Windows Analysis Report
https://tampoesdeferrofundido.com.br/redirect.php?v=2455b0ad034ad02

ID:	1527900
Product:	CloudBasic
Start time:	11:20:14
Start date:	07.10.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 08:22:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	17A917E47C3E6FE46AA5D633ABCB4CBD	B253A7E1882D8D8E1C534D38F7A29F1607FDA804	D360DD4342E952979E1C14EF52AB98A27A2021536625A91976E538A39D0CC91A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 08:22:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	75E8DDAC285263F9288EC57B977BE482	2C6CF9EB827A94A88039DCD269E3DBC7514F54CC	7A790C5F1EF647C796FE4B75F8ACA915F3E36C27EE648B9EA6555CF61277E27F
Chrome Cache Entry: 62	ASCII text, with no line terminators	C137693B7FCC97AC0D91F7BF3B58ADCC	C683C3B648402D0D8121BA0DF7828F31E3998F52	C5E48E19830D7C5C5559106A1FD5907D80B7C9B8C95D53F11F8008EF52EEFEEE
Chrome Cache Entry: 63	PNG image data, 974 x 436, 8-bit/color RGBA, non-interlaced	FA43BBC9231D2C8ECE7D24BD4C8EF3BD	707F272EE5EBBD958450C9BBBA418616A81AEB9B	6E27C00366720F73A76FBCCD3342E609C66EED2D368FDC4236FA5607471852D6
Chrome Cache Entry: 64	HTML document, ASCII text	01F1FEC87B6752BD07FFDB5094A8F412	44B244A34BCF40D69035A04A36F16832C84CBBD4	32D4CC802343F90427F77C12E246E3F765DC4AE768F651DECD848FABB79F4848
Chrome Cache Entry: 65	gzip compressed data, from Unix, original size modulo 2^32 895	1550754146CF2BB1ED355F53A75AC228	A57E270485815D746D9AB1EAC7C2EE480BF3B079	93649D34C9BFC59BE22BD09E2801994A9BAD2AE656F74163AEF2CA5A5794FFA5
Chrome Cache Entry: 66	gzip compressed data, from Unix, original size modulo 2^32 1140	414A5A07CDCDA808D70940A900807FC7	D9D093AE29391E4DBC9C7CAF8170D990D5C59CBD	4F72C0852E2C7C0AA584349ACD7FD5ED28A02105CA75CB593BC5703E7218C4E6
Chrome Cache Entry: 68	PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced	000BF649CC8F6BF27CFB04D1BCDCD3C7	D73D2F6D74EC6CDCBAE07955592962E77D8AE814	6BDB369337AC2496761C6F063BFFEA0AA6A91D4662279C399071A468251F51F0

Phishing

Source: https://platypustours.net.au/8G56zf/

LLM: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'platypustours.net.au' does not match the legitimate domain for Microsoft., The URL 'platypustours.net.au' appears unrelated to Microsoft and suggests a different business focus, likely a travel or tour company., There is no indication that 'platypustours.net.au' is associated with Microsoft, which raises suspicion., The presence of a generic input field labeled 'Your Answer' is unusual for a Microsoft-related site, which typically has more specific input fields. DOM: 0.0.pages.csv

Source: https://platypustours.net.au/8G56zf/

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://platypustours.net.au/8G56zf/

HTTP Parser: No favicon

Compliance

Source: unknown

HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:53612 version: TLS 1.2

Networking

Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:53593 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.137
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.100.168
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.137
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.100.168
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	DNS traffic detected: DNS query: tampoesdeferrofundido.com.br
Source: global traffic	DNS traffic detected: DNS query: platypustours.net.au
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53605
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53604
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53603
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53602 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53607
Source: unknown	Network traffic detected: HTTP traffic on port 53604 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53602
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53601
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53600
Source: unknown	Network traffic detected: HTTP traffic on port 53598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53614
Source: unknown	Network traffic detected: HTTP traffic on port 53603 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53601 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53598
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53597
Source: unknown	Network traffic detected: HTTP traffic on port 53605 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53612
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53610
Source: unknown	Network traffic detected: HTTP traffic on port 53612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53614 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53610 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53597 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:53612 version: TLS 1.2

System Summary

Source: classification engine

Classification label: mal52.phis.win@18/8@8/113

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1964,i,3174417204599748744,2607148825556754023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tampoesdeferrofundido.com.br/redirect.php?v=2455b0ad034ad02"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1964,i,3174417204599748744,2607148825556754023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Boot Survival

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk