Windows Analysis Report
THEPIRATEBAY.ORG.url

Overview

General Information

Sample name: THEPIRATEBAY.ORG.url
Analysis ID: 1636617
MD5: 56a3476c2d04ec39fce8b8134abded19
SHA1: 346a6c4e30ca6845e8f26ed73aa2239eee993d30
SHA256: d4cab95b4263498d6abeb482de2ac30e7c6706999b30c9f47d5da8bfed77f53a
Infos:

Detection

Score: 20
Range: 0 - 100
Confidence: 100%

Signatures

Found Tor onion address
IP address seen in connection with other malware

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Source: https://thepiratebay.org/index.html HTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\scoped_dir7764_386169013 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\chrome_BITS_7764_699731785 Jump to behavior

Networking

barindex
Source: chromecache_54.2.dr String found in binary or memory: <a href="http://piratebayo3klnzokct3wt5yyxb2vpebbuyjl7m623iaxmqhsd52coid.onion" title="tor address">TOR (New v3)</a> |
Source: chromecache_49.2.dr String found in binary or memory: '<a href="http://piratebayo3klnzokct3wt5yyxb2vpebbuyjl7m623iaxmqhsd52coid.onion" title="tor address">TOR (New v3)</a> |\n',
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: unknown TCP traffic detected without corresponding DNS query: 23.44.203.181
Source: unknown TCP traffic detected without corresponding DNS query: 104.126.116.40
Source: unknown TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.152.22
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.152.22
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: global traffic HTTP traffic detected: GET /LvSYkIeF9fKDIcKpTKA3 HTTP/1.1Host: thepiratebay.orgConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /index.html HTTP/1.1Host: thepiratebay.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/main.js HTTP/1.1Host: thepiratebay.orgConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://thepiratebay.org/index.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?tqlrd=908284 HTTP/1.1Host: d9r4lqt28t1fm.cloudfront.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://thepiratebay.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: thepiratebay.orgConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thepiratebay.org/index.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: thepiratebay.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: thepiratebay.org
Source: global traffic DNS traffic detected: DNS query: torrindex.net
Source: global traffic DNS traffic detected: DNS query: d9r4lqt28t1fm.cloudfront.net
Source: global traffic DNS traffic detected: DNS query: getrunkhomuto.info
Source: global traffic DNS traffic detected: DNS query: neyandfartooma.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic TCP traffic: 192.168.11.20:56756 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:56756 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:56756 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:56756 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:59687 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:59687 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:59687 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:59687 -> 239.255.255.250:1900
Source: chromecache_49.2.dr String found in binary or memory: http://ikeanangelsaidthe.com/redirect?tid=858335
Source: chromecache_54.2.dr, chromecache_49.2.dr String found in binary or memory: http://piratebayo3klnzokct3wt5yyxb2vpebbuyjl7m623iaxmqhsd52coid.onion
Source: chromecache_49.2.dr String found in binary or memory: https://a.exdynsrv.com/fp-interstitial.js
Source: chromecache_49.2.dr String found in binary or memory: https://a.exosrv.com/fp-interstitial.js
Source: chromecache_49.2.dr String found in binary or memory: https://apibay.org
Source: chromecache_54.2.dr, chromecache_49.2.dr String found in binary or memory: https://bitcoin.org
Source: chromecache_54.2.dr, chromecache_49.2.dr String found in binary or memory: https://ethereum.org
Source: chromecache_54.2.dr String found in binary or memory: https://forum.suprbay.org/Thread-New-TPB-accounts-available
Source: chromecache_54.2.dr, chromecache_49.2.dr String found in binary or memory: https://getmonero.org
Source: chromecache_54.2.dr, chromecache_49.2.dr String found in binary or memory: https://litecoin.org
Source: chromecache_54.2.dr, chromecache_49.2.dr String found in binary or memory: https://pirates-forum.org/
Source: THEPIRATEBAY.ORG.url String found in binary or memory: https://thepiratebay.org/LvSYkIeF9fKDIcKpTKA3
Source: chromecache_54.2.dr String found in binary or memory: https://thepiratebay.org/static/main.js
Source: chromecache_49.2.dr String found in binary or memory: https://thepiratebay.org/token.html
Source: chromecache_49.2.dr String found in binary or memory: https://torrindex.net
Source: chromecache_54.2.dr String found in binary or memory: https://torrindex.net/images/tpb.jpg
Source: chromecache_54.2.dr String found in binary or memory: https://torrindex.net/static/normalize.css
Source: chromecache_54.2.dr String found in binary or memory: https://torrindex.net/static/tpb.css
Source: chromecache_49.2.dr String found in binary or memory: https://www.imdb.com/title/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49684 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: classification engine Classification label: sus20.evad.winURL@15/17@20/11
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\scoped_dir7764_386169013 Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://thepiratebay.org/LvSYkIeF9fKDIcKpTKA3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2212,i,13490201176790547744,8211134972617638317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2224 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2212,i,13490201176790547744,8211134972617638317,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2224 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\scoped_dir7764_386169013 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\chrome_BITS_7764_699731785 Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs