrtb-prebid-p-us-nyc1b-lb.vidazoo.services | United States | 14061 | DIGITALOCEAN-ASNUS | false | |
142.250.181.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.23 |
192.168.2.16 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1577929 |
Start date and time: | 2024-12-18 21:45:27 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | http://prebid.cootlogix.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@17/6@4/104 |
- Exclude process from analysis
(whitelisted): svchost.exe - Excluded IPs from analysis (wh
itelisted): 172.217.21.35, 172 .217.19.206, 64.233.162.84, 17 2.217.17.46 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, clients2.google.com, accou nts.google.com, redirector.gvt 1.com, clientservices.googleap is.com, clients.l.google.com - Not all processes where analyz
ed, report is missing behavior information - VT rate limit hit for: http:/
/prebid.cootlogix.com
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9880564800736726 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4A341F425628E13B4D09A41DE08967AD |
SHA1: | 30D18163539D9558F189422CE9F56BB3E9037323 |
SHA-256: | 8DF3FE0CD7D31F926B4FEBB991A1223A8AE1FB9A7B7EDC462DB54D50CB9D7690 |
SHA-512: | F598280D6559DB62C734F78C39134BC365AB29218652FB2F2CE6EB1951E04BF934E7E612B1EB4F003C92B60BEF95D2D4A36FD09FCA21EB85A7C3495E0649B4AB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.002649224961423 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7A4507FD5D1A02AF568D9FA98FC72A31 |
SHA1: | 0C3AE8A998D988660E4AEE96772C001E02ADEC8D |
SHA-256: | 3459EAC99C254F88AD5B76D1692534AC238E5A324AD4B2EC3068A057822F9361 |
SHA-512: | 5D8CEDB40D406F74C4DCC31211E5FFD8328F4831D52CA56A458B47D957BFA910C56A54E96DD85BD2D9EB1E8D5DB430E40098897C959C406ADF019E1B9D1402F7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.009444034125048 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9318AD67FDD1D94049DE12620BCB21AD |
SHA1: | FF4B2BB790D250580B2C994BFAE59FA704AE82D5 |
SHA-256: | DEEB8984293539736776F5C22DAD33456994953D13D8E84C816BC4CA95941114 |
SHA-512: | F4736D4A11A737AEB548A574CE72AA41527D322A0BBB9286CC98F2542088B3CC02A2FFECF1EB2F8CCDBB6A1A0BFF8BA8D26EA7B7EC14808973992BA17996262D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.000775684154487 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4576041E43A9C2F1F0EE97306C098D59 |
SHA1: | 8497D42B4BFF51328A10744F19D99C0A44213D55 |
SHA-256: | A7FE73A4A286FB2E1DD464A07E75CD0756A0BF242981B257F54BDA132E57B5DD |
SHA-512: | E73E1E87EA9440314591C94B4B411F935528B13091D1C891DFEF26B720AC843FFDBFFE2063FF5FE17DFC80B1396E66C6F56D540AFD0DAE3AA27DB1F70F6613A3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9897424865569113 |
Encrypted: | false |
SSDEEP: | |
MD5: | 69B86B11898D57736E594653955BC720 |
SHA1: | 8DD6F16279A01837E1B0E3513A902FD93EACF0C1 |
SHA-256: | EAC516978B463BAA365B90CCD45EBBB4A97D6E2095DC66EBC1C1FCCC3844D60E |
SHA-512: | 0F3720CC7918F4C974AD59054ADAE2F27ED363BDC594DFDDB08C1033B24E9316D8DB9276593E6C00DA6816915AECB61D6B8CF73E86D253BE5122F7589C6725FB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.999578168098653 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9C534BCB6919DE4E7CDFF31CCCF9F218 |
SHA1: | 4EF42F035FF360A785D3DE3C5004825190600BAC |
SHA-256: | FE0D511B789093E455B12352582372A6538C39C7DCBA4E67E49DFEDFCA37A4B3 |
SHA-512: | F8A7DD7A00667D231A0B1BE355A02D81B6E145C190189287037475013898E2CEE481E07CDAC324C50CFCE28EEE31667A6A8C236D9941FC5ACB1E0E968E07696E |
Malicious: | false |
Reputation: | unknown |
Preview: |