Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://www.google.com/url?q=https://peopletracks.com&source=gmail&ust=1745796031529000&usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3M#eJydkM1vgkAQxf+X7bWF/WS3nlrTCGmMRpsocpthIfgBQUSx2/R/73Lq3cMc3svML+/ND7FkQnQUodDkmRReMC2VZvSVSm9U3uAAWknKaamE4lTmCgUrrRYUtUQY7/bjGuWKSh5xIZmUJuK7DzPjNH7TRkhttJHif15A4BEQLDZYVw7ywFE

Overview

General Information

Sample URL:https://www.google.com/url?q=https://peopletracks.com&source=gmail&ust=1745796031529000&usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3M#eJydkM1vgkAQxf+X7bWF/WS3nlrTCGmMRpsocpthIfgBQUSx2/R/73Lq3cMc3svML+/ND7FkQnQUodD
Analysis ID:1676442
Infos:

Detection

Score:20
Range:0 - 100
Confidence:80%

Signatures

AI detected suspicious Javascript

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,13095031297464890195,14447929301012545155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2100 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 3928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?q=https://peopletracks.com&source=gmail&ust=1745796031529000&usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3M#eJydkM1vgkAQxf+X7bWF/WS3nlrTCGmMRpsocpthIfgBQUSx2/R/73Lq3cMc3svML+/ND7FkQnQUodDkmRReMC2VZvSVSm9U3uAAWknKaamE4lTmCgUrrRYUtUQY7/bjGuWKSh5xIZmUJuK7DzPjNH7TRkhttJHif15A4BEQLDZYVw7ywFERgLt2RWmDpug99OShVd+3l0kYPsQInyBZDHP+6bKYTSHdnLFZ3WzcOtiuBmymx7lY19AsmE2yE/J2sGm239X3s922Lv8y38tkdsgP78NSrO823bQ+VedTXS9F93Ct2/gr8vsH6G1t/Q==" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: 1.2..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://7758003883899299392-drgqbtcheaf7amcy.z03.a... This script demonstrates high-risk behaviors, including dynamic code execution and potential data exfiltration. The use of obfuscated code and the ability to redirect the user to an arbitrary URL make this script highly suspicious and potentially malicious.
Source: https://www.google.com/url?q=https://peopletracks.com&source=gmail&ust=1745796031529000&usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3M#eJydkM1vgkAQxf+X7bWF/WS3nlrTCGmMRpsocpthIfgBQUSx2/R/73Lq3cMc3svML+/ND7FkQnQUodDkmRReMC2VZvSVSm9U3uAAWknKaamE4lTmCgUrrRYUtUQY7/bjGuWKSh5xIZmUJuK7DzPjNH7TRkhttJHif15A4BEQLDZYVw7ywFERgLt2RWmDpug99OShVd+3l0kYPsQInyBZDHP+6bKYTSHdnLFZ3WzcOtiuBmymx7lY19AsmE2yE/J2sGm239X3s922Lv8y38tkdsgP78NSrO823bQ+VedTXS9F93Ct2/gr8vsH6G1t/Q==HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49695 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.145.237.43:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.145.237.43:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.71:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 38MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UammWcv7UTDCXb6&MD=etS8+GGZ HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global trafficHTTP traffic detected: GET /url?q=https://peopletracks.com&source=gmail&ust=1745796031529000&usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3M HTTP/1.1host: www.google.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1host: www.google.comdownlink: 0.4sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"sec-ch-prefers-color-scheme: lightuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36rtt: 200sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://www.google.com/url?q=https://peopletracks.com&source=gmail&ust=1745796031529000&usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3Maccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: NID=523=cMuuEzmurf0ieltVfHI41_Puvayc26a1oga6vU0XK-rgxGZTC0Kt5zU9oTdl7mx8BhOYQG0c9Lda3UYoIV9Z-nI-C4F7iKNBiLJ7Cj3zsR2bzOiE0mWrVtJ1ZuVwFi58eNj1rd23TwnZhiucZgzwovPC5kNzK5eNafNU6Oqv11ewxeUYIIJkDghT09_6HhlPkSR218BKXG_85-0FYVUpriority: u=1, i
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1host: www.google.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: NID=523=cMuuEzmurf0ieltVfHI41_Puvayc26a1oga6vU0XK-rgxGZTC0Kt5zU9oTdl7mx8BhOYQG0c9Lda3UYoIV9Z-nI-C4F7iKNBiLJ7Cj3zsR2bzOiE0mWrVtJ1ZuVwFi58eNj1rd23TwnZhiucZgzwovPC5kNzK5eNafNU6Oqv11ewxeUYIIJkDghT09_6HhlPkSR218BKXG_85-0FYVUpriority: u=1, i
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UammWcv7UTDCXb6&MD=etS8+GGZ HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: peopletracks.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1host: 7758003883899299392-drgqbtcheaf7amcy.z03.azurefd.netupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"referer: https://www.google.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global trafficHTTP traffic detected: GET /ajax/libs/pako/2.1.0/pako.min.js HTTP/1.1host: cdnjs.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://7758003883899299392-drgqbtcheaf7amcy.z03.azurefd.net/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1host: 7758003883899299392-drgqbtcheaf7amcy.z03.azurefd.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://7758003883899299392-drgqbtcheaf7amcy.z03.azurefd.net/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: peopletracks.com
Source: global trafficDNS traffic detected: DNS query: 7758003883899299392-drgqbtcheaf7amcy.z03.azurefd.net
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons3.gvt2.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 28 Apr 2025 15:38:29 GMTcontent-type: text/htmlcontent-length: 321x-ms-error-code: WebContentNotFoundx-ms-request-id: 15985e80-101e-002a-3253-b8007f000000x-ms-version: 2018-03-28x-azure-ref: 20250428T153829Z-r185b9c9945pcbjghC1PHX7q7n00000017yg0000000058hnx-cache: CONFIG_NOCACHE
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49695 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.145.237.43:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.145.237.43:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.71:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: classification engineClassification label: sus20.win@24/5@43/114
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,13095031297464890195,14447929301012545155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2100 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?q=https://peopletracks.com&source=gmail&ust=1745796031529000&usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3M#eJydkM1vgkAQxf+X7bWF/WS3nlrTCGmMRpsocpthIfgBQUSx2/R/73Lq3cMc3svML+/ND7FkQnQUodDkmRReMC2VZvSVSm9U3uAAWknKaamE4lTmCgUrrRYUtUQY7/bjGuWKSh5xIZmUJuK7DzPjNH7TRkhttJHif15A4BEQLDZYVw7ywFERgLt2RWmDpug99OShVd+3l0kYPsQInyBZDHP+6bKYTSHdnLFZ3WzcOtiuBmymx7lY19AsmE2yE/J2sGm239X3s922Lv8y38tkdsgP78NSrO823bQ+VedTXS9F93Ct2/gr8vsH6G1t/Q=="
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,13095031297464890195,14447929301012545155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2100 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Extra Window Memory Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://www.google.com/url?q=https://peopletracks.com&source=gmail&ust=1745796031529000&usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3M#eJydkM1vgkAQxf+X7bWF/WS3nlrTCGmMRpsocpthIfgBQUSx2/R/73Lq3cMc3svML+/ND7FkQnQUodDkmRReMC2VZvSVSm9U3uAAWknKaamE4lTmCgUrrRYUtUQY7/bjGuWKSh5xIZmUJuK7DzPjNH7TRkhttJHif15A4BEQLDZYVw7ywFERgLt2RWmDpug99OShVd+3l0kYPsQInyBZDHP+6bKYTSHdnLFZ3WzcOtiuBmymx7lY19AsmE2yE/J2sGm239X3s922Lv8y38tkdsgP78NSrO823bQ+VedTXS9F93Ct2/gr8vsH6G1t/Q==0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://peopletracks.com/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
beacons3.gvt2.com
142.250.69.3
truefalse
    		high
    peopletracks.com
    		192.145.237.43
    		truefalse
      		unknown
      cdnjs.cloudflare.com
      		104.17.24.14
      		truefalse
        		high
        beacons-handoff.gcp.gvt2.com
        		142.250.123.94
        		truefalse
          		high
          www.google.com
          		192.178.49.196
          		truefalse
            		high
            beacons2.gvt2.com
            		173.194.217.94
            		truefalse
              		high
              s-part-0043.t-0009.t-msedge.net
              		13.107.246.71
              		truefalse
                		high
                beacons.gvt2.com
                		192.178.153.94
                		truefalse
                  		high
                  7758003883899299392-drgqbtcheaf7amcy.z03.azurefd.net
                  		unknown
                  		unknownfalse
                    		unknown
                    beacons.gcp.gvt2.com
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://www.google.com/url?q=https://peopletracks.com&source=gmail&ust=1745796031529000&usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3M#eJydkM1vgkAQxf+X7bWF/WS3nlrTCGmMRpsocpthIfgBQUSx2/R/73Lq3cMc3svML+/ND7FkQnQUodDkmRReMC2VZvSVSm9U3uAAWknKaamE4lTmCgUrrRYUtUQY7/bjGuWKSh5xIZmUJuK7DzPjNH7TRkhttJHif15A4BEQLDZYVw7ywFERgLt2RWmDpug99OShVd+3l0kYPsQInyBZDHP+6bKYTSHdnLFZ3WzcOtiuBmymx7lY19AsmE2yE/J2sGm239X3s922Lv8y38tkdsgP78NSrO823bQ+VedTXS9F93Ct2/gr8vsH6G1t/Q==false
                        		unknown
                        https://7758003883899299392-drgqbtcheaf7amcy.z03.azurefd.net/false
                          		unknown
                          https://peopletracks.com/false
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          192.145.237.43
                          		peopletracks.comUnited States
                          		22611IMH-WESTUSfalse
                          104.17.24.14
                          		cdnjs.cloudflare.comUnited States
                          		13335CLOUDFLARENETUSfalse
                          1.1.1.1
                          		unknownAustralia
                          		13335CLOUDFLARENETUSfalse
                          192.178.49.196
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          192.178.49.174
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          13.107.246.71
                          		s-part-0043.t-0009.t-msedge.netUnited States
                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          142.250.68.227
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          142.250.68.238
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          142.250.141.84
                          		unknownUnited States
                          		15169GOOGLEUSfalse

                          Private

                          IP
                          192.168.2.16
                          192.168.2.6
                          192.168.2.13
                          192.168.2.15
                          192.168.2.14

                          General Information

                          Joe Sandbox version:42.0.0 Malachite
                          Analysis ID:1676442
                          Start date and time:2025-04-28 17:36:43 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Sample URL:https://www.google.com/url?q=https://peopletracks.com&source=gmail&ust=1745796031529000&usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3M#eJydkM1vgkAQxf+X7bWF/WS3nlrTCGmMRpsocpthIfgBQUSx2/R/73Lq3cMc3svML+/ND7FkQnQUodDkmRReMC2VZvSVSm9U3uAAWknKaamE4lTmCgUrrRYUtUQY7/bjGuWKSh5xIZmUJuK7DzPjNH7TRkhttJHif15A4BEQLDZYVw7ywFERgLt2RWmDpug99OShVd+3l0kYPsQInyBZDHP+6bKYTSHdnLFZ3WzcOtiuBmymx7lY19AsmE2yE/J2sGm239X3s922Lv8y38tkdsgP78NSrO823bQ+VedTXS9F93Ct2/gr8vsH6G1t/Q==
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:14
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          Analysis Mode:stream
                          Analysis stop reason:Timeout
                          Detection:SUS
                          Classification:sus20.win@24/5@43/114
                          • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 192.178.49.174, 142.250.68.227, 142.250.141.84, 192.178.49.206, 184.29.183.29
                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtOpenFile calls found.
                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: https://www.google.com/url?q=https://peopletracks.com&amp;source=gmail&amp;ust=1745796031529000&amp;usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3M#eJydkM1vgkAQxf+X7bWF/WS3nlrTCGmMRpsocpthIfgBQUSx2/R/73Lq3cMc3svML+/ND7FkQnQUodDkmRReMC2VZvSVSm9U3uAAWknKaamE4lTmCgUrrRYUtUQY7/bjGuWKSh5xIZmUJuK7DzPjNH7TRkhttJHif15A4BEQLDZYVw7ywFERgLt2RWmDpug99OShVd+3l0kYPsQInyBZDHP+6bKYTSHdnLFZ3WzcOtiuBmymx7lY19AsmE2yE/J2sGm239X3s922Lv8y38tkdsgP78NSrO823bQ+VedTXS9F93Ct2/gr8vsH6G1t/Q==

                          Created / dropped Files

                          Chrome Cache Entry: 50

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text, with very long lines (611), with no line terminators
                          Category:downloaded
                          Size (bytes):611
                          Entropy (8bit):5.237360878328841
                          Encrypted:false
                          SSDEEP:
                          MD5:AAEED72CD2D1EB82278457985D41E740
                          SHA1:8F94B60A83FAA67746C32065878247FFB851EF0F
                          SHA-256:F96BEA85D0A0BF7A4E15F749F825E6E9BDE5751523EA65B2800B6325B79967CE
                          SHA-512:ADCAEF4ADA97DB7F183F32F734413FBC6DB25200033CDB36C07EACCB87A53A77BE26968F8238489B60F024E40906F84C33F1850522894DAF32AFD45EF801A7EA
                          Malicious:false
                          Reputation:unknown
                          URL:https://7758003883899299392-drgqbtcheaf7amcy.z03.azurefd.net/
                          Preview:<!DOCTYPE html><html><head><meta charset="UTF-8"><title></title><script src="https://cdnjs.cloudflare.com/ajax/libs/pako/2.1.0/pako.min.js"></script><script>function d(e){try{e=decodeURIComponent(e).replace(/-/g,"+").replace(/_/g,"/");while(e.length%4!==0)e+="=";const t=atob(e),n=new Uint8Array(t.length);for(let r=0;r<t.length;r++)n[r]=t.charCodeAt(r);return JSON.parse(pako.inflate(n,{to:"string"}))}catch(o){console.error("",o);return null}}window.onload=function(){const e=window.location.hash.slice(1),t=d(e);t&&t.l?window.location.href=t.l:document.body.innerText=""};</script></head><body></body></html>

                          Chrome Cache Entry: 51

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                          Category:downloaded
                          Size (bytes):5430
                          Entropy (8bit):3.6534652184263736
                          Encrypted:false
                          SSDEEP:
                          MD5:F3418A443E7D841097C714D69EC4BCB8
                          SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                          SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                          SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                          Malicious:false
                          Reputation:unknown
                          URL:https://www.google.com/favicon.ico
                          Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                          Chrome Cache Entry: 53

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (46785)
                          Category:downloaded
                          Size (bytes):46859
                          Entropy (8bit):5.4549236356677895
                          Encrypted:false
                          SSDEEP:
                          MD5:E647868246B70926C4D716F7640BD51A
                          SHA1:C64471D33F9A3D20B5D9219159FE102D8763ADCB
                          SHA-256:EDE2693A4A6A5126B9D35669062B358ECAB6AE7B9B86A1CF302FEB45A8514907
                          SHA-512:8364DE016C3918F9D7EF3D0A9FC9C56D87DE1DCBC0BBFB71E9DEA6ACB7BFF749A40B13BE45CA6DC98A64B14CF7E443B7DFB17CDDB6707265321E21DA9ACA647E
                          Malicious:false
                          Reputation:unknown
                          URL:https://cdnjs.cloudflare.com/ajax/libs/pako/2.1.0/pako.min.js
                          Preview:/*! pako 2.1.0 https://github.com/nodeca/pako @license (MIT AND Zlib) */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).pako={})}(this,(function(t){"use strict";function e(t){let e=t.length;for(;--e>=0;)t[e]=0}const a=256,i=286,n=30,s=15,r=new Uint8Array([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0]),o=new Uint8Array([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13]),l=new Uint8Array([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7]),h=new Uint8Array([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),d=new Array(576);e(d);const _=new Array(60);e(_);const f=new Array(512);e(f);const c=new Array(256);e(c);const u=new Array(29);e(u);const w=new Array(n);function m(t,e,a,i,n){this.static_tree=t,this.extra_bits=e,this.extra_base=a,this.elems=i,this.max_length=n,this.has_stree=t&&t.length}let b,g,p;function k(t,e){this.dyn_

                          Chrome Cache Entry: 54

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text, with very long lines (1523), with no line terminators
                          Category:downloaded
                          Size (bytes):1523
                          Entropy (8bit):5.513032936505175
                          Encrypted:false
                          SSDEEP:
                          MD5:AF27B56E79FE900D3367BDD64420116D
                          SHA1:9B7D55A60AA289EA2F6587334CE66D70B6C7A106
                          SHA-256:7174674DA336E4C891F1B3731641496F7CF81A0A082A69865ACDAC1BB64CEE12
                          SHA-512:D8FEE6C569E8FDDE57B1DFD39586431150249C00D97595CC49DABC98ED7920680CF6195764E0C12E95735B2BD599DBE135C608A75256AD44A43E5270A51133E4
                          Malicious:false
                          Reputation:unknown
                          URL:https://www.google.com/url?q=https://peopletracks.com&source=gmail&ust=1745796031529000&usg=AOvVaw1jJU4a8Ea6iwBKSpUK2c3M
                          Preview:<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Redirect Notice</title><style>body,div,a{font-family:Roboto,Arial,sans-serif}body{background-color:#fff;margin-top:3px}div{color:#000}a:link{color:#681da8}a:visited{color:#681da8}a:active{color:#ea4335}div.mymGo{border-top:1px solid var(--gS5jXb);border-bottom:1px solid var(--gS5jXb);background:#f8f9fa;margin-top:1em;width:100%}div.aXgaGb{padding:0.5em 0;margin-left:10px}div.fTk7vd{margin-left:35px;margin-top:35px}</style></head><body><div class="mymGo"><div class="aXgaGb"><font style="font-size:larger"><b>Redirect Notice</b></font></div></div><div class="fTk7vd">&nbsp;The previous page is sending you to <a href="https://peopletracks.com/">https://peopletracks.com</a>.<br><br>&nbsp;If you do not want to visit that page, you can <a href="#" id="tsuid_uqAPaOyhOeGekPIPpfComQ4_1">return to the previous page</a>.<script nonce="n7pd5v62OtAJHMIBp-8pqw">(function(){var id='tsuid_uqAPaOyhOeGekPIPpfCo

                          Chrome Cache Entry: 55

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text, with very long lines (321), with no line terminators
                          Category:downloaded
                          Size (bytes):321
                          Entropy (8bit):5.095237286878727
                          Encrypted:false
                          SSDEEP:
                          MD5:ED7904D3A7A09DC1AD29F247E551E8EC
                          SHA1:30149CF2719587D21B19F07007B2336418C5118E
                          SHA-256:ACC6427CEF0A3DFC4AA16372FF61B8564554442684FAFD3372CBC06D2BB6D7F0
                          SHA-512:B7D630F65BD6AA4CC7F0A3D2B71883C3A28A1DAD97E2D763C63299C7187EC0ACDA95CC5ECD4CC01A1F3C313B1C5E40AC19C755049F7E76CB81435AEF245FA5F3
                          Malicious:false
                          Reputation:unknown
                          URL:https://7758003883899299392-drgqbtcheaf7amcy.z03.azurefd.net/favicon.ico
                          Preview:<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 15985e80-101e-002a-3253-b8007f000000</li><li>TimeStamp : 2025-04-28T15:38:29.7858536Z</li></ul></p></body></html>

                          Static File Info

                          No static file info