Windows Analysis Report
http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250

Overview

General Information

Sample URL: http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250
Analysis ID: 1579939
Infos:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Stores files to the Windows start menu directory

Classification

Source: http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250 HTTP Parser: No favicon
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKConnection: keep-aliveContent-Length: 2627x-amz-id-2: rKbOKfgMab8xKSz3SfTa2qHS1QJF3pHFO6EspB7hlDWiSGLSAHs01cnbl2BjTcpd496g0Eqiqec=x-amz-request-id: F09VKN96PPX5RSR2x-amz-replication-status: COMPLETEDLast-Modified: Wed, 27 Nov 2024 08:24:17 GMTETag: "3ffc582f0c3f81c6ef140022ef1586a4"x-amz-server-side-encryption: AES256x-amz-version-id: CapRsOn9v90X3X7orZ.OIau1RDcNjjWoContent-Type: text/htmlServer: AmazonS3Content-Encoding: gzipAccept-Ranges: bytesDate: Mon, 23 Dec 2024 15:12:19 GMTVia: 1.1 varnishAge: 89X-Served-By: cache-ewr-kewr1740073-EWRX-Cache: HITX-Cache-Hits: 2X-Timer: S1734966740.796105,VS0,VE0Cache-Control: private,max-age=14400Vary: Accept-Encodingabp: 77Access-Control-Allow-Origin: *Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 5a 59 73 db 38 12 7e cf af 40 34 55 26 b5 b1 28 cf ce 53 7c a5 12 47 19 67 d6 47 d6 56 2a bb e5 b8 5c 10 09 53 18 f3 0a 00 da d6 c6 fe ef db 0d 90 12 0f 90 92 2b 2a 97 25 01 8d 46 5f f8 ba 1b d4 fe eb 8f e7 47 d3 ff 7e 99 90 b9 8a a3 c3 57 fb e5 1b a3 c1 e1 2b 02 af 7d e9 0b 9e 29 42 e5 22 f1 89 14 fe c1 60 ae 54 26 77 c7 63 3f 48 3c 45 67 69 1a 51 cf 4f e3 31 7b 54 63 35 f3 bd bf e5 e0 70 7f 6c d6 d5 98 98 2f f8 ba cd 13 5f f1 34 21 be 60 54 b1 a9 e1 32 a5 a1 3b 24 3f 97 54 35 ca 1e 1a 7c 29 b1 68 0f e2 4b b0 2c 15 ea 94 29 c1 7d d7 09 fc 68 54 c8 0c ef e1 48 ef 0f ec 47 52 51 a1 9c e1 9e 95 c7 3d 15 84 45 2c 66 89 22 07 e4 82 dd 46 cc 57 a0 73 22 95 c8 7d e5 1e 4f 4f 4f 26 66 7e 9b 5c 5d 6f 57 84 ed e1 28 e7 34 48 1f 80 61 c1 da a3 4a 51 7f 7e a9 87 dd 9f 71 1a b0 5d e2 a4 19 4b 9c e7 1e 36 11 4f ee 80 49 90 fa b9 e6 62 4c 5a 88 e3 3a b4 4f 29 1e 87 3d 4b 61 16 17 5b 57 e3 ae 1e cd 40 b8 e0 68 ce a3 c0 05 e2 8e 8d 8c 9e 35 62 5c dd c5 b9 b4 c6 4d a1 18 be d9 19 2f 29 8d 1a f0 bf 83 a5 60 2a 17 49 49 df 66 f6 dc 1a f1 a9 f2 e7 2e 1b f6 c5 d4 44 88 54 b8 8e 7e 23 0f a0 17 33 e1 cc 93 b0 12 00 c4 21 6f 08 b3 98 a6 be e9 f3 2b 7b d8 73 79 99 67 b8 1b 0b 3e 88 f4 41 32 61 0d ff 42 c3 07 9e a0 a9 8b 08 25 5b 5b e5 88 9f 4b 95 c6 85 67 65 e7 84 17 b0 5b 9e b0 bd 0d 45 5b 69 f9 3e 02 cd 83 c5 e4 91 4b b5 81 80 8d 5d 43 06 d1 56 39 96 cd 90 ad 9b aa ff Data Ascii: ZYs8~@4U&(S|GgGV*\S+*%F_G~W+})B"`T&wc?H<EgiQO1{Tc5pl/_4!`T2;$?T5|)hK,)}hTHGRQ=E,f"FWs"}OOO&f~\]oW(4HaJQ~q]K6OIbLZ:O)=Ka[W@h5b\M/)`*IIf.DT~#3!o+{syg>A2aB%[[Kge[E[i>K]CV9
Source: global traffic HTTP traffic detected: GET /ext/tbc.js HTTP/1.1Host: cdn.taboola.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://cdn.taboola-display.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ext/tbc.js HTTP/1.1Host: cdn.taboola.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ext/dynamic-content-loader.html?w=970&h=250 HTTP/1.1Host: cdn.taboola-display.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.taboola-display.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: cdn.taboola-display.com
Source: global traffic DNS traffic detected: DNS query: cdn.taboola.com
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: classification engine Classification label: clean0.win@16/11@8/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2244,i,11750037861215018856,8548424136790881556,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2244,i,11750037861215018856,8548424136790881556,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs