Edit tour
Windows
Analysis Report
http://https:/e.cdlt.jibjab.com/c2/225:4f16e2ba44501a8a8bf3ed302d09b87f:d240209:65c6bb2428085be667d1bac9:1707522852103/8e54784a?jwtH=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9&jwtP=eyJpYXQiOjE3MDc1MjI5NzQsImNkIjoiLmppYmphYi5jb20iLCJjZSI6ODY0MDAsInRrIjoiamliamFibSIsIm10bElEIjoiNjVjNWRiOTFmNGMwYmEzYjExMGM0Z
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Creates files inside the system directory
Sigma detected: Suspicious Office Token Search Via CLI
Stores files to the Windows start menu directory
Classification
- System is w10x64
- chrome.exe (PID: 6556 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --sta rt-maximiz ed "about: blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2132 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2568 --fi eld-trial- handle=253 2,i,168053 1711560861 017,175435 5445114996 3471,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 2316 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "http ://https:/ e.cdlt.jib jab.com/c2 /225:4f16e 2ba44501a8 a8bf3ed302 d09b87f:d2 40209:65c6 bb2428085b e667d1bac9 :170752285 2103/8e547 84a?jwtH=e yJ0eXAiOiJ KV1QiLCJhb GciOiJIUzI 1NiJ9&jwtP =eyJpYXQiO jE3MDc1MjI 5NzQsImNkI joiLmppYmp hYi5jb20iL CJjZSI6ODY 0MDAsInRrI joiamliamF ibSIsIm10b ElEIjoiNjV jNWRiOTFmN GMwYmEzYjE xMGM0ZWU4I iwibGlua1V ybCI6Imh0d HBzOlwvXC9 3d3cuamlia mFiLmNvbVw vdmlld1wvb WFrZVwvYWR kaWN0ZWRfd G9fbG92ZV9 yb2JlcnRfc GFsbWVyX2F ubml2ZXJzY XJ5XC80M2M 2NzZkYi0yY 2IxLTQ3Y2E tOTA1NS1iM jg0N2VkNTg yNWY_cmVja XBpZW50X3R va2VuPTE2Z jNlOTk0LTB kZDgtNDc5Y i1iOTE3LTR hOTJlN2FiM WQxYyZ1dG1 fY2FtcGFpZ 249dHhfcmV jaXBpZW50X 25vdGlmaWN hdGlvbiZ1d G1fdGVybT0 mdXRtX3Nvd XJjZT1jb3J kaWFsJnV0b V9tZWRpdW0 9ZW1haWwif Q&jwtS=eOh WS_qON4C7P n_vFN9iXDt pYuHwzoYST CcLc-Ce86o __;!!EhqYC Q!cHK5TxT8 glt9qsWTQa BnSDPNius5 -SdyQMZ78X juGJ7hEnpI koW7Wm8RBP EiYsdL79Sv idfZc1DWgC TnKDTKz0Sx G5Y$%20url defense.co m MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
⊘No yara matches
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |