Edit tour

Windows Analysis Report
https://gemini-loogin.webflow.io/

Overview

General Information

Sample URL:	https://gemini-loogin.webflow.io/
Analysis ID:	1637948
Infos:

Errors URL not reachable

Detection

Score:	52
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected suspicious URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,15301946799802338618,8132495871975699470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gemini-loogin.webflow.io/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Joe Sandbox Signatures

• AV Detection
• Phishing
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://gemini-loogin.webflow.io/

Avira URL Cloud: detection malicious, Label: phishing

Phishing

AI detected suspicious URL

Source: https://gemini-loogin.webflow.io

Joe Sandbox AI: The URL 'https://gemini-loogin.webflow.io' appears to be a typosquatting attempt targeting the known cryptocurrency exchange brand 'Gemini'. The legitimate URL for Gemini is 'https://www.gemini.com'. The analyzed URL uses a subdomain 'gemini-loogin' which includes a misspelling of 'login' as 'loogin', a common tactic in typosquatting to deceive users. The use of 'webflow.io' as the domain extension is not inherently suspicious, as Webflow is a legitimate platform for hosting websites. However, the combination of the misspelled subdomain and the known brand name suggests an attempt to confuse users into thinking they are accessing a legitimate Gemini login page. The similarity score is high due to the structural resemblance and character-level similarity to the legitimate brand URL, and the likelihood of user confusion is significant, leading to a high spoofed score.

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: gemini-loogin.webflow.io

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal52.win@24/0@4/3

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,15301946799802338618,8132495871975699470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gemini-loogin.webflow.io/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,15301946799802338618,8132495871975699470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://gemini-loogin.webflow.io/	100%	Avira URL Cloud	phishing

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	172.217.18.4	true	false		high
gemini-loogin.webflow.io	172.64.151.8	true	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.217.18.4	www.google.com	United States		15169	GOOGLEUS	false
172.64.151.8	gemini-loogin.webflow.io	United States		13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637948
Start date and time:	2025-03-14 01:27:53 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 1m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://gemini-loogin.webflow.io/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@24/0@4/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.181.238, 142.250.186.46, 108.177.15.84
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://gemini-loogin.webflow.io/

Total Packets: 118
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:28:45.419621944 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:28:45.747003078 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:28:46.356393099 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:28:47.559648037 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:28:50.090907097 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:28:52.084781885 CET	49707	443	192.168.2.6	172.217.18.4
Mar 14, 2025 01:28:52.084817886 CET	443	49707	172.217.18.4	192.168.2.6
Mar 14, 2025 01:28:52.084978104 CET	49707	443	192.168.2.6	172.217.18.4
Mar 14, 2025 01:28:52.085315943 CET	49707	443	192.168.2.6	172.217.18.4
Mar 14, 2025 01:28:52.085330009 CET	443	49707	172.217.18.4	192.168.2.6
Mar 14, 2025 01:28:52.285603046 CET	443	49707	172.217.18.4	192.168.2.6
Mar 14, 2025 01:28:52.286322117 CET	49708	443	192.168.2.6	172.217.18.4
Mar 14, 2025 01:28:52.286374092 CET	443	49708	172.217.18.4	192.168.2.6
Mar 14, 2025 01:28:52.286663055 CET	49708	443	192.168.2.6	172.217.18.4
Mar 14, 2025 01:28:52.286804914 CET	49708	443	192.168.2.6	172.217.18.4
Mar 14, 2025 01:28:52.286818027 CET	443	49708	172.217.18.4	192.168.2.6
Mar 14, 2025 01:28:52.485250950 CET	443	49708	172.217.18.4	192.168.2.6
Mar 14, 2025 01:28:53.570466995 CET	49711	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.570492983 CET	443	49711	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:53.570568085 CET	49711	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.570673943 CET	49712	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.570712090 CET	443	49712	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:53.570775986 CET	49712	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.571294069 CET	49712	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.571310043 CET	443	49712	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:53.571685076 CET	49711	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.571700096 CET	443	49711	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:53.706440926 CET	49713	443	192.168.2.6	23.60.203.209
Mar 14, 2025 01:28:53.706480026 CET	443	49713	23.60.203.209	192.168.2.6
Mar 14, 2025 01:28:53.706607103 CET	49713	443	192.168.2.6	23.60.203.209
Mar 14, 2025 01:28:53.708499908 CET	49713	443	192.168.2.6	23.60.203.209
Mar 14, 2025 01:28:53.708513975 CET	443	49713	23.60.203.209	192.168.2.6
Mar 14, 2025 01:28:53.709156990 CET	443	49713	23.60.203.209	192.168.2.6
Mar 14, 2025 01:28:53.715075970 CET	49714	443	192.168.2.6	23.60.203.209
Mar 14, 2025 01:28:53.715111971 CET	443	49714	23.60.203.209	192.168.2.6
Mar 14, 2025 01:28:53.715225935 CET	49714	443	192.168.2.6	23.60.203.209
Mar 14, 2025 01:28:53.715754986 CET	49714	443	192.168.2.6	23.60.203.209
Mar 14, 2025 01:28:53.715769053 CET	443	49714	23.60.203.209	192.168.2.6
Mar 14, 2025 01:28:53.716175079 CET	443	49714	23.60.203.209	192.168.2.6
Mar 14, 2025 01:28:53.716667891 CET	49715	443	192.168.2.6	23.60.203.209
Mar 14, 2025 01:28:53.716711998 CET	443	49715	23.60.203.209	192.168.2.6
Mar 14, 2025 01:28:53.716975927 CET	49715	443	192.168.2.6	23.60.203.209
Mar 14, 2025 01:28:53.717495918 CET	49715	443	192.168.2.6	23.60.203.209
Mar 14, 2025 01:28:53.717533112 CET	443	49715	23.60.203.209	192.168.2.6
Mar 14, 2025 01:28:53.717611074 CET	49715	443	192.168.2.6	23.60.203.209
Mar 14, 2025 01:28:53.769004107 CET	443	49711	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:53.769653082 CET	49716	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.769687891 CET	443	49716	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:53.769900084 CET	49716	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.770267010 CET	49716	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.770281076 CET	443	49716	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:53.770919085 CET	443	49712	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:53.771507025 CET	49717	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.771538019 CET	443	49717	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:53.771663904 CET	49717	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.771998882 CET	49717	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:53.772017956 CET	443	49717	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:53.970026970 CET	443	49716	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:53.970074892 CET	443	49717	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:54.072294950 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:28:54.373944998 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:28:54.903868914 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:28:54.981987953 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:28:55.028435946 CET	49721	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.028492928 CET	443	49721	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:55.028561115 CET	49721	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.028768063 CET	49722	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.028827906 CET	443	49722	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:55.028887033 CET	49722	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.029166937 CET	49721	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.029185057 CET	443	49721	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:55.029442072 CET	49722	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.029459000 CET	443	49722	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:55.228914976 CET	443	49722	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:55.229469061 CET	49723	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.229497910 CET	443	49721	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:55.229511023 CET	443	49723	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:55.229582071 CET	49723	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.229836941 CET	49724	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.229872942 CET	443	49724	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:55.229931116 CET	49724	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.230194092 CET	49723	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.230211973 CET	443	49723	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:55.230597019 CET	49724	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:28:55.230611086 CET	443	49724	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:55.429164886 CET	443	49724	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:55.429883003 CET	443	49723	172.64.151.8	192.168.2.6
Mar 14, 2025 01:28:56.191704988 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:28:58.595628023 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:29:00.223125935 CET	49725	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.223191023 CET	443	49725	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:00.223278046 CET	49725	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.223575115 CET	49726	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.223622084 CET	443	49726	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:00.223683119 CET	49726	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.224319935 CET	49725	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.224333048 CET	443	49725	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:00.224616051 CET	49726	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.224632978 CET	443	49726	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:00.425338030 CET	443	49726	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:00.425867081 CET	443	49725	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:00.426261902 CET	49727	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.426310062 CET	443	49727	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:00.426390886 CET	49727	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.426803112 CET	49728	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.426845074 CET	443	49728	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:00.426960945 CET	49728	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.427246094 CET	49727	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.427262068 CET	443	49727	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:00.427661896 CET	49728	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:00.427679062 CET	443	49728	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:00.625062943 CET	443	49728	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:00.625169992 CET	443	49727	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:03.398380995 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:29:03.445370913 CET	49733	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.445409060 CET	443	49733	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.445480108 CET	49733	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.446867943 CET	49733	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.446880102 CET	443	49733	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.447424889 CET	443	49733	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.451306105 CET	49734	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.451325893 CET	443	49734	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.451395035 CET	49734	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.451776981 CET	49734	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.451786041 CET	443	49734	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.452126026 CET	443	49734	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.494169950 CET	49735	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.494216919 CET	443	49735	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.494276047 CET	49735	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.494549036 CET	49735	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.494565010 CET	443	49735	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.494982958 CET	443	49735	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.512778044 CET	49736	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.512797117 CET	443	49736	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.512908936 CET	49736	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.513303041 CET	49736	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.513313055 CET	443	49736	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.513695002 CET	443	49736	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.547414064 CET	49737	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.547456980 CET	443	49737	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.547523975 CET	49737	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.547945023 CET	49737	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.547960043 CET	443	49737	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.548388004 CET	443	49737	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.564413071 CET	49738	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.564455986 CET	443	49738	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.564519882 CET	49738	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.564827919 CET	49738	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.564846039 CET	443	49738	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.565249920 CET	443	49738	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.606823921 CET	49739	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.606856108 CET	443	49739	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.606909037 CET	49739	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.607378006 CET	49739	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.607388973 CET	443	49739	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.607762098 CET	443	49739	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.610398054 CET	49740	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.610410929 CET	443	49740	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.610460043 CET	49740	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.610759020 CET	49740	443	192.168.2.6	4.245.163.56
Mar 14, 2025 01:29:03.610769033 CET	443	49740	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:03.611104965 CET	443	49740	4.245.163.56	192.168.2.6
Mar 14, 2025 01:29:04.513354063 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:29:05.647779942 CET	49741	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.647845030 CET	443	49741	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:05.647917032 CET	49741	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.648107052 CET	49742	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.648134947 CET	443	49742	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:05.648181915 CET	49742	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.648682117 CET	49742	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.648696899 CET	443	49742	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:05.649184942 CET	49741	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.649226904 CET	443	49741	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:05.849520922 CET	443	49742	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:05.850044012 CET	49743	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.850085974 CET	443	49743	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:05.850171089 CET	49743	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.850564003 CET	49743	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.850583076 CET	443	49743	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:05.850936890 CET	443	49741	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:05.851356030 CET	49744	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.851393938 CET	443	49744	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:05.851464987 CET	49744	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.851752043 CET	49744	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:05.851763964 CET	443	49744	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:06.049061060 CET	443	49743	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:06.053808928 CET	443	49744	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.047698021 CET	49745	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.047748089 CET	443	49745	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.047858000 CET	49745	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.048119068 CET	49746	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.048160076 CET	443	49746	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.048289061 CET	49746	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.048516989 CET	49745	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.048530102 CET	443	49745	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.049042940 CET	49746	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.049066067 CET	443	49746	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.249581099 CET	443	49746	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.249725103 CET	443	49745	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.250302076 CET	49747	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.250360012 CET	443	49747	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.250533104 CET	49747	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.250787973 CET	49748	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.250830889 CET	443	49748	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.250890970 CET	49748	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.251185894 CET	49747	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.251204014 CET	443	49747	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.251460075 CET	49748	443	192.168.2.6	172.64.151.8
Mar 14, 2025 01:29:08.251476049 CET	443	49748	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.449173927 CET	443	49747	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:08.449193954 CET	443	49748	172.64.151.8	192.168.2.6
Mar 14, 2025 01:29:13.013484001 CET	49678	443	192.168.2.6	20.42.65.91

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:28:48.237350941 CET	53	65030	1.1.1.1	192.168.2.6
Mar 14, 2025 01:28:48.271768093 CET	53	63774	1.1.1.1	192.168.2.6
Mar 14, 2025 01:28:52.076802015 CET	54045	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:28:52.076998949 CET	62882	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:28:52.083673954 CET	53	62882	1.1.1.1	192.168.2.6
Mar 14, 2025 01:28:52.083899975 CET	53	54045	1.1.1.1	192.168.2.6
Mar 14, 2025 01:28:53.557802916 CET	63878	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:28:53.558021069 CET	52953	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:28:53.568789959 CET	53	52953	1.1.1.1	192.168.2.6
Mar 14, 2025 01:28:53.569489956 CET	53	63878	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 14, 2025 01:28:52.076802015 CET	192.168.2.6	1.1.1.1	0xc49b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:28:52.076998949 CET	192.168.2.6	1.1.1.1	0x9a65	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 14, 2025 01:28:53.557802916 CET	192.168.2.6	1.1.1.1	0x211d	Standard query (0)	gemini-loogin.webflow.io	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:28:53.558021069 CET	192.168.2.6	1.1.1.1	0xad71	Standard query (0)	gemini-loogin.webflow.io	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 14, 2025 01:28:52.083673954 CET	1.1.1.1	192.168.2.6	0x9a65	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 14, 2025 01:28:52.083899975 CET	1.1.1.1	192.168.2.6	0xc49b	No error (0)	www.google.com	172.217.18.4	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:28:53.568789959 CET	1.1.1.1	192.168.2.6	0xad71	No error (0)	gemini-loogin.webflow.io		65	IN (0x0001)	false
Mar 14, 2025 01:28:53.569489956 CET	1.1.1.1	192.168.2.6	0x211d	No error (0)	gemini-loogin.webflow.io	172.64.151.8	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:28:53.569489956 CET	1.1.1.1	192.168.2.6	0x211d	No error (0)	gemini-loogin.webflow.io	104.18.36.248	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	20:28:44
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	20:28:45
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,15301946799802338618,8132495871975699470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	20:28:52
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gemini-loogin.webflow.io/"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://gemini-loogin.webflow.io/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2596, Parent PID: 3484

General

File Activities

File Opened

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Process Terminated

Thread Activities

Thread Terminated

Memory Activities

Memory Usage Statistics

Timing Activities

Windows Analysis Report
https://gemini-loogin.webflow.io/