Windows
Analysis Report
https://wwre.lanzoup.com/iUb312qvvxyd
Overview
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Yara detected ZipBomb
Drops password protected ZIP file
Dynamic code execution using eval()
HTML page contains hidden javascript code
Program does not show much activity (idle)
Script element or tag injection
Classification
- System is w10x64_ra
chrome.exe (PID: 6760 cmdline:
"C:\Users\ user\AppDa ta\Local\C hromium\Ap plication\ chrome.exe " --start -maximized "about:bl ank" MD5: B6CB00FCB81D3B66870817AEBE7163BB) chrome.exe (PID: 2556 cmdline:
"C:\Users\ user\AppDa ta\Local\C hromium\Ap plication\ chrome.exe " --no-san dbox --typ e=utility --utility- sub-type=n etwork.moj om.Network Service -- lang=en-GB --service -sandbox-t ype=none - -start-sta ck-profile r --mojo-p latform-ch annel-hand le=2044 -- field-tria l-handle=1 792,i,5437 0459017474 90287,6078 0760995548 3898,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: B6CB00FCB81D3B66870817AEBE7163BB)
chrome.exe (PID: 7140 cmdline:
"C:\Users\ user\AppDa ta\Local\C hromium\Ap plication\ chrome.exe " "https:/ /wwre.lanz oup.com/iU b312qvvxyd " MD5: B6CB00FCB81D3B66870817AEBE7163BB)
chrome.exe (PID: 7488 cmdline:
"C:\Users\ user\AppDa ta\Local\C hromium\Ap plication\ chrome.exe " --start -maximized --single- argument h ttps://wwr e.lanzoup. com/iUb312 qvvxyd?<?= $codepost? > MD5: B6CB00FCB81D3B66870817AEBE7163BB)
chrome.exe (PID: 7992 cmdline:
"C:\Users\ user\AppDa ta\Local\C hromium\Ap plication\ chrome.exe " --start -maximized --single- argument h ttps://wwr e.lanzoup. com/iUb312 qvvxyd?%3C ?=$codepos t?%3E?<?=$ codepost?> MD5: B6CB00FCB81D3B66870817AEBE7163BB)
chrome.exe (PID: 7176 cmdline:
"C:\Users\ user\AppDa ta\Local\C hromium\Ap plication\ chrome.exe " --start -maximized --single- argument h ttps://wwr e.lanzoup. com/iUb312 qvvxyd?%3C ?=$codepos t?%3E?%3C? =$codepost ?%3E?<?=$c odepost?> MD5: B6CB00FCB81D3B66870817AEBE7163BB)
chrome.exe (PID: 7276 cmdline:
"C:\Users\ user\AppDa ta\Local\C hromium\Ap plication\ chrome.exe " --start -maximized --single- argument h ttps://wwr e.lanzoup. com/iUb312 qvvxyd?%3C ?=$codepos t?%3E?%3C? =$codepost ?%3E?%3C?= $codepost? %3E?<?=$co depost?> MD5: B6CB00FCB81D3B66870817AEBE7163BB)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_ZipBomb | Yara detected ZipBomb | Joe Security |
⊘No Sigma rule has matched
⊘No Suricata rule has matched
- • Phishing
- • System Summary
- • Malware Analysis System Evasion
- • Anti Debugging
Click to jump to signature section
Show All Signature Results
Source: | JavaScript Tracing: |