Edit tour

Windows Analysis Report
https://kucoinuxlogin.webflow.io/

Overview

General Information

Sample URL:	https://kucoinuxlogin.webflow.io/
Analysis ID:	1637949
Infos:

Errors URL not reachable

Detection

Score:	52
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected suspicious URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,14816279118109633960,6743079271261266847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2300 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kucoinuxlogin.webflow.io/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Joe Sandbox Signatures

• AV Detection
• Phishing
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://kucoinuxlogin.webflow.io/

Avira URL Cloud: detection malicious, Label: phishing

Phishing

AI detected suspicious URL

Source: https://kucoinuxlogin.webflow.io

Joe Sandbox AI: The URL 'kucoinuxlogin.webflow.io' appears to be attempting to mimic the legitimate cryptocurrency exchange platform KuCoin. The use of 'kucoin' in the subdomain suggests an attempt to associate with the known brand. The addition of 'uxlogin' could be interpreted as a structural change to imply a login page, which is a common tactic in phishing attempts. The domain 'webflow.io' is a legitimate platform for web hosting and design, which could be used for unrelated purposes, but in this context, it adds to the suspicion due to the subdomain's construction. The similarity score is high due to the use of the brand name and the structural implication of a login page, which could confuse users. The likelihood of typosquatting is also high given these factors.

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: kucoinuxlogin.webflow.io

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal52.win@21/0@4/3

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,14816279118109633960,6743079271261266847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2300 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kucoinuxlogin.webflow.io/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,14816279118109633960,6743079271261266847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2300 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://kucoinuxlogin.webflow.io/	100%	Avira URL Cloud	phishing

Name	IP	Active	Malicious	Antivirus Detection	Reputation
kucoinuxlogin.webflow.io	172.64.151.8	true	true		unknown
www.google.com	172.217.18.4	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.217.18.4	www.google.com	United States		15169	GOOGLEUS	false
172.64.151.8	kucoinuxlogin.webflow.io	United States		13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637949
Start date and time:	2025-03-14 01:28:54 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://kucoinuxlogin.webflow.io/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@21/0@4/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): RuntimeBroker.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.35, 172.217.18.14, 142.250.185.238, 64.233.184.84, 2.23.77.188
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://kucoinuxlogin.webflow.io/

Total Packets: 115
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:29:52.099981070 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 01:29:52.521128893 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 01:29:53.222596884 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 01:29:54.425717115 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 01:29:55.226161003 CET	49733	443	192.168.2.4	172.217.18.4
Mar 14, 2025 01:29:55.226203918 CET	443	49733	172.217.18.4	192.168.2.4
Mar 14, 2025 01:29:55.226280928 CET	49733	443	192.168.2.4	172.217.18.4
Mar 14, 2025 01:29:55.226636887 CET	49733	443	192.168.2.4	172.217.18.4
Mar 14, 2025 01:29:55.226646900 CET	443	49733	172.217.18.4	192.168.2.4
Mar 14, 2025 01:29:55.425853014 CET	443	49733	172.217.18.4	192.168.2.4
Mar 14, 2025 01:29:55.486399889 CET	49734	443	192.168.2.4	172.217.18.4
Mar 14, 2025 01:29:55.486442089 CET	443	49734	172.217.18.4	192.168.2.4
Mar 14, 2025 01:29:55.486772060 CET	49734	443	192.168.2.4	172.217.18.4
Mar 14, 2025 01:29:55.487071037 CET	49734	443	192.168.2.4	172.217.18.4
Mar 14, 2025 01:29:55.487086058 CET	443	49734	172.217.18.4	192.168.2.4
Mar 14, 2025 01:29:55.685128927 CET	443	49734	172.217.18.4	192.168.2.4
Mar 14, 2025 01:29:56.832370996 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 01:29:58.012841940 CET	49738	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.012904882 CET	443	49738	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:58.012986898 CET	49738	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.013154984 CET	49739	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.013206959 CET	443	49739	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:58.013259888 CET	49739	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.013689041 CET	49738	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.013708115 CET	443	49738	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:58.014055014 CET	49739	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.014070034 CET	443	49739	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:58.213274002 CET	443	49739	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:58.213591099 CET	443	49738	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:58.218839884 CET	49740	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.218883991 CET	443	49740	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:58.218959093 CET	49740	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.219078064 CET	49741	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.219141006 CET	443	49741	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:58.219209909 CET	49741	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.219351053 CET	49740	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.219362974 CET	443	49740	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:58.219579935 CET	49741	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:58.219598055 CET	443	49741	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:58.416941881 CET	443	49740	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:58.417660952 CET	443	49741	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.250962973 CET	49745	443	192.168.2.4	2.16.185.191
Mar 14, 2025 01:29:59.251000881 CET	443	49745	2.16.185.191	192.168.2.4
Mar 14, 2025 01:29:59.251200914 CET	49745	443	192.168.2.4	2.16.185.191
Mar 14, 2025 01:29:59.260397911 CET	49745	443	192.168.2.4	2.16.185.191
Mar 14, 2025 01:29:59.260413885 CET	443	49745	2.16.185.191	192.168.2.4
Mar 14, 2025 01:29:59.261042118 CET	443	49745	2.16.185.191	192.168.2.4
Mar 14, 2025 01:29:59.265330076 CET	49746	443	192.168.2.4	2.16.185.191
Mar 14, 2025 01:29:59.265364885 CET	443	49746	2.16.185.191	192.168.2.4
Mar 14, 2025 01:29:59.265464067 CET	49746	443	192.168.2.4	2.16.185.191
Mar 14, 2025 01:29:59.265686035 CET	49746	443	192.168.2.4	2.16.185.191
Mar 14, 2025 01:29:59.265698910 CET	443	49746	2.16.185.191	192.168.2.4
Mar 14, 2025 01:29:59.266098976 CET	443	49746	2.16.185.191	192.168.2.4
Mar 14, 2025 01:29:59.266355991 CET	49747	443	192.168.2.4	2.16.185.191
Mar 14, 2025 01:29:59.266398907 CET	443	49747	2.16.185.191	192.168.2.4
Mar 14, 2025 01:29:59.266462088 CET	49747	443	192.168.2.4	2.16.185.191
Mar 14, 2025 01:29:59.271217108 CET	49747	443	192.168.2.4	2.16.185.191
Mar 14, 2025 01:29:59.271250010 CET	443	49747	2.16.185.191	192.168.2.4
Mar 14, 2025 01:29:59.271303892 CET	49747	443	192.168.2.4	2.16.185.191
Mar 14, 2025 01:29:59.475465059 CET	49748	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.475488901 CET	443	49748	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.475548029 CET	49748	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.475739002 CET	49749	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.475800037 CET	443	49749	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.475847960 CET	49749	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.476747036 CET	49749	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.476768017 CET	443	49749	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.477188110 CET	49748	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.477200985 CET	443	49748	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.677119970 CET	443	49749	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.677587986 CET	49750	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.677638054 CET	443	49750	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.677704096 CET	49750	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.678065062 CET	49750	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.678091049 CET	443	49750	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.678111076 CET	443	49748	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.678484917 CET	49751	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.678518057 CET	443	49751	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.678575039 CET	49751	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.678858042 CET	49751	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:29:59.678872108 CET	443	49751	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.877240896 CET	443	49750	172.64.151.8	192.168.2.4
Mar 14, 2025 01:29:59.877914906 CET	443	49751	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:00.692039013 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 01:30:01.004260063 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 01:30:01.613571882 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 01:30:01.644833088 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 01:30:02.816252947 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 01:30:03.889703035 CET	49708	443	192.168.2.4	52.113.196.254
Mar 14, 2025 01:30:03.894476891 CET	443	49708	52.113.196.254	192.168.2.4
Mar 14, 2025 01:30:03.994287968 CET	443	49708	52.113.196.254	192.168.2.4
Mar 14, 2025 01:30:03.994313002 CET	443	49708	52.113.196.254	192.168.2.4
Mar 14, 2025 01:30:03.994326115 CET	443	49708	52.113.196.254	192.168.2.4
Mar 14, 2025 01:30:03.994338036 CET	443	49708	52.113.196.254	192.168.2.4
Mar 14, 2025 01:30:03.994349957 CET	443	49708	52.113.196.254	192.168.2.4
Mar 14, 2025 01:30:03.994355917 CET	49708	443	192.168.2.4	52.113.196.254
Mar 14, 2025 01:30:03.994363070 CET	443	49708	52.113.196.254	192.168.2.4
Mar 14, 2025 01:30:03.994375944 CET	49708	443	192.168.2.4	52.113.196.254
Mar 14, 2025 01:30:03.994421005 CET	49708	443	192.168.2.4	52.113.196.254
Mar 14, 2025 01:30:04.015363932 CET	49681	80	192.168.2.4	2.17.190.73
Mar 14, 2025 01:30:04.316077948 CET	49681	80	192.168.2.4	2.17.190.73
Mar 14, 2025 01:30:04.906629086 CET	49753	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:04.906678915 CET	443	49753	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:04.906810045 CET	49753	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:04.906933069 CET	49754	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:04.906977892 CET	443	49754	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:04.907023907 CET	49754	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:04.908271074 CET	49754	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:04.908284903 CET	443	49754	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:04.908468962 CET	49753	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:04.908488035 CET	443	49753	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:04.926256895 CET	49681	80	192.168.2.4	2.17.190.73
Mar 14, 2025 01:30:05.105792999 CET	443	49754	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.106585026 CET	49755	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.106643915 CET	443	49755	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.106726885 CET	49755	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.107172012 CET	49755	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.107188940 CET	443	49755	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.109632969 CET	443	49753	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.110009909 CET	49756	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.110052109 CET	443	49756	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.110122919 CET	49756	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.110455036 CET	49756	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.110474110 CET	443	49756	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.221770048 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 01:30:05.305680037 CET	443	49755	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.309755087 CET	443	49756	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.662535906 CET	49757	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.662537098 CET	49758	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.662592888 CET	443	49757	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.662592888 CET	443	49758	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.663130045 CET	49757	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.663187981 CET	49758	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.664761066 CET	49758	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.664762020 CET	49757	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.664778948 CET	443	49757	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.664786100 CET	443	49758	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.865896940 CET	443	49757	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.865948915 CET	443	49758	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.875163078 CET	49759	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.875220060 CET	443	49759	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.875461102 CET	49759	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.875461102 CET	49760	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.875493050 CET	443	49760	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.875883102 CET	49759	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.875900984 CET	443	49759	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:05.875941038 CET	49760	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.876251936 CET	49760	443	192.168.2.4	172.64.151.8
Mar 14, 2025 01:30:05.876266003 CET	443	49760	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:06.073189020 CET	443	49759	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:06.073651075 CET	443	49760	172.64.151.8	192.168.2.4
Mar 14, 2025 01:30:06.133627892 CET	49681	80	192.168.2.4	2.17.190.73
Mar 14, 2025 01:30:06.184343100 CET	49761	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.184367895 CET	443	49761	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.184521914 CET	49761	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.185725927 CET	49761	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.185738087 CET	443	49761	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.186300039 CET	443	49761	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.232662916 CET	49762	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.232698917 CET	443	49762	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.232867956 CET	49762	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.234298944 CET	49762	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.234308958 CET	443	49762	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.234646082 CET	443	49762	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.263660908 CET	49763	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.263712883 CET	443	49763	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.263942957 CET	49763	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.264219999 CET	49763	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.264235973 CET	443	49763	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.264602900 CET	443	49763	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.279931068 CET	49764	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.279979944 CET	443	49764	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.280088902 CET	49764	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.280360937 CET	49764	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.280378103 CET	443	49764	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.280692101 CET	443	49764	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.305185080 CET	49765	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.305197001 CET	443	49765	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.305347919 CET	49765	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.305596113 CET	49765	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.305605888 CET	443	49765	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.305938959 CET	443	49765	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.314203978 CET	49766	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.314218044 CET	443	49766	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.314317942 CET	49766	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.314580917 CET	49766	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.314590931 CET	443	49766	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.314954996 CET	443	49766	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.331973076 CET	49767	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.331996918 CET	443	49767	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.332182884 CET	49767	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.332561970 CET	49767	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.332575083 CET	443	49767	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.332916975 CET	443	49767	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.342221975 CET	49768	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.342253923 CET	443	49768	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.342339993 CET	49768	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.342643976 CET	49768	443	192.168.2.4	4.245.163.56
Mar 14, 2025 01:30:06.342655897 CET	443	49768	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:06.343005896 CET	443	49768	4.245.163.56	192.168.2.4
Mar 14, 2025 01:30:08.535382986 CET	49681	80	192.168.2.4	2.17.190.73
Mar 14, 2025 01:30:10.035293102 CET	49678	443	192.168.2.4	20.189.173.27
Mar 14, 2025 01:30:11.254249096 CET	49671	443	192.168.2.4	204.79.197.203
Mar 14, 2025 01:30:13.347995043 CET	49681	80	192.168.2.4	2.17.190.73

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:29:52.519437075 CET	53	64554	1.1.1.1	192.168.2.4
Mar 14, 2025 01:29:52.533024073 CET	53	58406	1.1.1.1	192.168.2.4
Mar 14, 2025 01:29:55.217807055 CET	51471	53	192.168.2.4	1.1.1.1
Mar 14, 2025 01:29:55.218103886 CET	52541	53	192.168.2.4	1.1.1.1
Mar 14, 2025 01:29:55.224857092 CET	53	51471	1.1.1.1	192.168.2.4
Mar 14, 2025 01:29:55.225315094 CET	53	52541	1.1.1.1	192.168.2.4
Mar 14, 2025 01:29:57.998878956 CET	54718	53	192.168.2.4	1.1.1.1
Mar 14, 2025 01:29:57.999150991 CET	51469	53	192.168.2.4	1.1.1.1
Mar 14, 2025 01:29:58.007738113 CET	53	54718	1.1.1.1	192.168.2.4
Mar 14, 2025 01:29:58.008194923 CET	53	51469	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 14, 2025 01:29:55.217807055 CET	192.168.2.4	1.1.1.1	0xad56	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:29:55.218103886 CET	192.168.2.4	1.1.1.1	0xd62d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 14, 2025 01:29:57.998878956 CET	192.168.2.4	1.1.1.1	0x6d0f	Standard query (0)	kucoinuxlogin.webflow.io	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:29:57.999150991 CET	192.168.2.4	1.1.1.1	0xd051	Standard query (0)	kucoinuxlogin.webflow.io	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 14, 2025 01:29:55.224857092 CET	1.1.1.1	192.168.2.4	0xad56	No error (0)	www.google.com	172.217.18.4	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:29:55.225315094 CET	1.1.1.1	192.168.2.4	0xd62d	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 14, 2025 01:29:58.007738113 CET	1.1.1.1	192.168.2.4	0x6d0f	No error (0)	kucoinuxlogin.webflow.io	172.64.151.8	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:29:58.007738113 CET	1.1.1.1	192.168.2.4	0x6d0f	No error (0)	kucoinuxlogin.webflow.io	104.18.36.248	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:29:58.008194923 CET	1.1.1.1	192.168.2.4	0xd051	No error (0)	kucoinuxlogin.webflow.io		65	IN (0x0001)	false

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	20:29:47
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	20:29:50
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,14816279118109633960,6743079271261266847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2300 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	20:29:57
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kucoinuxlogin.webflow.io/"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://kucoinuxlogin.webflow.io/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2696, Parent PID: 3556

General

File Activities

File Opened

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Process Terminated

Thread Activities

Thread Terminated

Memory Activities

Memory Usage Statistics

Timing Activities

Windows Analysis Report
https://kucoinuxlogin.webflow.io/