Loading ...

Play interactive tourEdit tour

Analysis Report Download NowKeePass-2.42.1-Setup.exe.url

Overview

General Information

Joe Sandbox Version:26.0.0 Aquamarine
Analysis ID:141286
Start date:12.06.2019
Start time:23:43:31
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 2m 29s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:Download NowKeePass-2.42.1-Setup.exe.url
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:7
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis stop reason:Timeout
Detection:UNKNOWN
Classification:unknown0.winURL@0/0@0/0
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .url
  • Stop behavior analysis, all processes terminated
Warnings:
Show All
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, sc.exe, dllhost.exe, conhost.exe, CompatTelRunner.exe
Errors:
  • Nothing to analyse, Joe Sandbox has not found any analysis process or sample

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold00 - 100falseunknown

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Mitre Att&ck Matrix

No Mitre Att&ck techniques found

Signature Overview

Click to jump to signature section


Networking:

barindex
Found strings which match to known social media urlsShow sources
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: <a href="https://twitter.com/sfnet_ops" title="@sfnet_ops" rel="nofollow">@sfnet_ops</a> equals www.twitter.com (Twitter)
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: <a href="https://twitter.com/sourceforge" title="@sourceforge" rel="nofollow">@sourceforge</a> equals www.twitter.com (Twitter)
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: <img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=97055&fmt=gif" /> equals www.linkedin.com (Linkedin)
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: <li><a href="https://twitter.com/sfnet_ops" rel="nofollow">@sfnet_ops</a></li> equals www.twitter.com (Twitter)
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: <li><a href="https://twitter.com/sourceforge" rel="nofollow">@sourceforge</a></li> equals www.twitter.com (Twitter)
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: <a rel=nofollow class="social-media-icon facebook" href="https://www.facebook.com/sharer/sharer.php?u=https://sourceforge.net/projects/keepass/files/KeePass%202.x/2.42.1/KeePass-2.42.1-Setup.exe/download&title=KeePass%20on%20SourceForge" title="Share KeePass on SourceForge on facebook"> equals www.facebook.com (Facebook)
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: <a rel=nofollow class="social-media-icon linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https://sourceforge.net/projects/keepass/files/KeePass%202.x/2.42.1/KeePass-2.42.1-Setup.exe/download&title=KeePass%20on%20SourceForge&source=SourceForge.net" title="Share KeePass on SourceForge on LinkedIn"> equals www.linkedin.com (Linkedin)
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: <a rel=nofollow class="social-media-icon twitter" href="https://twitter.com/share?url=https://sourceforge.net/projects/keepass/files/KeePass%202.x/2.42.1/KeePass-2.42.1-Setup.exe/download&amp;text=Download%20KeePass%20on%20SourceForge%20for%20free%21%20A%20lightweight%20and%20easy-to-use%20password%20manager" title="Share KeePass on SourceForge on Twitter"> equals www.twitter.com (Twitter)
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: <a href="https://twitter.com/sourceforge" class="twitter" rel="nofollow" target="_blank"> equals www.twitter.com (Twitter)
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: <a href="https://www.facebook.com/sourceforgenet/" class="facebook" rel="nofollow" target="_blank"> equals www.facebook.com (Facebook)
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: <a href="https://www.linkedin.com/company/sourceforge.net" class="linkedin" rel="nofollow" target="_blank"> equals www.linkedin.com (Linkedin)
Urls found in memory or binary dataShow sources
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: http://data-vocabulary.org/Breadcrumb
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: http://slashdotmedia.com/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: http://slashdotmedia.com/opt-out-choices
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: http://slashdotmedia.com/privacy-statement/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: http://slashdotmedia.com/terms-of-use
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: http://www.bitdefender.com/business/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://a.fsdn.com/mirrorimages/ayera-xlarge.png
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://a.slashdotmedia.com/www/delivery/ck.php?oaparams=2__bannerid=24131__zoneid=20711__cb=0444f84
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://a.slashdotmedia.com/www/delivery/ck.php?oaparams=2__bannerid=24146__zoneid=20726__cb=3d85d9f
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://a.slashdotmedia.com/www/delivery/ck.php?oaparams=2__bannerid=24147__zoneid=20727__cb=6879929
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://a.slashdotmedia.com/www/delivery/ck.php?oaparams=2__bannerid=24150__zoneid=20733__cb=33cd536
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://a.slashdotmedia.com/www/delivery/ck.php?oaparams=2__bannerid=24156__zoneid=20738__cb=bd00d02
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://d3tglifpd8whs6.cloudfront.net
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://dc.ads.linkedin.com/collect/?pid=97055&fmt=gif
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://deals.sourceforge.net/?utm_source=sourceforge&utm_medium=navbar&utm_campaign=homepage
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://downloads.sourceforge.net/project/keepass/KeePass%202.x/2.42.1/KeePass-2.42.1-Setup.exe?r=ht
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://library.slashdotmedia.com/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://p.sf.net/sourceforge/docs
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://slashdotmedia.com/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://slashdotmedia.com/contact
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://slashdotmedia.com/opt-out-choices/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://slashdotmedia.com/privacy-statement
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://slashdotmedia.com/privacy-statement/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://slashdotmedia.com/terms-of-use/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://sourceforge.net/auth/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://sourceforge.net/auth/?return_to=%2Fprojects%2Fkeepass%2Ffiles%2FKeePass%25202.x%2F2.42.1%2FK
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://sourceforge.net/p/forge/documentation/Report%20a%20problem%20with%20Ad%20content/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://sourceforge.net/projects/keepass/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://sourceforge.net/projects/keepass/files/KeePass%202.x/2.42.1/KeePass-2.42.1-Setup.exe/downloa
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://sourceforge.net/projects/kp-googlesync
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://sourceforge.net/projects/pdfcreator
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://sourceforge.net/projects/sevenzip
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://sourceforge.net/u/dreichl/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://twitter.com/sfnet_ops
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://twitter.com/share?url=https://sourceforge.net/projects/keepass/files/KeePass%202.x/2.42.1/Ke
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://twitter.com/sourceforge
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://www.ayera.com/
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://www.google.com/recaptcha/api.js?onload=recaptchaLoadCallback&render=explicit
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://www.linkedin.com/company/sourceforge.net
Source: Download NowKeePass-2.42.1-Setup.exe.urlString found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=https://sourceforge.net/projects/keepass/files/K

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: unknown0.winURL@0/0@0/0

Malware Analysis System Evasion:

barindex
Program does not show much activity (idle)Show sources
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Program does not show much activity (idle)Show sources
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Simulations

Behavior and APIs

No simulations

Antivirus and Machine Learning Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://slashdotmedia.com/opt-out-choices0%virustotalBrowse
http://slashdotmedia.com/opt-out-choices0%Avira URL Cloudsafe
http://slashdotmedia.com/0%virustotalBrowse
http://slashdotmedia.com/0%Avira URL Cloudsafe
https://slashdotmedia.com/privacy-statement/0%virustotalBrowse
https://slashdotmedia.com/privacy-statement/0%Avira URL Cloudsafe
https://a.slashdotmedia.com/www/delivery/ck.php?oaparams=2__bannerid=24131__zoneid=20711__cb=0444f840%Avira URL Cloudsafe
http://slashdotmedia.com/terms-of-use0%virustotalBrowse
http://slashdotmedia.com/terms-of-use0%Avira URL Cloudsafe
https://a.slashdotmedia.com/www/delivery/ck.php?oaparams=2__bannerid=24156__zoneid=20738__cb=bd00d020%Avira URL Cloudsafe
https://slashdotmedia.com/contact0%Avira URL Cloudsafe
https://a.slashdotmedia.com/www/delivery/ck.php?oaparams=2__bannerid=24146__zoneid=20726__cb=3d85d9f0%Avira URL Cloudsafe
https://library.slashdotmedia.com/0%virustotalBrowse
https://library.slashdotmedia.com/0%Avira URL Cloudsafe
https://slashdotmedia.com/opt-out-choices/0%virustotalBrowse
https://slashdotmedia.com/opt-out-choices/0%Avira URL Cloudsafe
https://www.ayera.com/0%virustotalBrowse
https://www.ayera.com/0%Avira URL Cloudsafe
https://a.slashdotmedia.com/www/delivery/ck.php?oaparams=2__bannerid=24150__zoneid=20733__cb=33cd5360%Avira URL Cloudsafe
https://slashdotmedia.com/terms-of-use/0%virustotalBrowse
https://slashdotmedia.com/terms-of-use/0%Avira URL Cloudsafe
https://slashdotmedia.com/0%virustotalBrowse
https://slashdotmedia.com/0%Avira URL Cloudsafe
https://slashdotmedia.com/privacy-statement0%virustotalBrowse
https://slashdotmedia.com/privacy-statement0%Avira URL Cloudsafe
https://a.slashdotmedia.com/www/delivery/ck.php?oaparams=2__bannerid=24147__zoneid=20727__cb=68799290%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.