Edit tour
Windows
Analysis Report
http://poubnxu3jubz.top/1.php
Overview
General Information
| Sample URL: | http://poubnxu3jubz.top/1.php |
| Analysis ID: | 1580501 |
| Infos: | |
 | |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Suricata IDS alerts for network traffic
Creates files inside the system directory
Deletes files inside the Windows folder
Classification
- System is w11x64_office
chrome.exe (PID: 5616 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 290DF23002E9B52249B5549F0C668A86) - chrome.exe (PID: 6932 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --string-a nnotations =is-enterp rise-manag ed=no --fi eld-trial- handle=217 2,i,127425 5120330829 1219,16118 3853104513 27173,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction - -variation s-seed-ver sion=20241 208-180523 .718000 -- mojo-platf orm-channe l-handle=2 188 /prefe tch:11 MD5: 290DF23002E9B52249B5549F0C668A86)
- chrome.exe (PID: 7304 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://poubnx u3jubz.top /1.php" MD5: 290DF23002E9B52249B5549F0C668A86)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-24T19:39:15.962041+0100 | 2859404 | 1 | Domain Observed Used for C2 Detected | 192.168.2.24 | 56392 | 1.1.1.1 | 53 | UDP |
| 2024-12-24T19:39:15.962284+0100 | 2859404 | 1 | Domain Observed Used for C2 Detected | 192.168.2.24 | 52830 | 1.1.1.1 | 53 | UDP |
| 2024-12-24T19:39:15.987240+0100 | 2859404 | 1 | Domain Observed Used for C2 Detected | 192.168.2.24 | 49367 | 1.1.1.1 | 53 | UDP |
| 2024-12-24T19:39:15.987515+0100 | 2859404 | 1 | Domain Observed Used for C2 Detected | 192.168.2.24 | 50483 | 1.1.1.1 | 53 | UDP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||