Edit tour

Windows Analysis Report
https://ferrumzks.powerappsportals.com/

Overview

General Information

Sample URL:	https://ferrumzks.powerappsportals.com/
Analysis ID:	1543755

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2000,i,2434418462478297649,10155466664715211141,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6784 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ferrumzks.powerappsportals.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://ferrumzks.byrnemooredocumentattached.sbs/

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....

Source: https://ferrumzks.powerappsportals.com/	HTTP Parser: No favicon
Source: https://ferrumzks.powerappsportals.com/	HTTP Parser: No favicon
Source: https://ferrumzks.byrnemooredocumentattached.sbs/	HTTP Parser: No favicon
Source: https://ferrumzks.byrnemooredocumentattached.sbs/	HTTP Parser: No favicon
Source: https://ferrumzks.byrnemooredocumentattached.sbs/	HTTP Parser: No favicon
Source: https://ferrumzks.byrnemooredocumentattached.sbs/cgi-sys/defaultwebpage.cgi	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:57936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:58050 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:57927 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: ferrumzks.powerappsportals.com
Source: global traffic	DNS traffic detected: DNS query: content.powerapps.com
Source: global traffic	DNS traffic detected: DNS query: png.pngtree.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ferrumzks.byrnemooredocumentattached.sbs
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 58054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 58031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57928
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 58060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 57931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57937
Source: unknown	Network traffic detected: HTTP traffic on port 57977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57936
Source: unknown	Network traffic detected: HTTP traffic on port 58013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57930
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57931
Source: unknown	Network traffic detected: HTTP traffic on port 58065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 58002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 57932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57948
Source: unknown	Network traffic detected: HTTP traffic on port 57984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57946
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57940
Source: unknown	Network traffic detected: HTTP traffic on port 58014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58004
Source: unknown	Network traffic detected: HTTP traffic on port 58020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 58047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 57954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 57948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57955
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58009
Source: unknown	Network traffic detected: HTTP traffic on port 58053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58014
Source: unknown	Network traffic detected: HTTP traffic on port 58042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58010
Source: unknown	Network traffic detected: HTTP traffic on port 57965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58011
Source: unknown	Network traffic detected: HTTP traffic on port 58008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 58029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 57933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 57983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 58046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 57928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58068
Source: unknown	Network traffic detected: HTTP traffic on port 58068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58067
Source: unknown	Network traffic detected: HTTP traffic on port 57992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58063
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 57952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57965
Source: unknown	Network traffic detected: HTTP traffic on port 58050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58019
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58020
Source: unknown	Network traffic detected: HTTP traffic on port 57947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58022
Source: unknown	Network traffic detected: HTTP traffic on port 57985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58028
Source: unknown	Network traffic detected: HTTP traffic on port 58038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57975
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58038
Source: unknown	Network traffic detected: HTTP traffic on port 57942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58032
Source: unknown	Network traffic detected: HTTP traffic on port 57970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58034
Source: unknown	Network traffic detected: HTTP traffic on port 57991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58033
Source: unknown	Network traffic detected: HTTP traffic on port 57936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58030
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57989
Source: unknown	Network traffic detected: HTTP traffic on port 57997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57988
Source: unknown	Network traffic detected: HTTP traffic on port 58010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57987
Source: unknown	Network traffic detected: HTTP traffic on port 58037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58047
Source: unknown	Network traffic detected: HTTP traffic on port 58066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58046
Source: unknown	Network traffic detected: HTTP traffic on port 57941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58049
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58048
Source: unknown	Network traffic detected: HTTP traffic on port 57964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58040
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57995
Source: unknown	Network traffic detected: HTTP traffic on port 58015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58054
Source: unknown	Network traffic detected: HTTP traffic on port 57969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58050
Source: unknown	Network traffic detected: HTTP traffic on port 57986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58051
Source: unknown	Network traffic detected: HTTP traffic on port 58021 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:57936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:58050 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@27/55@28/239

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2000,i,2434418462478297649,10155466664715211141,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ferrumzks.powerappsportals.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2000,i,2434418462478297649,10155466664715211141,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
png.pngtree.com	104.18.3.157	true	false	unknown
challenges.cloudflare.com	104.18.94.41	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
ferrumzks.byrnemooredocumentattached.sbs	188.114.96.3	true	false	unknown
www.google.com	172.217.18.4	true	false	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown
content.powerapps.com	unknown	unknown	false	unknown
ferrumzks.powerappsportals.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://ferrumzks.byrnemooredocumentattached.sbs/	false	unknown
https://ferrumzks.byrnemooredocumentattached.sbs/cgi-sys/defaultwebpage.cgi	false	unknown
https://ferrumzks.powerappsportals.com/	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
52.178.17.3	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
216.58.206.78	unknown	United States	15169	GOOGLEUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
20.107.224.38	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.2.157	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
172.217.23.110	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	unknown	European Union	13335	CLOUDFLARENETUS	false
51.116.246.104	unknown	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
188.114.96.3	ferrumzks.byrnemooredocumentattached.sbs	European Union	13335	CLOUDFLARENETUS	false
104.18.3.157	png.pngtree.com	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
66.102.1.84	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1543755
Start date and time:	2024-10-28 11:29:33 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://ferrumzks.powerappsportals.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@27/55@28/239

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.78, 66.102.1.84, 142.250.185.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://ferrumzks.powerappsportals.com/

LLM Input / Output

Input	Output
URL: https://ferrumzks.powerappsportals.com/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "WYWIETLANIE GOTOWYCH DOKUMENTW", "prominent_button_name": "WYWIETLANIE GOTOWYCH DOKUMENTW", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://ferrumzks.powerappsportals.com/ Model: claude-3-haiku-20240307	```json { "brands": [ "FERRUM S.A." ] }
	```json { "brands": [ "FERRUM S.A." ] }
URL: https://ferrumzks.byrnemooredocumentattached.sbs/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "ferrumzks.byrnemoredocumentattached.sbs needs to review the security of your connection before proceeding.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://ferrumzks.byrnemooredocumentattached.sbs/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "ferrumzks.byrnemoordocumentattached.sbs needs to review the security of your connection before proceeding.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://ferrumzks.byrnemooredocumentattached.sbs/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "ferrumzks.byrnemoredocumentattached.sbs needs to review the security of your connection before proceeding.", "prominent_button_name": "Verify you are human", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://ferrumzks.byrnemooredocumentattached.sbs/ Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare" ] }
	```json { "brands": [ "Cloudflare" ] }
URL: https://ferrumzks.byrnemooredocumentattached.sbs/ Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare" ] }
	```json { "brands": [ "Cloudflare" ] }
URL: https://ferrumzks.byrnemooredocumentattached.sbs/ Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare" ] }
	```json { "brands": [ "Cloudflare" ] }
URL: https://ferrumzks.byrnemooredocumentattached.sbs/cgi-sys/defaultwebpage.cgi Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "If you are the owner of this website, please contact your hosting provider: webmaster@ferrumzks.byrnemoore.documentattached.sbs", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://ferrumzks.byrnemooredocumentattached.sbs/cgi-sys/defaultwebpage.cgi Model: claude-3-haiku-20240307	```json { "brands": [ "cPanel" ] }
	```json { "brands": [ "cPanel" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 09:30:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9779395046389014
Encrypted:	false
SSDEEP:
MD5:	CEA62CA018239CC6CA0D4FF718A3A9B2
SHA1:	6EC91D607A15CA144D58285E2EE66168A7DA607E
SHA-256:	C819D2A48317288E05645D916B07B7FD4A1B84242A1073543FB94A731E173FD4
SHA-512:	9BB7F49C294EB1AB5B4C62603876612E965913A6F8480F7BBAB4C03A679169AF7B495971BDF8072B14193DDF8400F9A4E08D9672EA84F4ABF479580D0406005F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....Qt.`$)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............o.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3164
Entropy (8bit):	7.86611006659948
Encrypted:	false
SSDEEP:
MD5:	F79ADAF00F83DC9757086CDBE8645FF0
SHA1:	82F37B8BE7668EAB8E1A06DE828CB336799C8134
SHA-256:	944120FB6962C7484D769D645E6D830850EEAD9394F6A84090AED489CFC0C41F
SHA-512:	EB7DB97A73D4FD8FF7ACC027582A2564636EE9D92F19365DA11EC4C80BE62418450FD0B37ED1462D56489C52FA1AB69008B040FAD7795151DC1D26AC59293F6A
Malicious:	false
Reputation:	unknown
URL:	https://ferrumzks.byrnemooredocumentattached.sbs/img-sys/server_misconfigured.png
Preview:	.PNG........IHDR..............>a.....sBIT....\|.d.....sRGB.........gAMA......a.....pHYs..........d_.....tEXtCreation Time.12/30/13.Z......tEXtSoftware.Adobe Fireworks CS6......IDATx^...8.....a/.K..6...7!`C ."&......."" .......("..% ".....wtzd.=cK=..U]..XcK.Z..l......a.."..y..H_PV.....e. .F.......J...... J.C./..D...P.?B5+......W.;.c%...%.)...u.34...Da.q..!A.w...T..6.......\).6.X..#(e..h......%0......m..A.MT.\.b..b7f...]s.}1.aA.W{}?...H...k...t5..@.r.iR.:...}..3....s.....H...lC.~[.............@..I@.CE+.._.H..Q.?=...(R.....'.".B.yQ..T T....@..<.N........Ek...^...\..w.!O.X...N.OL..$.`I..}~.m.[J...q.?............HNX].va.@NV]..a..@NT......9I.}..._.woq......7..=[...3.2+..3..9A...%].req...c.f#.._.;wn.......Ck.b..P~H.?K.....k..e..8.9{.lC........G.z..W....\HnN.P.... [../^.h.dJis..//>}..Z......^.l.....yWC.g.c.. .....`.y.%@6...H.................'N.X\.ti).B.....K.....5.9.5.S....\|.2........-.]...=...E6yv...!J...7.....`..E.?h#..AH..<yr..w.............

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11766), with no line terminators
Category:	downloaded
Size (bytes):	11766
Entropy (8bit):	4.903164552389703
Encrypted:	false
SSDEEP:
MD5:	2659C6F064BBDF38AFF3A3F7D33BA256
SHA1:	73EA787E226F755D9F57DC637AEB5A9D506338CF
SHA-256:	E3A5A5E3432453A9CDCE2A02DD4D7F08037119C6A9AC545D010D3CF73768825A
SHA-512:	F2508AE13D0E19E3BA856F919E05FCF731A2481C13D2FF99FB7843E7CA7CEAA37BE37D07E20C18CFDFE09A4B2DB9EA196A9C179B201C37C85A9F8146FF18D173
Malicious:	false
Reputation:	unknown
URL:	https://content.powerapps.com/resource/powerappsportal/dist/pcf-style.bundle-2659c6f064.css
Preview:	.msos-open .msos-inner-container:not(.msos-fullscreen) .msos-selection-container{position:absolute!important;z-index:1000;top:28px!important}html[dir=rtl] .msos-open .msos-inner-container:not(.msos-fullscreen) .msos-selection-container{right:0!important}html[dir=ltr] .msos-open .msos-inner-container:not(.msos-fullscreen) .msos-selection-container{left:0!important}.msos-glyph:after{font-size:9px!important}.msos-label{margin-bottom:0}.msos-caret-button:focus{outline:0}.msos-selecteditems-container:focus{outline:0}.msos-container:not(.msos-disabled){border:1px solid #949494;box-shadow:inset 0 1px 1px rgb(0 0 0 /8%);transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.msos-container:not(.msos-disabled).msos-active{border:1px solid #949494!important;box-shadow:inset 0 1px 1px rgb(0 0 0 /8%);transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.msos-container:not(.msos-disabled).msos-focused{border-color:#69c!important;outline:0;box-shadow:inset 0 1px 1px rgb

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4807
Entropy (8bit):	4.941343369031878
Encrypted:	false
SSDEEP:
MD5:	633E70F51B5C0319AF3ACF16EC1AE7B6
SHA1:	D28238721914C98998ACC0485CCEBF230F01A520
SHA-256:	FB076F7948CA70EB1F51334FE4C473C40BBE3BCEB105981C482BB8634FF98081
SHA-512:	1509681E13367F0264CC341C1752B9EF7FFE0714098615282DB2B3688C24AF50D1052421DD606FCFCF942C0BE2D59B7694FA59150923F427FCD807530C56998A
Malicious:	false
Reputation:	unknown
URL:	https://content.powerapps.com/resource/powerappsportal/dist/client-telemetry-wrapper.bundle-633e70f51b.js
Preview:	.//// Wrapper class for client logger for below purposes..//// 1. Abstracting CST framework code from manual trace log APIs. ..//// 2. Constrolling instantiation of CST framework code in clientLogger.js based on whether telemetry is enabled..class ClientLogWrapper {...../// Constructor which also creates an instance of actual logger if telemetry is enabled...constructor() {....try {.....if (Helper.isTelemetryEnabled()) {......ClientLogger.getLogger();.....}....}....catch (exception) {.....console.warn(exception);....}...}...../// Gets the client log wrapper. Creates new instance if not already created...static getLogger() {....if (!window.clientLogWrapper) {.....window.clientLogWrapper = new ClientLogWrapper();....}......return window.clientLogWrapper;...}...../// Trace info log.../// For component, subComponent, action, tag, it is recommended to use standard short and crisp one worder string..../// Examples:.../// for component: entity_grid, entity_form etc.../// For SubComponent: f

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7625)
Category:	dropped
Size (bytes):	7674
Entropy (8bit):	5.1936693801975675
Encrypted:	false
SSDEEP:
MD5:	FBAA8BF626C7A370536A67E0E49FBF2A
SHA1:	2E271B643612210C73D4DB20A3E7771830A922C0
SHA-256:	C83EE49A30249601960E9B2E2502A41128423F46517BF01E36052EA082317830
SHA-512:	2A77B33E37AC901049B0302BEA89A97FB8B21FF9DAFA422FE3CB20693BEE0F65610581BBA1D260D416FF650CEA2022857FED202610F205CB315C4FDB24ACBF18
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(self.webpackChunk_microsoft_powerpages_mf_shared=self.webpackChunk_microsoft_powerpages_mf_shared\|\|[]).push([[465],{4465:(e,t,r)=>{r.r(t),r.d(t,{immer:()=>G});var n=Symbol.for("immer-nothing"),o=Symbol.for("immer-draftable"),i=Symbol.for("immer-state");function c(e,...t){throw new Error(`[Immer] minified error nr: ${e}. Full error at: https://bit.ly/3cXEKWf`)}var s=Object.getPrototypeOf;function a(e){return!!e&&!!e[i]}function u(e){return!!e&&(_(e)\|\|Array.isArray(e)\|\|!!e[o]\|\|!!e.constructor?.[o]\|\|y(e)\|\|b(e))}var f=Object.prototype.constructor.toString();function _(e){if(!e\|\|"object"!=typeof e)return!1;const t=s(e);if(null===t)return!0;const r=Object.hasOwnProperty.call(t,"constructor")&&t.constructor;return r===Object\|\|"function"==typeof r&&Function.toString.call(r)===f}function l(e,t){0===p(e)?Object.entries(e).forEach((([r,n])=>{t(r,n,e)})):e.forEach(((r,n)=>t(n,r,e)))}function p(e){const t=e[i];return t?t.type_:Array.isArray(e)?1:y(e)?2:b(e)?3:0}function d(e,t){return

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ferrumzks.powerappsportals.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Chrome Cache Entry: 173

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 180

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Chrome Cache Entry: 185

Chrome Cache Entry: 186

Chrome Cache Entry: 187

Chrome Cache Entry: 188

Chrome Cache Entry: 189

Chrome Cache Entry: 190

Chrome Cache Entry: 191

Chrome Cache Entry: 192

Chrome Cache Entry: 194

Chrome Cache Entry: 198

Chrome Cache Entry: 202

Chrome Cache Entry: 203

Chrome Cache Entry: 204

Chrome Cache Entry: 207

Chrome Cache Entry: 208

Chrome Cache Entry: 209

Chrome Cache Entry: 211

Chrome Cache Entry: 212

Chrome Cache Entry: 213

Chrome Cache Entry: 214

Chrome Cache Entry: 215

Chrome Cache Entry: 216

Chrome Cache Entry: 217

Chrome Cache Entry: 219

Chrome Cache Entry: 221

Chrome Cache Entry: 223

Windows Analysis Report
https://ferrumzks.powerappsportals.com/