Edit tour

Windows Analysis Report
https://petition.parliament.uk/petitions/700143

Overview

General Information

Sample URL:	https://petition.parliament.uk/petitions/700143
Analysis ID:	1562368

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 4292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2044,i,4145369547948919799,1386366757902734548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://petition.parliament.uk/petitions/700143" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://petition.parliament.uk/petitions/700143/signatures/new

HTTP Parser: No <meta name="author".. found

Source: https://petition.parliament.uk/petitions/700143/signatures/new

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 2.23.161.164:443 -> 192.168.2.18:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.161.164:443 -> 192.168.2.18:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.147.3:443 -> 192.168.2.18:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.73:443 -> 192.168.2.18:49739 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.161.164
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.3

Source: global traffic	DNS traffic detected: DNS query: petition.parliament.uk
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 2.23.161.164:443 -> 192.168.2.18:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.161.164:443 -> 192.168.2.18:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.147.3:443 -> 192.168.2.18:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.73:443 -> 192.168.2.18:49739 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/18@6/110

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2044,i,4145369547948919799,1386366757902734548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://petition.parliament.uk/petitions/700143"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2044,i,4145369547948919799,1386366757902734548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://petition.parliament.uk/petitions/700143	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
petition.parliament.uk	108.158.75.9	true	false		high
www.google.com	142.250.181.68	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://petition.parliament.uk/petitions/700143/signatures/new	false		unknown
https://petition.parliament.uk/petitions/700143	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.19.206	unknown	United States	15169	GOOGLEUS	false
172.217.19.227	unknown	United States	15169	GOOGLEUS	false
74.125.205.84	unknown	United States	15169	GOOGLEUS	false
172.217.19.238	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.17.67	unknown	United States	15169	GOOGLEUS	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
108.158.75.9	petition.parliament.uk	United States	16509	AMAZON-02US	false
172.217.19.234	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.18

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562368
Start date and time:	2024-11-25 14:42:37 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://petition.parliament.uk/petitions/700143
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/18@6/110

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 74.125.205.84, 172.217.19.238
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://petition.parliament.uk/petitions/700143

LLM Input / Output

Input	Output
URL: https://petition.parliament.uk Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://petition.parliament.uk
URL: https://petition.parliament.uk/petitions/700143 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Call a General Election", "prominent_button_name": "Sign this petition", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://petition.parliament.uk/petitions/700143 Model: Joe Sandbox AI	{ "brands": [] }
	{ "brands": [] }
URL: https://petition.parliament.uk/petitions/700143/signatures/new Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Call a General Election", "prominent_button_name": "unknown", "text_input_field_labels": [ "Name", "Email address", "Location", "Postcode" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://petition.parliament.uk/petitions/700143/signatures/new Model: Joe Sandbox AI	{ "brands": [ "UK Government and Parliament" ] }
	{ "brands": [ "UK Government and Parliament" ] }
URL: https://petition.parliament.uk/petitions/700143/signatures/new Model: Joe Sandbox AI	```json{ "legit_domain": "parliament.uk", "classification": "wellknown", "reasons": [ "The URL 'petition.parliament.uk' is a subdomain of 'parliament.uk', which is the legitimate domain for the UK Parliament.", "The brand 'UK Government and Parliament' is well-known and is correctly associated with the 'parliament.uk' domain.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The input fields (Name, Email address, Location, Postcode) are typical for a government petition site and do not raise immediate red flags." ], "riskscore": 1}
URL: petition.parliament.uk Brands: UK Government and Parliament Input Fields: Name, Email address, Location, Postcode
URL: https://parliament.uk Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://parliament.uk

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2691
Entropy (8bit):	3.990524858159156
Encrypted:	false
SSDEEP:
MD5:	6622ECFBD62E7821E392AB0706701DCA
SHA1:	9DF74C7135ED42CA796E3EE44615AD47D0F594C4
SHA-256:	22FCA6661EBE857B8135616541DE7BF04127FDAC6ACD6CCC91D3C682986EA35E
SHA-512:	0DF7C75E6E360306407B2EBEDB1F83306C0C541973F68B9C952CFAE41778164F096261BB971D17B210F1A912B78796F4C78D22C5F7171131E455FE595A8C49E4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IyYZm....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyYem....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VyYem....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VyYem...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............1G.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	76
Entropy (8bit):	4.855184468286164
Encrypted:	false
SSDEEP:
MD5:	3AB47DD48E35F7A2FB2D77C91BE5685C
SHA1:	7DFEDA4C44034EBF83E5AADC8A1176FBE6413E33
SHA-256:	800D6E383BFD148E30E7D3FC412B61AAA838BA3B075AC483865A1D09DD1318CD
SHA-512:	875A43CCF0F6EFCB58C36887039E21C86BD3198F64599C5C072852C3C915423D9B89C79D8880D7D8307434D92FACEFBF2C8F496E5807E21E7F1A47A8ADE2AF41
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSJQnHRzFR-UryJBIFDRa6d08SBQ0fg0Q0EgUN6yNS5xIFDYRp04w=?alt=proto
Preview:	CjYKCw0WundPGgQIBxgBCgsNH4NENBoECAkYAQoLDesjUucaBAgkGAEKDQ2EadOMGgQIIxgBIAE=

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 18 x 13, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	263
Entropy (8bit):	6.3681215851979385
Encrypted:	false
SSDEEP:
MD5:	839FB5FA3590C42D28F56BCBA928B840
SHA1:	1D9D50E3D40CDD1B3A2ECD9AE0C568F15AEAD026
SHA-256:	C7A65884985149509543FB4340C9A5413220C33DD303A05BA62D986727F863AC
SHA-512:	D44262E7206E6AFB5E02FE3BD242C2F09B656C90E5527BC5B74FCDC0E4552B7014D5DDE7E559C288BE9EAB653D49E041E702DBC41FEA3609A5A9050F9FBDEC00
Malicious:	false
Reputation:	unknown
URL:	https://petition.parliament.uk/assets/icons/icon_share-email-c7a65884985149509543fb4340c9a5413220c33dd303a05ba62d986727f863ac.png
Preview:	.PNG........IHDR..............N>.....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b.....@....?...2.0.b.....x?........&....A4..X.0....b. ....f.H.....A.@...F6......F..}..y..+...h."...R.R..E...i.z.3.2.H- &......f.#4.P...........'>.B.......IEND.B`.

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2676), with no line terminators
Category:	downloaded
Size (bytes):	2676
Entropy (8bit):	4.9532314515710425
Encrypted:	false
SSDEEP:
MD5:	C92ACB9D600CD49AA72F410EF8C8F029
SHA1:	8AD1BABB35A92A534FEF1C34DA4D525B878AC806
SHA-256:	12397D0451D898298F78A779D6BD9F23B872A64CF582ADFC1C3FD05220B6FB79
SHA-512:	94FDE294CA4EB45D543DEC5610012DA1A86A05DBA5F61798A99CBF1F5AB2944CA9984C442560FB247B72734C106D2DD3A5B5F702FB26C4EB1AC0EAD401101646
Malicious:	false
Reputation:	unknown
URL:	https://petition.parliament.uk/assets/auto-updater-12397d0451d898298f78a779d6bd9f23b872a64cf582adfc1c3fd05220b6fb79.js
Preview:	!function(t){"function"==typeof define&&define.amd?define(["jquery"],t):"object"==typeof exports?t(require("jquery")):t(jQuery)}((function(t){function e(t,e){return t.toFixed(e.decimals)}var o=function(e,n){this.$element=t(e),this.options=t.extend({},o.DEFAULTS,this.dataOptions(),n),this.init()};o.DEFAULTS={from:0,to:0,speed:1e3,refreshInterval:100,decimals:0,formatter:e,onUpdate:null,onComplete:null},o.prototype.init=function(){this.value=this.options.from,this.loops=Math.ceil(this.options.speed/this.options.refreshInterval),this.loopCount=0,this.increment=(this.options.to-this.options.from)/this.loops},o.prototype.dataOptions=function(){var t={from:this.$element.data("from"),to:this.$element.data("to"),speed:this.$element.data("speed"),refreshInterval:this.$element.data("refresh-interval"),decimals:this.$element.data("decimals")},e=Object.keys(t);for(var o in e){var n=e[o];void 0===t[n]&&delete t[n]}return t},o.prototype.update=function(){this.value+=this.increment,this.loopCount++,t

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 27 x 25, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1014
Entropy (8bit):	7.187932888346423
Encrypted:	false
SSDEEP:
MD5:	D813DC14F776E1D444065EF8F06F3F2F
SHA1:	6C4935A51FBB63BDD9B1FFD277243C98E550E805
SHA-256:	7B3BF16DB66E3CA01D4ECD09AFB99F7854C5B0E96A07BCAFBF4CA9801EC36C84
SHA-512:	9195ADE70DA3D3D2BBEA587A97C8213DB9FB946316E83E4F115B4E5C0E07E38F81BA5D6526F3EAF286E75CE71CE20721652F90EEDFEF7ACDE0108C3FACB6EC35
Malicious:	false
Reputation:	unknown
URL:	https://petition.parliament.uk/assets/graphics/graphic_crown-7b3bf16db66e3ca01d4ecd09afb99f7854c5b0e96a07bcafbf4ca9801ec36c84.png
Preview:	.PNG........IHDR...............U^....sRGB........xeXIfMM..............................J...........R.(...........i.........Z.......H.......H..................................0=.(....pHYs.................iDOT...............(...........\f.2.....IDATH...1KBa..-..\."..l.!l.9..).V[..."..h.@...XD? ....P.[!...@.........;.\|.{.&...%G>.8u...0..T....p..\|.b.&..y...b..a........Al..4.pk.vX;P.g.t.i.o!......)x.kM...9..,.z .f........s8.:.O...F..{.q."...vL...m2N}.....6J%..p<.I..{.}.`.....Dw...e....i!b.!.+(F...........`f..N.O..n..ZO..K.........K.Q..G.k....X.......4....Q..v.3..Z.H.I.<..D.-...I.....6v...b%.A\|\|.p.2..l..\|s.9.....M.$Y....b%...~c%.......&......q.r&%.&..c..9.}.....8...sm.k.{.a.$..{3.g.@..Qq&.i..d_X;.....N..=.yV...9S..&.l...CS...>@\|.#...k.p:..}.;..O.<....n.W......C....>..8.aF..M..{..,...{N*.HM.....,..g.......N.9p.>.s....&V..&VG.P...0...6.~m..a..C$...u.jA...}...\.._M....r..a.<l;.t.>..- }..m.i..&........Sp].u.c.9....M..G..8.?.~..S.T.`...".....?.~...........W.=p....

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 7 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	185
Entropy (8bit):	5.979309587871834
Encrypted:	false
SSDEEP:
MD5:	ED0F451B75B89885A996949EACA6032F
SHA1:	03318DC1E2C712EAB769E387D1FB574A7078A359
SHA-256:	8A6E61B4D9F66C733AEA67278184EA5362ECED40F47B52F4D624DBCA09FEC3A4
SHA-512:	B2951E30917965BE4636B1A94ECE3DD2FA760EAEFDFDDC3A52FEEBC75E4218E8D7DFBE95F0C5B866D1C059F61FE2F5DFC4CA0075270E19E464D7A24BBE4EAFC3
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............e.....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<...FIDATx.bd..n^^. ....`b.H...%@...."..,.X.....ub.F.].qI...X$..'.ACK. .......1\|....IEND.B`.

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 41 x 17, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	578
Entropy (8bit):	7.435063801756621
Encrypted:	false
SSDEEP:
MD5:	2A580BFBBDC27944AFF04C52D0B43AEA
SHA1:	3C8CBEFAB961E05A4E88495DF473DBBEC73B5F32
SHA-256:	1404038A1A7C39C32FA2E4AC4F07D2F9BA2EDAF6DD9A9406FEB81574122EF3F3
SHA-512:	563CAC6506DF8F87E431CC5073F4F88D5E22DAACCFE61586CE198785B7A84D0A00BF92EB99C51B4367C3FE1AA01512855796737FEB73126B2E17B2450C3E58DA
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...).........@I.6....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.V.q.0.ur...e.............h..~..@' .....J7....9.......\|...'.vb.==..A..>......._.??Z..`.l....G.0.#n...x">.C33a[.B5..f6.E...}..B.fe.0..$..=4..o-,...m$v...3...T....)J...S .....$9 .].1...c%..g....^Qy.............(oBaEL...oTP...d.R.B..`.W......rS.Q,AKr(C.:bh...%.r...>$............8.....(..^..Z.>%e.&T$..9r....}.........c+I.U..P.. .y...dB!...4....pk.......0a.......H....IiGu.........R&}.QT{...8v=. Z.T....o..R......f...D.Q.6.r.q..........4 q.z....IEND.B`.

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	10706
Entropy (8bit):	5.127365148254335
Encrypted:	false
SSDEEP:
MD5:	BC25A05810D84EBF726763E6FCA43226
SHA1:	ED667D7F5334D3251861D8CA2EE2543C1C855749
SHA-256:	FF2F8E10F691C9DB357F917A639ACD235875EFE020093940A41712389F383212
SHA-512:	B2566C83C91650393B61285694859C2486A42AC2F8782CC3B812DB43CA2DD67288E18C43BFA2E95018818C74828F76F0FCDFDD58326740EB2DDBD4297D66C8A6
Malicious:	false
Reputation:	unknown
URL:	https://petition.parliament.uk/petitions/700143
Preview:	<!DOCTYPE html>.<html lang="en-GB">. <head>. <title>Call a General Election - Petitions</title>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.. <link rel="preload" href="/assets/application-26fd7971ab71c9019364ce16986ef3ecfb030f302fd1be3acc6b06472e6fbd7f.css" as="style" type="text/css">. <link rel="preload" href="/assets/application-4e54e69e6fa8e798bdb91d943934c9f458bd361a4f9569860a25ee2629a19abe.js" as="script" type="text/javascript">.. <link rel="preload" href="/assets/auto-updater-12397d0451d898298f78a779d6bd9f23b872a64cf582adfc1c3fd05220b6fb79.js" as="script" type="text/javascript">.. [if gt IE 8]> ><link rel="stylesheet" href="/assets/application-26fd7971ab71c9019364ce16986ef3ecfb030f302fd1be3acc6b06472e6fbd7f.css" /> <![endif]-->. [if IE 7]><link rel="stylesheet" href="/assets/application-ie7-21fc5a1bb28e493e6ba1b9664b1b00c11c07978f2c3b00ad7aec4bc46ad14701.css" /><![endif]-->. [if IE 8]><link rel="stylesheet" h

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 26 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	643
Entropy (8bit):	7.524378789026644
Encrypted:	false
SSDEEP:
MD5:	32B34ED6F1D495E49BDF46F74271B49C
SHA1:	2027D9FCBAB12657EFA61BDAFC828AA14A12E0BD
SHA-256:	7D327E93267DDD23662CF46E69B6F643F3953A4A2131FDAA96036B84BB05E44A
SHA-512:	C064DF56499001BDDAEC810001916FA41D6708744ED730C890F3CE903A4685B5571608EF75566A90940190DC776BDA7BC56BA50E3F987DB498423BFB3351C6A8
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....... .......h.....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.V.q.0......d.d..A.A3B6(.pL@3....N@;A....\)}Q.......HF.$..Q..km.....?R..\|.$.d.#=7 .S...\#...D..D...'..^.....;!.gc..GE..H....x',.{....../<"[.(ag."D._]...p....%.d.AE.c^.]....\|.R&%.9.W.5.......Gzo...d.6....Y>...\|+.....D.VEe.Eg/E.Fu"K...o...0.v1...@\|....\|+-.......K.S...g.\e....,C....-..O3u.:s'xXa4Q81#n..F...9!f..w....L.m....zy...2.k.Z......u......a.BEdB.#........@#n9.T.!K7p'........i.j.l.i.D.M.2..Yw.fH}..K../........]9..F...\|q.o...G.R.U..<\|...TF.oG.....s....N.Q..5_.U.wN..k:..../....../...8..w..l.....IEND.B`.

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 26 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	725
Entropy (8bit):	7.589696601835099
Encrypted:	false
SSDEEP:
MD5:	CAA082FA6B757440B6B0522D29A40777
SHA1:	B838B2559A4B1A0D7F830B804827DAA2E560D097
SHA-256:	ECF9F03FF1640D4199ABC5866939E813E375467BB78B1B0F331A75FEA3CACF91
SHA-512:	68026E23ACCBFBA8847F5F76A04A4340242E178621E7E86A0FB02AF808C76300D021F37056504BD32666DF3637493A864D17058FA323088DA91708204FFEAE40
Malicious:	false
Reputation:	unknown
URL:	https://petition.parliament.uk/assets/graphics/graphic_portcullis-ecf9f03ff1640d4199abc5866939e813e375467bb78b1b0f331a75fea3cacf91.png
Preview:	.PNG........IHDR....... .......h.....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<...bIDATx..V;N.@.....A.w....A.t)..H..p....)..' %]...N.8A......zk...Ap`.'.....z=..-,.........)..E6..^q...6p.\.1e.[w..M.YH218~y~~Pcbx.q..=b.1.%.s..=.mVR.J.2...E.1...m..&.O.M`...@.-..........\8.\|.5.5...aJ$.CN.H..g...\S.M..8u.lq..........C..n.%..q!.W.}..............hp.m...c.K...#.X.Xm..9bz....v.<}.>.U.....j..~.%..:...,..f....i.. .8o.=[tN...5....t.&.r..zLv..J.5.UU.c..q.....9.e........I.2...tL.k.@.9.y%7.....).....2..x.......U.. ..;.ByTZ.4w.....5.....fP..;.....y^......T....v3..`.(.F.._o...H..._.'E.a...R...rO...On..q...yG..;ou.bJ....y.65_*K...g....y.....r..y7h.....c...&..I:.....o.w]..!...g##.j....IEND.B`.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	1142
Entropy (8bit):	5.008754769016988
Encrypted:	false
SSDEEP:
MD5:	C66C683BF6373718E7BE689C9E87BCA8
SHA1:	7ECF2A91CA79A2583075750FC0E17C89E692F303
SHA-256:	418C6DC9330D6F63C6F66915F27C5DEAD8FBF51DCAF084DC4891A064B5E62794
SHA-512:	A7F76ADCE5C922AEA2719EC91467984DC06D41BB56B2FB99C77EE3623B625E23D2946486173157279B1FD477CF71E093FBDC00371A2F5A89DBC23C846A27A7A6
Malicious:	false
Reputation:	unknown
URL:	https://petition.parliament.uk/manifest.json
Preview:	{"name":"Petitions","display":"standalone","orientation":"portrait","start_url":"/","icons":[{"src":"/assets/os-social/android/launcher-icon-0-75x-8351c7f6a0dfd3d8742d0fda1604b03021cbaec63564daf758694edb92106e58.png","sizes":"36x36","type":"image/png","density":"0.75"},{"src":"/assets/os-social/android/launcher-icon-1x-59f33aef78a03734a7656ad02772a12ec65590d313b56dbb509f7d76312f99f1.png","sizes":"48x48","type":"image/png","density":"1.0"},{"src":"/assets/os-social/android/launcher-icon-1-5x-2df236b0df70ce2d65d4ae335d5bf123ede27dc59f355e7a318071cd4f67de88.png","sizes":"72x72","type":"image/png","density":"1.5"},{"src":"/assets/os-social/android/launcher-icon-2x-bc704386500493cf88d49e65b53f9d4cfe4999deefe8ba42dbcf8db374002346.png","sizes":"96x96","type":"image/png","density":"2.0"},{"src":"/assets/os-social/android/launcher-icon-3x-823a71b98c8e29673a8d1505ceff2a35374edcdeb0585bc11042aebfc179c7c3.png","sizes":"144x144","type":"image/png","density":"3.0"},{"src":"/assets/os-social/android/

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 52 x 64, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1514
Entropy (8bit):	7.800036430531714
Encrypted:	false
SSDEEP:
MD5:	4681BE2BD7783A315BE1EDBF7A54B4AC
SHA1:	DDA4FC17EF19AA42F0B080369862CC6FE77EDCC7
SHA-256:	61C5B956ACD051993AA4D13E0AA7A0709B6F9C46388E391118008B472F6A9B88
SHA-512:	3D659773B9C8917C34110289E79657FDFB45C671EFBB6913B95A0142D70C9D8402FEF9E94EED81F577FD92FD6C5844B46CCCF1710867BCF34AD7395D4E61B53E
Malicious:	false
Reputation:	unknown
URL:	https://petition.parliament.uk/assets/graphics/graphic_portcullis-large-grey-61c5b956acd051993aa4d13e0aa7a0709b6f9c46388e391118008b472f6a9b88.png
Preview:	.PNG........IHDR...4...@.....U.T<....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<...wIDATx..Z.q"9.n.....G0L...B.6..}...p...' .p...@..D..lg0......!..`...W...SK....V+z.z..W..<.+...]..2...w~.[g.............&%....\|.=}..o[._..E...H&0.?...?...x..8W....V.G....._......F.......M.....,.......xC).~.~.C../....cE.......t.1....c.J:......t...%.....N,.ww@.....z.....q^..0byw..$"C.0C{.p....{.H.+.......I.S.=....[.[l.."."..#...@....ted[..d.]..xe.dA....m.....\|.U3..."...($.m....h..FW".\|...F.eG..Sd.Gx..WD".......6..D......k7.#..!?c..4.........G.o.,G.....T.Rt<.9....{0...gQ...............}`..{z.)8.Z:.cU~Y..(m.....0+):pp.{..W.o...Z..,...qo..]...=.....Y.......T.......?0iV.k./.1..S.d".m..bH..Y..;.w.hK..5J.N..)..m0H....b.v...L.'.@....%c..>..K..S..V.q.b..F.....!.S...Ge.....S-X."..(._....R..i...>.t...N5...h......V.7.......`Q....Qx1.@-....0......g..<x.G..6.x/..G.x.B.Z.#.`......x.-..49.ls..6...M.....6..L(...(-R...&/..&Rn..!N.D.$..C(6..N\.`......E.9.%o.....0...

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 144 x 144, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2713
Entropy (8bit):	7.609171093803645
Encrypted:	false
SSDEEP:
MD5:	4F1FCE7B07CDB6CB552EC41858F89F5E
SHA1:	26CFAFD597326278551D1AD0AEF49A305BE87F10
SHA-256:	823A71B98C8E29673A8D1505CEFF2A35374EDCDEB0585BC11042AEBFC179C7C3
SHA-512:	E7741A70242CEEF94D56B5040A1451BF378F17EB4BC4C66344874FFE68FD6F6CF8236634DE86AA5755BD7CF8706C41FF5BD9E14BAD962B6C1D2ADD849A7D7622
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<...hiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:414BAB1511206811822AD6D2791CC171" xmpMM:DocumentID="xmp.did:38C27938FD6811E49CCFFA22039F1BF1" xmpMM:InstanceID="xmp.iid:38C27937FD6811E49CCFFA22039F1BF1" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:424BAB1511206811822AD6D2791CC171" stRef:documentID="xmp.did:414BAB1511206811822AD6D2791CC171"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.\|.....0PLTEZ.Z...................).)......w.w?.

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32768)
Category:	downloaded
Size (bytes):	87651
Entropy (8bit):	5.2747794706104845
Encrypted:	false
SSDEEP:
MD5:	1091169D3B956171DA9C54383D944DC1
SHA1:	A1B15C272988A9D0629D22316DDFB0AE8883430B
SHA-256:	4E54E69E6FA8E798BDB91D943934C9F458BD361A4F9569860A25EE2629A19ABE
SHA-512:	347504CC3A789508942DE353BE186E3A600AC4CD8A00EB06073C74D2A7718F1474C2508B35307BC526ECF6CB8A0D8930642D9EF4DE1D84738A520EF8D7E9FA8B
Malicious:	false
Reputation:	unknown
URL:	https://petition.parliament.uk/assets/application-4e54e69e6fa8e798bdb91d943934c9f458bd361a4f9569860a25ee2629a19abe.js
Preview:	!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,(function(e,t){"use strict";function n(e,t,n){var r,i,o=(n=n\|\|be).createElement("script");if(o.text=e,t)for(r in we)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function r(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?pe[de.call(e)]\|\|"object":typeof e}function i(e){var t=!!e&&"length"in e&&e.length,n=r(e);return!me(e)&&!xe(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&t>0&&t-1 in e)}function o(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}function a(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e}function s(e,t,n){return me(t)?Se.grep(e,(function(e,r){return!!t.call(e,r,e

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 80 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6195
Entropy (8bit):	7.9282350098591445
Encrypted:	false
SSDEEP:
MD5:	AB6489819C0C7087BAEC690E83C27639
SHA1:	3EAA470FC678266FBB92400FAECF018648BB98DF
SHA-256:	B5F2E9731C936E9A142A7F0A6B0EA350A5B5B6CD055B9DA5C53E68C711D85FDC
SHA-512:	75FF77A55978B1FD8F49035B715F128277E2128AC4B1F88766DFD07249C7B940B57D6263670071A48E4F26537F099F0CC93280270944CC84F64D9A953B363C1A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...P...@........6....sRGB........xeXIfMM..............................J...........R.(...........i.........Z.......H.......H.................P...........@......>\|....pHYs.................iDOT........... ...(... ... ...W@e5....,IDATx..\..\ey..B...E......Zk# .`...V. .....3s.....B... ......`...$..`k..7..T...(.......{f.M..D.<.<73s.....[......6{.>z..5.......i.._o........`.........x4.....C..#~r..'k.F.G../..~.l.=.z.U&.98.{.....d8o..C....#....V./....G=M.nfE.6.........a.c..]....].m.;..d.r.m.......]Vo..Y.........WO.........3.Cn..Ee&.\|...7.L}.....V.....O.yx.7......$..c>.8s......l..i...........3^.OgH.'.m...u.U..-.-.........`\|.F.!S......;5..w....._...0....x7....1...X.).F..H...D..~l.,...h.bD..>qQ.?.._....x(.V.........4pq.y.....o....{3...r$......7.j......_.P.b.Y...(............e7....Z...8.<.....w.D....9v..[.B.B.w..._L.+.3..X..4....=..oL~dh..Dx.I4dmx.uc.._....z.....i.].z....H..{...X.........:...9OU......g....^E.B..D...;.:m._...\|...i.......>._5..

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 13, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	326
Entropy (8bit):	6.619368178726636
Encrypted:	false
SSDEEP:
MD5:	0EC20369F183D3CF785BBA6A8261EF79
SHA1:	8AA7C4486442412B41FA486971180DB6206ADD1B
SHA-256:	88BA457E57F1ACF0F3B7FC083A4F90C2DC2418D0316C025C1057F378F4C4CCC3
SHA-512:	2C6AC9E17B9CB365DBB1615539958FFE93F20E15B6AF2CC8A965FE482F191C29855ED606D63AAA539887DC07F3D79B4364B0A997A114CC98603ACBE16D20E03E
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................$....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...5```..._?.........R.P.. ^....8..(.....J`...o.R.X.}.. ...I4..i@2.f.6...HL@...j...0'....(.... ..G....P3#.........b.<...&..B.D.6.......}"5....h.......D.$!0...n.R.H@...4....@.....5#..(...q........ ..f.M6.]......IEND.B`.

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (54937)
Category:	downloaded
Size (bytes):	73310
Entropy (8bit):	5.171979432023896
Encrypted:	false
SSDEEP:
MD5:	FBBB78D52411F361472752385FBCF8FA
SHA1:	248E8CC35CA85FBC67B4CF9F1426343229E6BB00
SHA-256:	26FD7971AB71C9019364CE16986EF3ECFB030F302FD1BE3ACC6B06472E6FBD7F
SHA-512:	59A5086F98C13471C89092B0612713D0BFD0CF1F679832D4075BC53DC7598BF91A0328AD414DE36B4DC86BD0A22945C3428698DCB096F483BC87ED8558C67BF6
Malicious:	false
Reputation:	unknown
URL:	https://petition.parliament.uk/assets/application-26fd7971ab71c9019364ce16986ef3ecfb030f302fd1be3acc6b06472e6fbd7f.css
Preview:	.@-ms-viewport{width:device-width}@-o-viewport{width:device-width}@-ms-viewport{width:device-width}@-o-viewport{width:device-width}.grid-row:after,fieldset:after,.form-section:after,.form-group:after,.panel-indent:after,#content:after,.search-inline:after,.petition-share:after,.search-pagination:after,.signature-count:after,.signature-count .signatures-on-a-map:after,.signature-count .signature-count-goal:after,.petition-meta:after,.create-warning:after,.actioned-petitions:after{content:"";display:block;clear:both}@-ms-viewport{width:device-width}@-o-viewport{width:device-width}@-ms-viewport{width:device-width}@-o-viewport{width:device-width}@-ms-viewport{width:device-width}@-o-viewport{width:device-width}.grid-row:after,fieldset:after,.form-section:after,.form-group:after,.panel-indent:after,#content:after,.search-inline:after,.petition-share:after,.search-pagination:after,.signature-count:after,.signature-count .signatures-on-a-map:after,.signature-count .signature-count-goal:after

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	29990
Entropy (8bit):	1.8105905258099155
Encrypted:	false
SSDEEP:
MD5:	09447D1E6BA788DF3CC38D036EE2D40F
SHA1:	8B760BCF8E1BE9A9C05DB7E8D8B1516EF6912FAE
SHA-256:	218FFA568174E3805B4D07075B577E7A798B37ACFE9C04B5EBFD72B8976D354E
SHA-512:	4D7F1AFB19DB34ED6AF68754FA83665A3DFFCDFF64539BB00AF19E8B21F12C52E5CA3EC9D0F339D60010383D7D5DD978D24FDA9B54B1CFC49978D93745359101
Malicious:	false
Reputation:	unknown
URL:	https://petition.parliament.uk/favicon.ico
Preview:	............ .(...F......... .h...n... .... .(.......@@.... .(P...$..(....... ..... ........................................q.......................................m.......................,...............................................................q.......................................m.......................t.......................................m.......................-.......................................-...............................................................x...x...................,...............................................................q.......................................m.......................t.......................................m.......................-.......................................-...................................................................................................%...............$.......................................................................................................S.......I...Z.......\...K.......Q......

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://petition.parliament.uk/petitions/700143

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Chrome Cache Entry: 102

Chrome Cache Entry: 73

Chrome Cache Entry: 75

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 87

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 97

Static File Info

Windows Analysis Report
https://petition.parliament.uk/petitions/700143