Edit tour

Windows Analysis Report
http://s.team-fg.com/p/jjnh-trfg/frmkhpcw/

Overview

General Information

Sample URL:	http://s.team-fg.com/p/jjnh-trfg/frmkhpcw/
Analysis ID:	1637970
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4116 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,11247473949130860856,15678733379132640968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://s.team-fg.com/p/jjnh-trfg/frmkhpcw/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

HTTP traffic detected: GET /p/jjnh-trfg/frmkhpcw/ HTTP/1.1Host: s.team-fg.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.227

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: s.team-fg.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55601 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55609 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 55612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 55606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55610 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55604 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55611 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55605 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55602 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55609
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55605
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55606
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55601
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55602
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55603
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55604
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55603 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55612
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55610
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55611
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir3948_1120419783	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3948_1954187670	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3948_1954187670\ssl_error_assistant.pb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3948_1954187670\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3948_1954187670\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3948_1954187670\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3948_1954187670\manifest.fingerprint	Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,11247473949130860856,15678733379132640968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://s.team-fg.com/p/jjnh-trfg/frmkhpcw/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,11247473949130860856,15678733379132640968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Name	IP	Active	Malicious	Reputation
s.team-fg.com	185.208.156.194	true	false	unknown
beacons-handoff.gcp.gvt2.com	142.250.180.67	true	false	high
www.google.com	142.250.186.164	true	false	high
beacons.gvt2.com	142.251.143.35	true	false	high
beacons6.gvt2.com	142.250.185.67	true	false	high
beacons.gcp.gvt2.com	unknown	unknown	false	high

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.208.156.194	s.team-fg.com	Switzerland		42624	SIMPLECARRIERCH	false
142.250.186.164	www.google.com	United States		15169	GOOGLEUS	false

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637970
Start date and time:	2025-03-14 01:41:58 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://s.team-fg.com/p/jjnh-trfg/frmkhpcw/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@30/4@21/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1765
Entropy (8bit):	6.016932513650603
Encrypted:	false
SSDEEP:	48:p/hKAGj0FnAp7XgNGIaku9E5tPJXaWqkbszesM:R5Gj0FAlsaBmfPsRD3M
MD5:	6D1D175F88B64546105E3E7C31D1129A
SHA1:	75A1B56F55BB62B05365A0FDBFC7941DE77CBFAF
SHA-256:	A0BC246E8E160A9BB32FA60F4E7A04D148A17125F426509466031E07731FDF81
SHA-512:	5C80908331E30C7EAD67F7F6C5AB064B07626FD9C58925A0D2124D66B25C5AE2F218BDACFB68AFCB332E88EB297CFB7E0A7A9E5E1E54C9B7A510FEF095F9B54F
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiSUxrUllPSmhIVEZacllLRmN5UC12SkJrVjNWbWVLdHo4d1hEb2VPWjBZMCJ9LHsicGF0aCI6InNzbF9lcnJvcl9hc3Npc3RhbnQucGIiLCJyb290X2hhc2giOiJyRFZLUnlPcXBQQnI3RGhkM2VTazBKZzYxUlJXOVNzeHFBYU95WDFiWHFjIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoiZ2lla2NtbWxua2xlbmxhb21wcGtwaGtuam1ubnBuZWgiLCJpdGVtX3ZlcnNpb24iOiI3IiwicHJvdG9jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"nBdNk-7bgnEftAs4hWaHwF1Lk9pt7Eh6pcqe2gyNsE7VnVRp-H27tm1RFAF4htCUlXNJxX6YY-MUiK2DqJpQ3c73KDaFV8DcnadQfcXO3Lbrw7jLYSUaSdzujPkTyhuFcq_BhK0KWiIJ0aJgh7nVOBfAa5AbE6oFlLKMB2Ls0gmzS1-a5hUIu4rw2h9r9jkr6gLYbein5Jk2hdwW3u-1GNjyki4dftG2iZNAI8VhUf5gnCiF4AHCnYSGJsM0RGkmO_HJIzgwpQpP3RDsG2ioeKgxL-kcHhjXWOj3uVGyxpp1FkyHGkeGuqpFZMAxx3CEBiOtFj7i3iQxkgEW-E3uMKI3yA

IP
192.168.2.4
192.168.2.6
192.168.2.13
192.168.2.23

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:42:50.679930925 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:42:50.991930962 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:42:51.601330042 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:42:52.804465055 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:42:55.211740017 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 01:42:58.993451118 CET	49709	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:42:58.993510008 CET	443	49709	23.199.214.10	192.168.2.6
Mar 14, 2025 01:42:58.993581057 CET	49709	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:42:58.996330023 CET	49709	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:42:58.996344090 CET	443	49709	23.199.214.10	192.168.2.6
Mar 14, 2025 01:42:58.997051954 CET	443	49709	23.199.214.10	192.168.2.6
Mar 14, 2025 01:42:58.999334097 CET	49710	443	192.168.2.6	142.250.186.164
Mar 14, 2025 01:42:58.999377966 CET	443	49710	142.250.186.164	192.168.2.6
Mar 14, 2025 01:42:58.999579906 CET	49710	443	192.168.2.6	142.250.186.164
Mar 14, 2025 01:42:58.999905109 CET	49710	443	192.168.2.6	142.250.186.164
Mar 14, 2025 01:42:58.999921083 CET	443	49710	142.250.186.164	192.168.2.6
Mar 14, 2025 01:42:59.000355959 CET	49711	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:42:59.000387907 CET	443	49711	23.199.214.10	192.168.2.6
Mar 14, 2025 01:42:59.000436068 CET	49711	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:42:59.001054049 CET	49711	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:42:59.001066923 CET	443	49711	23.199.214.10	192.168.2.6
Mar 14, 2025 01:42:59.001677990 CET	443	49711	23.199.214.10	192.168.2.6
Mar 14, 2025 01:42:59.002773046 CET	49712	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:42:59.002794027 CET	443	49712	23.199.214.10	192.168.2.6
Mar 14, 2025 01:42:59.002861977 CET	49712	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:42:59.003696918 CET	49712	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:42:59.003731012 CET	443	49712	23.199.214.10	192.168.2.6
Mar 14, 2025 01:42:59.003773928 CET	49712	443	192.168.2.6	23.199.214.10
Mar 14, 2025 01:42:59.197338104 CET	443	49710	142.250.186.164	192.168.2.6
Mar 14, 2025 01:42:59.198260069 CET	49713	443	192.168.2.6	142.250.186.164
Mar 14, 2025 01:42:59.198299885 CET	443	49713	142.250.186.164	192.168.2.6
Mar 14, 2025 01:42:59.198831081 CET	49713	443	192.168.2.6	142.250.186.164
Mar 14, 2025 01:42:59.199290991 CET	49713	443	192.168.2.6	142.250.186.164
Mar 14, 2025 01:42:59.199311018 CET	443	49713	142.250.186.164	192.168.2.6
Mar 14, 2025 01:42:59.267832041 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:42:59.397495985 CET	443	49713	142.250.186.164	192.168.2.6
Mar 14, 2025 01:42:59.570935011 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 01:42:59.980281115 CET	49714	80	192.168.2.6	185.208.156.194
Mar 14, 2025 01:42:59.980460882 CET	49715	80	192.168.2.6	185.208.156.194
Mar 14, 2025 01:42:59.984944105 CET	80	49714	185.208.156.194	192.168.2.6

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:42:54.365869999 CET	53	51718	1.1.1.1	192.168.2.6
Mar 14, 2025 01:42:54.399760008 CET	53	59726	1.1.1.1	192.168.2.6
Mar 14, 2025 01:42:58.990766048 CET	50036	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:42:58.991383076 CET	52060	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:42:58.997634888 CET	53	50036	1.1.1.1	192.168.2.6
Mar 14, 2025 01:42:58.998058081 CET	53	52060	1.1.1.1	192.168.2.6
Mar 14, 2025 01:42:59.950376987 CET	59860	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:42:59.960616112 CET	51368	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:42:59.962234974 CET	53	59860	1.1.1.1	192.168.2.6
Mar 14, 2025 01:42:59.972851038 CET	53	51368	1.1.1.1	192.168.2.6
Mar 14, 2025 01:42:59.984540939 CET	50976	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:42:59.984827995 CET	51056	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:42:59.995209932 CET	53	51056	1.1.1.1	192.168.2.6
Mar 14, 2025 01:42:59.998097897 CET	53	50976	1.1.1.1	192.168.2.6
Mar 14, 2025 01:43:54.253299952 CET	53	64041	1.1.1.1	192.168.2.6
Mar 14, 2025 01:43:54.670835018 CET	53	55344	1.1.1.1	192.168.2.6
Mar 14, 2025 01:43:55.628813982 CET	53	53421	1.1.1.1	192.168.2.6
Mar 14, 2025 01:43:57.030725002 CET	53	52691	1.1.1.1	192.168.2.6
Mar 14, 2025 01:43:57.342449903 CET	138	138	192.168.2.6	192.168.2.255
Mar 14, 2025 01:43:57.638015032 CET	50185	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:43:57.638339996 CET	49382	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:43:57.644704103 CET	53	50185	1.1.1.1	192.168.2.6
Mar 14, 2025 01:43:57.647150993 CET	53	49382	1.1.1.1	192.168.2.6
Mar 14, 2025 01:43:58.662455082 CET	51900	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:43:58.671171904 CET	53	51900	1.1.1.1	192.168.2.6
Mar 14, 2025 01:43:58.688164949 CET	59343	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:43:58.695075989 CET	53	59343	1.1.1.1	192.168.2.6
Mar 14, 2025 01:44:00.698355913 CET	65155	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:44:00.705809116 CET	53	65155	1.1.1.1	192.168.2.6
Mar 14, 2025 01:44:01.711595058 CET	65155	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:44:01.718195915 CET	53	65155	1.1.1.1	192.168.2.6
Mar 14, 2025 01:44:02.711790085 CET	65155	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:44:02.718415022 CET	53	65155	1.1.1.1	192.168.2.6
Mar 14, 2025 01:44:04.727701902 CET	65155	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:44:04.734308958 CET	53	65155	1.1.1.1	192.168.2.6
Mar 14, 2025 01:44:08.736987114 CET	65155	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:44:08.745434046 CET	53	65155	1.1.1.1	192.168.2.6
Mar 14, 2025 01:44:13.630847931 CET	53236	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:44:13.631021976 CET	64856	53	192.168.2.6	1.1.1.1
Mar 14, 2025 01:44:13.637675047 CET	53	53236	1.1.1.1	192.168.2.6

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 14, 2025 01:42:58.990766048 CET	192.168.2.6	1.1.1.1	0x4c0	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:42:58.991383076 CET	192.168.2.6	1.1.1.1	0xa517	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 14, 2025 01:42:59.950376987 CET	192.168.2.6	1.1.1.1	0xfa64	Standard query (0)	s.team-fg.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:42:59.960616112 CET	192.168.2.6	1.1.1.1	0x3fad	Standard query (0)	s.team-fg.com	65	IN (0x0001)	false
Mar 14, 2025 01:42:59.984540939 CET	192.168.2.6	1.1.1.1	0x86e4	Standard query (0)	s.team-fg.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:42:59.984827995 CET	192.168.2.6	1.1.1.1	0xac42	Standard query (0)	s.team-fg.com	65	IN (0x0001)	false
Mar 14, 2025 01:43:57.638015032 CET	192.168.2.6	1.1.1.1	0x278b	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:43:57.638339996 CET	192.168.2.6	1.1.1.1	0x77f5	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 14, 2025 01:43:58.662455082 CET	192.168.2.6	1.1.1.1	0x1c15	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:43:58.688164949 CET	192.168.2.6	1.1.1.1	0x628b	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 14, 2025 01:44:00.698355913 CET	192.168.2.6	1.1.1.1	0xbe0f	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:44:01.711595058 CET	192.168.2.6	1.1.1.1	0xbe0f	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:44:02.711790085 CET	192.168.2.6	1.1.1.1	0xbe0f	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:44:04.727701902 CET	192.168.2.6	1.1.1.1	0xbe0f	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:44:08.736987114 CET	192.168.2.6	1.1.1.1	0xbe0f	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:44:13.630847931 CET	192.168.2.6	1.1.1.1	0x6133	Standard query (0)	beacons.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:44:13.631021976 CET	192.168.2.6	1.1.1.1	0xf1c	Standard query (0)	beacons.gvt2.com	65	IN (0x0001)	false
Mar 14, 2025 01:44:14.649234056 CET	192.168.2.6	1.1.1.1	0x7cd8	Standard query (0)	beacons.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:44:16.680591106 CET	192.168.2.6	1.1.1.1	0xca92	Standard query (0)	beacons.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:44:17.680053949 CET	192.168.2.6	1.1.1.1	0xca92	Standard query (0)	beacons.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:44:18.679996014 CET	192.168.2.6	1.1.1.1	0xca92	Standard query (0)	beacons.gvt2.com	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Mar 14, 2025 01:43:00.405371904 CET	449	OUT	GET /p/jjnh-trfg/frmkhpcw/ HTTP/1.1 Host: s.team-fg.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 14, 2025 01:43:00.712622881 CET	387	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.26.3 Date: Fri, 14 Mar 2025 00:43:00 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://s.team-fg.com/p/jjnh-trfg/frmkhpcw/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.26.3</center></body></html>
Mar 14, 2025 01:43:45.726958990 CET	6	OUT	Data Raw: 00 Data Ascii:

Target ID:	1
Start time:	20:42:48
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	4
Start time:	20:42:52
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,11247473949130860856,15678733379132640968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:3
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	13
Start time:	20:42:58
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://s.team-fg.com/p/jjnh-trfg/frmkhpcw/"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://s.team-fg.com/p/jjnh-trfg/frmkhpcw/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3948_1954187670\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3948_1954187670\manifest.fingerprint

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3948_1954187670\manifest.json

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3948_1954187670\ssl_error_assistant.pb

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3948, Parent PID: 3256

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Windows Analysis Report
http://s.team-fg.com/p/jjnh-trfg/frmkhpcw/

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre