Edit tour

Windows Analysis Report
http://data-seed-prebsc-1-s1.bnbchain.org

Overview

General Information

Sample URL:	http://data-seed-prebsc-1-s1.bnbchain.org
Analysis ID:	1663363
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w11x64_office

chrome.exe (PID: 5228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 5692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1872,i,3635450816076725558,5349984555335129593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2196 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 6496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://data-seed-prebsc-1-s1.bnbchain.org" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

HTTPS traffic detected: 142.250.9.104:443 -> 192.168.2.24:60848 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.48.246.135
Source: unknown	TCP traffic detected without corresponding DNS query: 23.48.246.135
Source: unknown	TCP traffic detected without corresponding DNS query: 23.48.246.135
Source: unknown	TCP traffic detected without corresponding DNS query: 23.4.43.62
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 23.4.43.62
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 23.48.246.135
Source: unknown	TCP traffic detected without corresponding DNS query: 23.48.246.135
Source: unknown	TCP traffic detected without corresponding DNS query: 23.48.246.135
Source: unknown	TCP traffic detected without corresponding DNS query: 23.76.34.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.76.34.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.76.34.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.4.43.62
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.23
Source: unknown	TCP traffic detected without corresponding DNS query: 23.4.43.62
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.23
Source: unknown	TCP traffic detected without corresponding DNS query: 23.76.34.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.76.34.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.76.34.6
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: data-seed-prebsc-1-s1.bnbchain.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 60848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60817
Source: unknown	Network traffic detected: HTTP traffic on port 60821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60881
Source: unknown	Network traffic detected: HTTP traffic on port 60832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60848
Source: unknown	Network traffic detected: HTTP traffic on port 60844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60844
Source: unknown	Network traffic detected: HTTP traffic on port 60864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60830

Source: unknown

HTTPS traffic detected: 142.250.9.104:443 -> 192.168.2.24:60848 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@25/0@8/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1872,i,3635450816076725558,5349984555335129593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2196 /prefetch:11
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://data-seed-prebsc-1-s1.bnbchain.org"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1872,i,3635450816076725558,5349984555335129593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2196 /prefetch:11	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://data-seed-prebsc-1-s1.bnbchain.org	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
a37dd8b3f3000a75e.awsglobalaccelerator.com	15.197.152.159	true	false	high
www.google.com	142.250.9.104	true	false	high
data-seed-prebsc-1-s1.bnbchain.org	unknown	unknown	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.9.104	www.google.com	United States	15169	GOOGLEUS	false
15.197.152.159	a37dd8b3f3000a75e.awsglobalaccelerator.com	United States	7430	TANDEMUS	false
3.33.155.121	unknown	United States	8987	AMAZONEXPANSIONGB	false

Private

IP
192.168.2.24

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1663363
Start date and time:	2025-04-11 17:59:39 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://data-seed-prebsc-1-s1.bnbchain.org
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Run name:	Potential for more IOCs and behavior
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@25/0@8/4

Warnings

Exclude process from analysis (whitelisted): SystemSettingsBroker.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 104.18.38.233, 172.64.149.23, 64.233.177.100, 64.233.177.139, 64.233.177.102, 64.233.177.138, 64.233.177.113, 64.233.177.101, 172.253.124.94, 108.177.122.102, 108.177.122.138, 108.177.122.100, 108.177.122.101, 108.177.122.139, 108.177.122.113, 64.233.176.84, 74.125.136.113, 74.125.136.102, 74.125.136.100, 74.125.136.138, 74.125.136.139, 74.125.136.101, 173.194.219.113, 173.194.219.138, 173.194.219.102, 173.194.219.139, 173.194.219.100, 173.194.219.101, 142.250.9.138, 142.250.9.139, 142.250.9.101, 142.250.9.100, 142.250.9.113, 142.250.9.102, 199.232.210.172, 74.125.21.101, 74.125.21.100, 74.125.21.139, 74.125.21.138, 74.125.21.113, 74.125.21.102, 142.250.105.95, 64.233.176.95, 74.125.136.95, 172.217.215.95, 142.251.15.95, 74.125.138.95, 108.177.122.95, 172.253.124.95, 142.250.9.95, 64.233.185.95, 173.194.219.95, 64.233.177.95, 74.125.138.94, 74.125.138.100, 74.125.138.139, 74.125.138.101, 74.125.138.113, 74.125.138.138, 74.125.138.102, 142.251.15.94, 172.217.215.101, 1
Excluded domains from analysis (whitelisted): clients1.google.com, crt.comodoca.com.cdn.cloudflare.net, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, fe3cr.delivery.mp.microsoft.com, crt.comodoca.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: http://data-seed-prebsc-1-s1.bnbchain.org

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 132
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 11, 2025 18:00:44.334419012 CEST	60844	443	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:44.334454060 CEST	443	60844	15.197.152.159	192.168.2.24
Apr 11, 2025 18:00:44.334657907 CEST	60844	443	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:44.335021019 CEST	60844	443	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:44.335035086 CEST	443	60844	15.197.152.159	192.168.2.24
Apr 11, 2025 18:00:44.335485935 CEST	60845	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:44.335702896 CEST	60846	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:45.346524000 CEST	60846	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:45.346618891 CEST	60845	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:47.297904968 CEST	60848	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:00:47.297957897 CEST	443	60848	142.250.9.104	192.168.2.24
Apr 11, 2025 18:00:47.298732996 CEST	60848	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:00:47.298732996 CEST	60848	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:00:47.298774004 CEST	443	60848	142.250.9.104	192.168.2.24
Apr 11, 2025 18:00:47.358547926 CEST	60845	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:47.358551025 CEST	60846	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:47.523744106 CEST	443	60848	142.250.9.104	192.168.2.24
Apr 11, 2025 18:00:47.524280071 CEST	60848	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:00:47.526329994 CEST	60848	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:00:47.526356936 CEST	443	60848	142.250.9.104	192.168.2.24
Apr 11, 2025 18:00:47.526741982 CEST	443	60848	142.250.9.104	192.168.2.24
Apr 11, 2025 18:00:47.567361116 CEST	60848	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:00:51.360493898 CEST	60846	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:51.360532045 CEST	60845	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:57.521507025 CEST	443	60848	142.250.9.104	192.168.2.24
Apr 11, 2025 18:00:57.521656990 CEST	443	60848	142.250.9.104	192.168.2.24
Apr 11, 2025 18:00:57.521802902 CEST	60848	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:00:58.386240959 CEST	60848	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:00:58.386274099 CEST	443	60848	142.250.9.104	192.168.2.24
Apr 11, 2025 18:00:59.373671055 CEST	60845	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:00:59.373682976 CEST	60846	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:05.388237953 CEST	60851	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:05.388444901 CEST	60852	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:06.392518044 CEST	60851	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:06.392575979 CEST	60852	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:08.398556948 CEST	60851	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:08.398696899 CEST	60852	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:12.405560017 CEST	60851	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:12.405869961 CEST	60852	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:14.337650061 CEST	60844	443	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:14.380283117 CEST	443	60844	15.197.152.159	192.168.2.24
Apr 11, 2025 18:01:20.416572094 CEST	60851	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:20.416573048 CEST	60852	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:27.474554062 CEST	60857	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:27.474848986 CEST	60858	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:27.735176086 CEST	60859	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:28.479562998 CEST	60858	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:28.479578972 CEST	60857	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:28.749561071 CEST	60859	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:30.489590883 CEST	60858	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:30.489645958 CEST	60857	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:30.761676073 CEST	60859	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:34.494611025 CEST	60858	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:34.494620085 CEST	60857	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:34.766700029 CEST	60859	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:42.494653940 CEST	60858	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:42.510303020 CEST	60857	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:42.781639099 CEST	60859	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:47.251650095 CEST	60864	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:01:47.251707077 CEST	443	60864	142.250.9.104	192.168.2.24
Apr 11, 2025 18:01:47.251804113 CEST	60864	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:01:47.252012014 CEST	60864	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:01:47.252024889 CEST	443	60864	142.250.9.104	192.168.2.24
Apr 11, 2025 18:01:47.475003004 CEST	443	60864	142.250.9.104	192.168.2.24
Apr 11, 2025 18:01:47.475684881 CEST	60864	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:01:47.475718021 CEST	443	60864	142.250.9.104	192.168.2.24
Apr 11, 2025 18:01:48.510574102 CEST	60865	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:48.510895014 CEST	60866	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:48.803724051 CEST	60867	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:49.516680956 CEST	60866	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:49.516690016 CEST	60865	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:49.804842949 CEST	60867	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:51.527669907 CEST	60865	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:51.527733088 CEST	60866	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:51.812791109 CEST	60867	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:55.530658007 CEST	60866	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:55.530666113 CEST	60865	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:55.816694021 CEST	60867	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:01:57.479285955 CEST	443	60864	142.250.9.104	192.168.2.24
Apr 11, 2025 18:01:57.479418993 CEST	443	60864	142.250.9.104	192.168.2.24
Apr 11, 2025 18:01:57.479547977 CEST	60864	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:01:58.385014057 CEST	60864	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:01:58.385088921 CEST	443	60864	142.250.9.104	192.168.2.24
Apr 11, 2025 18:01:59.386794090 CEST	60844	443	192.168.2.24	15.197.152.159
Apr 11, 2025 18:01:59.386825085 CEST	443	60844	15.197.152.159	192.168.2.24
Apr 11, 2025 18:02:03.531697035 CEST	60865	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:03.531768084 CEST	60866	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:03.818804026 CEST	60867	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:09.340418100 CEST	60818	443	192.168.2.24	23.48.246.135
Apr 11, 2025 18:02:09.446971893 CEST	443	60818	23.48.246.135	192.168.2.24
Apr 11, 2025 18:02:09.447002888 CEST	443	60818	23.48.246.135	192.168.2.24
Apr 11, 2025 18:02:09.447571039 CEST	60818	443	192.168.2.24	23.48.246.135
Apr 11, 2025 18:02:09.447571039 CEST	60818	443	192.168.2.24	23.48.246.135
Apr 11, 2025 18:02:09.753882885 CEST	60820	80	192.168.2.24	23.4.43.62
Apr 11, 2025 18:02:09.753952026 CEST	60819	80	192.168.2.24	199.232.214.172
Apr 11, 2025 18:02:09.859513998 CEST	80	60820	23.4.43.62	192.168.2.24
Apr 11, 2025 18:02:09.859601021 CEST	80	60819	199.232.214.172	192.168.2.24
Apr 11, 2025 18:02:09.859635115 CEST	80	60819	199.232.214.172	192.168.2.24
Apr 11, 2025 18:02:09.859664917 CEST	60820	80	192.168.2.24	23.4.43.62
Apr 11, 2025 18:02:09.859807968 CEST	60819	80	192.168.2.24	199.232.214.172
Apr 11, 2025 18:02:11.446259975 CEST	60821	443	192.168.2.24	23.48.246.135
Apr 11, 2025 18:02:11.561976910 CEST	443	60821	23.48.246.135	192.168.2.24
Apr 11, 2025 18:02:11.561999083 CEST	443	60821	23.48.246.135	192.168.2.24
Apr 11, 2025 18:02:11.562072992 CEST	60821	443	192.168.2.24	23.48.246.135
Apr 11, 2025 18:02:11.562072992 CEST	60821	443	192.168.2.24	23.48.246.135
Apr 11, 2025 18:02:14.709268093 CEST	60875	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:14.709675074 CEST	60876	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:14.834363937 CEST	60877	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:15.712812901 CEST	60875	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:15.712814093 CEST	60876	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:15.713056087 CEST	60830	443	192.168.2.24	23.76.34.6
Apr 11, 2025 18:02:15.820223093 CEST	443	60830	23.76.34.6	192.168.2.24
Apr 11, 2025 18:02:15.820293903 CEST	443	60830	23.76.34.6	192.168.2.24
Apr 11, 2025 18:02:15.820393085 CEST	60830	443	192.168.2.24	23.76.34.6
Apr 11, 2025 18:02:15.820463896 CEST	60830	443	192.168.2.24	23.76.34.6
Apr 11, 2025 18:02:15.840790987 CEST	60877	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:16.004699945 CEST	60833	80	192.168.2.24	23.4.43.62
Apr 11, 2025 18:02:16.005053043 CEST	60831	443	192.168.2.24	40.126.28.23
Apr 11, 2025 18:02:16.111067057 CEST	80	60833	23.4.43.62	192.168.2.24
Apr 11, 2025 18:02:16.111270905 CEST	60833	80	192.168.2.24	23.4.43.62
Apr 11, 2025 18:02:16.128479004 CEST	443	60831	40.126.28.23	192.168.2.24
Apr 11, 2025 18:02:16.128685951 CEST	60831	443	192.168.2.24	40.126.28.23
Apr 11, 2025 18:02:16.318039894 CEST	60832	443	192.168.2.24	23.76.34.6
Apr 11, 2025 18:02:16.424391985 CEST	443	60832	23.76.34.6	192.168.2.24
Apr 11, 2025 18:02:16.424448967 CEST	443	60832	23.76.34.6	192.168.2.24
Apr 11, 2025 18:02:16.424518108 CEST	60832	443	192.168.2.24	23.76.34.6
Apr 11, 2025 18:02:16.424575090 CEST	60832	443	192.168.2.24	23.76.34.6
Apr 11, 2025 18:02:17.722731113 CEST	60875	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:17.722829103 CEST	60876	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:17.850871086 CEST	60877	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:18.784107924 CEST	443	60817	2.19.122.66	192.168.2.24
Apr 11, 2025 18:02:18.784137011 CEST	443	60817	2.19.122.66	192.168.2.24
Apr 11, 2025 18:02:18.784233093 CEST	60817	443	192.168.2.24	2.19.122.66
Apr 11, 2025 18:02:18.784277916 CEST	60817	443	192.168.2.24	2.19.122.66
Apr 11, 2025 18:02:18.784431934 CEST	60817	443	192.168.2.24	2.19.122.66
Apr 11, 2025 18:02:18.994339943 CEST	443	60817	2.19.122.66	192.168.2.24
Apr 11, 2025 18:02:21.727735043 CEST	60875	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:21.728029013 CEST	60876	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:21.855703115 CEST	60877	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:29.728739977 CEST	60875	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:29.728739977 CEST	60876	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:29.856704950 CEST	60877	80	192.168.2.24	3.33.155.121
Apr 11, 2025 18:02:35.744240046 CEST	60878	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:35.744375944 CEST	60879	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:35.872159004 CEST	60880	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:36.751760960 CEST	60879	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:36.751780033 CEST	60878	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:36.879889965 CEST	60880	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:38.763777971 CEST	60878	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:38.763811111 CEST	60879	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:38.891771078 CEST	60880	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:42.769737959 CEST	60878	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:42.769738913 CEST	60879	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:42.897743940 CEST	60880	80	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:44.396806002 CEST	60844	443	192.168.2.24	15.197.152.159
Apr 11, 2025 18:02:44.396835089 CEST	443	60844	15.197.152.159	192.168.2.24
Apr 11, 2025 18:02:47.314416885 CEST	60881	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:02:47.314488888 CEST	443	60881	142.250.9.104	192.168.2.24
Apr 11, 2025 18:02:47.314590931 CEST	60881	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:02:47.314810991 CEST	60881	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:02:47.314836025 CEST	443	60881	142.250.9.104	192.168.2.24
Apr 11, 2025 18:02:47.538402081 CEST	443	60881	142.250.9.104	192.168.2.24
Apr 11, 2025 18:02:47.538824081 CEST	60881	443	192.168.2.24	142.250.9.104
Apr 11, 2025 18:02:47.538857937 CEST	443	60881	142.250.9.104	192.168.2.24

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 11, 2025 18:00:43.085408926 CEST	53	59418	1.1.1.1	192.168.2.24
Apr 11, 2025 18:00:43.356314898 CEST	53	63654	1.1.1.1	192.168.2.24
Apr 11, 2025 18:00:44.188229084 CEST	52237	53	192.168.2.24	1.1.1.1
Apr 11, 2025 18:00:44.188458920 CEST	55504	53	192.168.2.24	1.1.1.1
Apr 11, 2025 18:00:44.196661949 CEST	64125	53	192.168.2.24	1.1.1.1
Apr 11, 2025 18:00:44.196901083 CEST	57666	53	192.168.2.24	1.1.1.1
Apr 11, 2025 18:00:44.295237064 CEST	53	60788	1.1.1.1	192.168.2.24
Apr 11, 2025 18:00:44.322774887 CEST	53	52237	1.1.1.1	192.168.2.24
Apr 11, 2025 18:00:44.330842972 CEST	53	57666	1.1.1.1	192.168.2.24
Apr 11, 2025 18:00:44.331151009 CEST	53	64125	1.1.1.1	192.168.2.24
Apr 11, 2025 18:00:44.331325054 CEST	53	55504	1.1.1.1	192.168.2.24
Apr 11, 2025 18:00:47.189198971 CEST	59029	53	192.168.2.24	1.1.1.1
Apr 11, 2025 18:00:47.189532042 CEST	58570	53	192.168.2.24	1.1.1.1
Apr 11, 2025 18:00:47.295865059 CEST	53	58570	1.1.1.1	192.168.2.24
Apr 11, 2025 18:00:47.296608925 CEST	53	59029	1.1.1.1	192.168.2.24
Apr 11, 2025 18:01:01.312388897 CEST	53	58936	1.1.1.1	192.168.2.24
Apr 11, 2025 18:01:03.236063004 CEST	137	137	192.168.2.24	192.168.2.255
Apr 11, 2025 18:01:03.999598980 CEST	137	137	192.168.2.24	192.168.2.255
Apr 11, 2025 18:01:04.749667883 CEST	137	137	192.168.2.24	192.168.2.255
Apr 11, 2025 18:01:12.265822887 CEST	53	50590	1.1.1.1	192.168.2.24
Apr 11, 2025 18:01:20.031989098 CEST	53	61421	1.1.1.1	192.168.2.24
Apr 11, 2025 18:01:42.623419046 CEST	53	55218	1.1.1.1	192.168.2.24
Apr 11, 2025 18:01:42.778070927 CEST	53	61013	1.1.1.1	192.168.2.24
Apr 11, 2025 18:01:45.624599934 CEST	53	57909	1.1.1.1	192.168.2.24
Apr 11, 2025 18:02:13.440324068 CEST	53	53795	1.1.1.1	192.168.2.24
Apr 11, 2025 18:02:14.559653997 CEST	57258	53	192.168.2.24	1.1.1.1
Apr 11, 2025 18:02:14.559947968 CEST	51100	53	192.168.2.24	1.1.1.1
Apr 11, 2025 18:02:14.696471930 CEST	53	51100	1.1.1.1	192.168.2.24
Apr 11, 2025 18:02:14.708178043 CEST	53	57258	1.1.1.1	192.168.2.24

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 11, 2025 18:00:44.188229084 CEST	192.168.2.24	1.1.1.1	0x5a51	Standard query (0)	data-seed-prebsc-1-s1.bnbchain.org	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:44.188458920 CEST	192.168.2.24	1.1.1.1	0x3063	Standard query (0)	data-seed-prebsc-1-s1.bnbchain.org	65	IN (0x0001)	false
Apr 11, 2025 18:00:44.196661949 CEST	192.168.2.24	1.1.1.1	0xc526	Standard query (0)	data-seed-prebsc-1-s1.bnbchain.org	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:44.196901083 CEST	192.168.2.24	1.1.1.1	0x3a21	Standard query (0)	data-seed-prebsc-1-s1.bnbchain.org	65	IN (0x0001)	false
Apr 11, 2025 18:00:47.189198971 CEST	192.168.2.24	1.1.1.1	0xccb0	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:47.189532042 CEST	192.168.2.24	1.1.1.1	0xe178	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 11, 2025 18:02:14.559653997 CEST	192.168.2.24	1.1.1.1	0xa07	Standard query (0)	data-seed-prebsc-1-s1.bnbchain.org	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:02:14.559947968 CEST	192.168.2.24	1.1.1.1	0xeb5a	Standard query (0)	data-seed-prebsc-1-s1.bnbchain.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 11, 2025 18:00:44.322774887 CEST	1.1.1.1	192.168.2.24	0x5a51	No error (0)	data-seed-prebsc-1-s1.bnbchain.org	a37dd8b3f3000a75e.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 11, 2025 18:00:44.322774887 CEST	1.1.1.1	192.168.2.24	0x5a51	No error (0)	a37dd8b3f3000a75e.awsglobalaccelerator.com		15.197.152.159	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:44.322774887 CEST	1.1.1.1	192.168.2.24	0x5a51	No error (0)	a37dd8b3f3000a75e.awsglobalaccelerator.com		3.33.155.121	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:44.330842972 CEST	1.1.1.1	192.168.2.24	0x3a21	No error (0)	data-seed-prebsc-1-s1.bnbchain.org	a37dd8b3f3000a75e.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 11, 2025 18:00:44.331151009 CEST	1.1.1.1	192.168.2.24	0xc526	No error (0)	data-seed-prebsc-1-s1.bnbchain.org	a37dd8b3f3000a75e.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 11, 2025 18:00:44.331151009 CEST	1.1.1.1	192.168.2.24	0xc526	No error (0)	a37dd8b3f3000a75e.awsglobalaccelerator.com		15.197.152.159	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:44.331151009 CEST	1.1.1.1	192.168.2.24	0xc526	No error (0)	a37dd8b3f3000a75e.awsglobalaccelerator.com		3.33.155.121	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:44.331325054 CEST	1.1.1.1	192.168.2.24	0x3063	No error (0)	data-seed-prebsc-1-s1.bnbchain.org	a37dd8b3f3000a75e.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 11, 2025 18:00:47.295865059 CEST	1.1.1.1	192.168.2.24	0xe178	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 11, 2025 18:00:47.296608925 CEST	1.1.1.1	192.168.2.24	0xccb0	No error (0)	www.google.com		142.250.9.104	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:47.296608925 CEST	1.1.1.1	192.168.2.24	0xccb0	No error (0)	www.google.com		142.250.9.147	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:47.296608925 CEST	1.1.1.1	192.168.2.24	0xccb0	No error (0)	www.google.com		142.250.9.99	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:47.296608925 CEST	1.1.1.1	192.168.2.24	0xccb0	No error (0)	www.google.com		142.250.9.103	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:47.296608925 CEST	1.1.1.1	192.168.2.24	0xccb0	No error (0)	www.google.com		142.250.9.106	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:00:47.296608925 CEST	1.1.1.1	192.168.2.24	0xccb0	No error (0)	www.google.com		142.250.9.105	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:02:14.696471930 CEST	1.1.1.1	192.168.2.24	0xeb5a	No error (0)	data-seed-prebsc-1-s1.bnbchain.org	a37dd8b3f3000a75e.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 11, 2025 18:02:14.708178043 CEST	1.1.1.1	192.168.2.24	0xa07	No error (0)	data-seed-prebsc-1-s1.bnbchain.org	a37dd8b3f3000a75e.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 11, 2025 18:02:14.708178043 CEST	1.1.1.1	192.168.2.24	0xa07	No error (0)	a37dd8b3f3000a75e.awsglobalaccelerator.com		3.33.155.121	A (IP address)	IN (0x0001)	false
Apr 11, 2025 18:02:14.708178043 CEST	1.1.1.1	192.168.2.24	0xa07	No error (0)	a37dd8b3f3000a75e.awsglobalaccelerator.com		15.197.152.159	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5228, Parent PID: 5248

Function Logs

General

Target ID:	0
Start time:	12:00:39
Start date:	11/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff697330000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5692, Parent PID: 5228

Function Logs

General

Target ID:	1
Start time:	12:00:40
Start date:	11/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1872,i,3635450816076725558,5349984555335129593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2196 /prefetch:11
Imagebase:	0x7ff697330000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6496, Parent PID: 5248

Function Logs

General

Target ID:	2
Start time:	12:00:42
Start date:	11/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://data-seed-prebsc-1-s1.bnbchain.org"
Imagebase:	0x7ff697330000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Terminated

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://data-seed-prebsc-1-s1.bnbchain.org

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5228, Parent PID: 5248

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Process Activities

Process Created

Process Terminated

Thread Activities

Thread Terminated

Memory Activities

Memory Usage Statistics

Windows Analysis Report
http://data-seed-prebsc-1-s1.bnbchain.org