Windows Analysis Report
http://www.adobe.com/go/Connect11AppStandalone

Overview

General Information

Sample URL: http://www.adobe.com/go/Connect11AppStandalone
Analysis ID: 1562660
Infos:

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file does not import any functions
PE file overlay found

Classification

Source: unknown HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: Binary string: D:\Jenkins\workspace\ConnectAppSetup\dev\24.5\ConnectAppSetup\BuildOut\Release_Standalone_x64\ConnectAppSetup.pdb source: Unconfirmed 701545.crdownload.0.dr, chromecache_44.2.dr
Source: Binary string: D:\Jenkins\workspace\ConnectAppSetup\dev\24.5\ConnectAppSetup\BuildOut\Release_Standalone_x64\ConnectAppSetup.pdbJ source: Unconfirmed 701545.crdownload.0.dr, chromecache_44.2.dr
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.80.57
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.80.57
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.80.57
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.80.57
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: chromecache_44.2.dr String found in binary or memory: http://www.winimage.com/zLibDll
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49756 version: TLS 1.2
PE file contains executable resources (Code or Archives)
Source: Unconfirmed 701545.crdownload.0.dr Static PE information: Resource name: BIN type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: chromecache_44.2.dr Static PE information: Resource name: BIN type: Zip archive data, at least v2.0 to extract, compression method=deflate
PE file does not import any functions
Source: ad9c1123-175c-482f-9472-353e81e678ad.tmp.0.dr Static PE information: No import functions for PE file found
PE file overlay found
Source: chromecache_44.2.dr Static PE information: Data appended to the last section found
Source: Unconfirmed 701545.crdownload.0.dr Static PE information: Data appended to the last section found
Source: ad9c1123-175c-482f-9472-353e81e678ad.tmp.0.dr Static PE information: Data appended to the last section found
Source: classification engine Classification label: clean3.win@18/4@2/4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\ad9c1123-175c-482f-9472-353e81e678ad.tmp Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=2020,i,4787005575397005993,1445835866922281765,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.adobe.com/go/Connect11AppStandalone"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4008 --field-trial-handle=2020,i,4787005575397005993,1445835866922281765,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=2020,i,4787005575397005993,1445835866922281765,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4008 --field-trial-handle=2020,i,4787005575397005993,1445835866922281765,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Binary string: D:\Jenkins\workspace\ConnectAppSetup\dev\24.5\ConnectAppSetup\BuildOut\Release_Standalone_x64\ConnectAppSetup.pdb source: Unconfirmed 701545.crdownload.0.dr, chromecache_44.2.dr
Source: Binary string: D:\Jenkins\workspace\ConnectAppSetup\dev\24.5\ConnectAppSetup\BuildOut\Release_Standalone_x64\ConnectAppSetup.pdbJ source: Unconfirmed 701545.crdownload.0.dr, chromecache_44.2.dr
PE file contains an invalid checksum
Source: ad9c1123-175c-482f-9472-353e81e678ad.tmp.0.dr Static PE information: real checksum: 0xa3e2da3 should be: 0x10486
Drops PE files
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 44 Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\Unconfirmed 701545.crdownload Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\ad9c1123-175c-482f-9472-353e81e678ad.tmp Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 44
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 44 Jump to dropped file
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1562660 URL: http://www.adobe.com/go/Con... Startdate: 25/11/2024 Architecture: WINDOWS Score: 3 5 chrome.exe 11 2->5         started        9 chrome.exe 2->9         started        dnsIp3 23 192.168.2.16 unknown unknown 5->23 25 192.168.2.4, 138, 443, 49723 unknown unknown 5->25 27 239.255.255.250 unknown Reserved 5->27 17 ad9c1123-175c-482f-9472-353e81e678ad.tmp, PE32 5->17 dropped 19 C:\Users\...\Unconfirmed 701545.crdownload, PE32 5->19 dropped 11 chrome.exe 5->11         started        15 chrome.exe 5->15         started        file4 process5 dnsIp6 29 www.google.com 142.250.181.100, 443, 49745, 49760 GOOGLEUS United States 11->29 21 Chrome Cache Entry: 44, PE32 11->21 dropped file7
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.181.100
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.16
192.168.2.4

Contacted Domains

Name IP Active
www.google.com 142.250.181.100 true