Create Interactive Tour

Windows Analysis Report
http://address.myairmail.com

Overview

General Information

Sample URL:	http://address.myairmail.com
Analysis ID:	1673878
Infos:

Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Confidence:	60%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6372 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,7057347569423250158,16475539366718190943,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2080 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,7057347569423250158,16475539366718190943,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5000 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://address.myairmail.com" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: unknown	HTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.5:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.254:443 -> 192.168.2.5:49705 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: address.myairmail.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49675
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,7057347569423250158,16475539366718190943,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2080 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,7057347569423250158,16475539366718190943,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5000 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://address.myairmail.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,7057347569423250158,16475539366718190943,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2080 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,7057347569423250158,16475539366718190943,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5000 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Name	IP	Active	Malicious	Reputation
google.com	142.250.68.238	true	false	high
www.google.com	192.178.49.196	true	false	high
address.myairmail.com	unknown	unknown	false	high

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1673878
Start date and time:	2025-04-25 09:02:01 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 1m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://address.myairmail.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@24/0@21/2
Cookbook Comments:	URL browsing timeout or error

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 25, 2025 09:02:47.383738995 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 25, 2025 09:02:52.196263075 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 25, 2025 09:02:54.231189966 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 25, 2025 09:02:54.540047884 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 25, 2025 09:02:55.153613091 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 25, 2025 09:02:56.368092060 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 25, 2025 09:02:56.952672005 CEST	49696	80	192.168.2.5	192.178.49.195
Apr 25, 2025 09:02:57.101058960 CEST	80	49696	192.178.49.195	192.168.2.5
Apr 25, 2025 09:02:57.101465940 CEST	49696	80	192.168.2.5	192.178.49.195
Apr 25, 2025 09:02:57.101690054 CEST	49696	80	192.168.2.5	192.178.49.195
Apr 25, 2025 09:02:57.249397039 CEST	80	49696	192.178.49.195	192.168.2.5
Apr 25, 2025 09:02:57.249782085 CEST	80	49696	192.178.49.195	192.168.2.5
Apr 25, 2025 09:02:57.290607929 CEST	49696	80	192.168.2.5	192.178.49.195
Apr 25, 2025 09:02:58.774995089 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 25, 2025 09:03:00.870356083 CEST	49701	443	192.168.2.5	192.178.49.196
Apr 25, 2025 09:03:00.870400906 CEST	443	49701	192.178.49.196	192.168.2.5
Apr 25, 2025 09:03:00.870501995 CEST	49701	443	192.168.2.5	192.178.49.196
Apr 25, 2025 09:03:00.870630980 CEST	49701	443	192.168.2.5	192.178.49.196
Apr 25, 2025 09:03:00.870637894 CEST	443	49701	192.178.49.196	192.168.2.5
Apr 25, 2025 09:03:01.191842079 CEST	443	49701	192.178.49.196	192.168.2.5
Apr 25, 2025 09:03:01.192120075 CEST	49701	443	192.168.2.5	192.178.49.196
Apr 25, 2025 09:03:01.193200111 CEST	49701	443	192.168.2.5	192.178.49.196
Apr 25, 2025 09:03:01.193218946 CEST	443	49701	192.178.49.196	192.168.2.5
Apr 25, 2025 09:03:01.193475962 CEST	443	49701	192.178.49.196	192.168.2.5
Apr 25, 2025 09:03:01.243326902 CEST	49701	443	192.168.2.5	192.178.49.196
Apr 25, 2025 09:03:01.805839062 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 25, 2025 09:03:03.586965084 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 25, 2025 09:03:09.987572908 CEST	49675	443	192.168.2.5	2.23.227.208
Apr 25, 2025 09:03:09.987632990 CEST	443	49675	2.23.227.208	192.168.2.5
Apr 25, 2025 09:03:09.987952948 CEST	49675	443	192.168.2.5	2.23.227.208
Apr 25, 2025 09:03:09.987970114 CEST	443	49675	2.23.227.208	192.168.2.5
Apr 25, 2025 09:03:10.440609932 CEST	49705	443	192.168.2.5	150.171.28.254
Apr 25, 2025 09:03:10.440654993 CEST	443	49705	150.171.28.254	192.168.2.5
Apr 25, 2025 09:03:10.440730095 CEST	49705	443	192.168.2.5	150.171.28.254
Apr 25, 2025 09:03:10.441051006 CEST	49705	443	192.168.2.5	150.171.28.254
Apr 25, 2025 09:03:10.441063881 CEST	443	49705	150.171.28.254	192.168.2.5
Apr 25, 2025 09:03:10.883713007 CEST	443	49705	150.171.28.254	192.168.2.5
Apr 25, 2025 09:03:10.883788109 CEST	49705	443	192.168.2.5	150.171.28.254
Apr 25, 2025 09:03:11.216284037 CEST	443	49701	192.178.49.196	192.168.2.5
Apr 25, 2025 09:03:11.216345072 CEST	443	49701	192.178.49.196	192.168.2.5
Apr 25, 2025 09:03:11.216516972 CEST	49701	443	192.168.2.5	192.178.49.196
Apr 25, 2025 09:03:12.058253050 CEST	49701	443	192.168.2.5	192.178.49.196
Apr 25, 2025 09:03:12.058284044 CEST	443	49701	192.178.49.196	192.168.2.5
Apr 25, 2025 09:03:13.197474957 CEST	49676	443	192.168.2.5	20.189.173.14

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 25, 2025 09:02:56.946491957 CEST	53	58440	1.1.1.1	192.168.2.5
Apr 25, 2025 09:02:57.954958916 CEST	53	61242	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:00.728811026 CEST	49994	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:00.728954077 CEST	61274	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:00.868923903 CEST	53	49994	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:00.869594097 CEST	53	61274	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:02.411015987 CEST	61325	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:02.411180019 CEST	51160	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:02.416616917 CEST	60818	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:02.416771889 CEST	64295	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:02.587968111 CEST	53	60818	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:02.588829041 CEST	53	61325	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:02.597481966 CEST	53	64295	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:02.598115921 CEST	50524	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:02.610714912 CEST	53	51160	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:02.741853952 CEST	53	50524	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:02.745100975 CEST	49463	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:02.745376110 CEST	60047	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:02.900058031 CEST	53	49463	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:02.900103092 CEST	53	60047	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:02.929765940 CEST	54083	53	192.168.2.5	8.8.8.8
Apr 25, 2025 09:03:02.934660912 CEST	50329	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:03.074965954 CEST	53	50329	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:03.086571932 CEST	53	54083	8.8.8.8	192.168.2.5
Apr 25, 2025 09:03:03.937206984 CEST	54748	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:03.937428951 CEST	60928	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:04.079142094 CEST	53	60928	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:04.088295937 CEST	53	54748	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:09.108766079 CEST	57977	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:09.108933926 CEST	49574	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:09.258301020 CEST	53	49574	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:09.266870022 CEST	53	57977	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:09.267554998 CEST	54736	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:09.409832954 CEST	53	54736	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:14.952297926 CEST	53	59295	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:15.842756987 CEST	61137	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:15.842973948 CEST	56607	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:15.989715099 CEST	53	56607	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:16.039022923 CEST	53	61137	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:16.039711952 CEST	52502	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:16.181535006 CEST	53	52502	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:16.192673922 CEST	63678	53	192.168.2.5	1.1.1.1
Apr 25, 2025 09:03:16.193001986 CEST	51864	53	192.168.2.5	8.8.8.8
Apr 25, 2025 09:03:16.333071947 CEST	53	63678	1.1.1.1	192.168.2.5
Apr 25, 2025 09:03:16.350214958 CEST	53	51864	8.8.8.8	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2025 09:02:57.101690054 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 25, 2025 09:02:57.249782085 CEST	1242	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 530 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 25 Apr 2025 07:00:42 GMT Expires: Fri, 25 Apr 2025 07:50:42 GMT Cache-Control: public, max-age=3000 Age: 135 Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED] Data Ascii: 000H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O

Target ID:	0
Start time:	03:02:49
Start date:	25/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7dcfa0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	03:02:54
Start date:	25/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,7057347569423250158,16475539366718190943,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2080 /prefetch:3
Imagebase:	0x7ff7dcfa0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	7
Start time:	03:02:57
Start date:	25/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,7057347569423250158,16475539366718190943,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5000 /prefetch:8
Imagebase:	0x7ff7dcfa0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	10
Start time:	03:03:01
Start date:	25/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://address.myairmail.com"
Imagebase:	0x7ff7dcfa0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://address.myairmail.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6948, Parent PID: 5084

General

File Activities

File Opened

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Process Terminated

Thread Activities

Thread Terminated

Memory Activities

Windows Analysis Report
http://address.myairmail.com