Windows
Analysis Report
https://u43197812.ct.sendgrid.net/ls/click?upn=u001.TgFW-2BQD-2FE7yMaclzIJQwn9qZF3-2FXzpRvXEX0tzW6EB6gW8DDwAKUWABjk0Cpq-2Fdz4M57xGIo5-2F6KKAb29fluuw-3D-3DTs77_rO-2FlG9aNEfOODMQQnJrFgo3hymD2kiOmvLq7huX3fN9kYkz1gV86mx1on2uqoUekik3S0U5MQ-2BxcTxAAAQVsKocjCr5fk64t9c-2BiBkNJXy814oSZh73tt0nhb1jvW2xtial-2FO
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 2068 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// u43197812. ct.sendgri d.net/ls/c lick?upn=u 001.TgFW-2 BQD-2FE7yM aclzIJQwn9 qZF3-2FXzp RvXEX0tzW6 EB6gW8DDwA KUWABjk0Cp q-2Fdz4M57 xGIo5-2F6K KAb29fluuw -3D-3DTs77 _rO-2FlG9a NEfOODMQQn JrFgo3hymD 2kiOmvLq7h uX3fN9kYkz 1gV86mx1on 2uqoUekik3 S0U5MQ-2Bx cTxAAAQVsK ocjCr5fk64 t9c-2BiBkN JXy814oSZh 73tt0nhb1j vW2xtial-2 FOsgz3g0mS HtIRCFl5Gr dLWROfg4NH udyZFT9Pzd pDy9ws7m-2 FBCMZU8k2- 2B1CQBE7tu MnHvmEFc-2 BemeBWNkvm jrwhbxK-2F KMSGu6rwTB 3Y-3D MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6204 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2172 --fi eld-trial- handle=197 6,i,435314 4744606916 921,267135 7914065685 42,262144 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction /pre fetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.251.167.99 | true | false | high | |
u43197812.ct.sendgrid.net | 167.89.115.54 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.251.16.113 | unknown | United States | 15169 | GOOGLEUS | false | |
167.89.115.54 | u43197812.ct.sendgrid.net | United States | 11377 | SENDGRIDUS | false | |
142.251.167.99 | www.google.com | United States | 15169 | GOOGLEUS | false | |
172.253.115.94 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.163.84 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417101 |
Start date and time: | 2024-03-28 16:04:32 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://u43197812.ct.sendgrid.net/ls/click?upn=u001.TgFW-2BQD-2FE7yMaclzIJQwn9qZF3-2FXzpRvXEX0tzW6EB6gW8DDwAKUWABjk0Cpq-2Fdz4M57xGIo5-2F6KKAb29fluuw-3D-3DTs77_rO-2FlG9aNEfOODMQQnJrFgo3hymD2kiOmvLq7huX3fN9kYkz1gV86mx1on2uqoUekik3S0U5MQ-2BxcTxAAAQVsKocjCr5fk64t9c-2BiBkNJXy814oSZh73tt0nhb1jvW2xtial-2FOsgz3g0mSHtIRCFl5GrdLWROfg4NHudyZFT9PzdpDy9ws7m-2FBCMZU8k2-2B1CQBE7tuMnHvmEFc-2BemeBWNkvmjrwhbxK-2FKMSGu6rwTB3Y-3D |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@13/8@4/19 |
- Exclude process from analysis (whitelisted): svchost.exe
- Excluded IPs from analysis (whitelisted): 172.253.115.94, 142.251.16.113, 142.251.16.102, 142.251.16.138, 142.251.16.100, 142.251.16.101, 142.251.16.139, 142.251.163.84, 34.104.35.123
- Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.986965253613745 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6FD68B0B64518596C8834B66DCD7AD56 |
SHA1: | 07D3742F5F756D3624BB96B9CF5D0100B8DE46C5 |
SHA-256: | 7E5BC7EBD8B2EA6C50E8A9D811EFE5D1EF8A672D1A724BEA6C45A1CD7FA7A7A3 |
SHA-512: | 65E242E1821812FBA6B2A14672DF227D4CDAAA3003B90B2D2FE83A5EB02A619145AF9DE2888CEADCCA6E9207FCB0E962AACAB2C91CBA9C03E3151947EDDB1A28 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.003316908281409 |
Encrypted: | false |
SSDEEP: | |
MD5: | 195E17FA912279643E0FF215735B073F |
SHA1: | 9724579E1203BE1A79B3AAFDAD156BF24773C0B9 |
SHA-256: | 01E827198F03B744B4ECEBFE392C4C87BDC00B39960B2B04A456BFD90414CA0B |
SHA-512: | D5876FCF0217FB685A264AD2E42A49C5231D9FCCAE95CF05F14F1FD9A8B1211322402A63535B99AA7A723897A261645E8703AB5D48DEEE5405684C6A1C5D46BC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.011250672994347 |
Encrypted: | false |
SSDEEP: | |
MD5: | 52299E7E25581574F84A66D27538DEC0 |
SHA1: | 86BA48648EE2CAAE0AA984551D360FA15886D2C4 |
SHA-256: | F48AEA75F473416B552613D6C4EBC5744588915D4116ED2F11D3313E9ECA4ABF |
SHA-512: | 540D17ECB170676918563398D470CEFD420E681B1ABEA9DEBBC202AE129F572013862FC3576F6556A0962274DDBC3CA92A7AEC9442809C70D890B4358C185A72 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.002652982268183 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7B01BAD5653EE2320FB81B623476B4E0 |
SHA1: | D1510CBBF5046494BAD51A6B7F1E78CB7F0C062C |
SHA-256: | 5C2ED8BED43F11DEEAD90D3C40AD32E1F9F4258D6771561427906E607A273B5E |
SHA-512: | 66399A75810D4BA8851B3A75046E16D905308A50B2BD88702009518CB177C4C36B1AC06F3FDC85E3998D17D8BE94B198F3644565BE5D49CAD5C08AD25BAABE13 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.991325251582235 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A94F62396DF7AE41189DE3232D0FCB7 |
SHA1: | 8DD3AE609CBF0D3D005A64569FA9E44EE06AD4B2 |
SHA-256: | CFCB7F3676A519D6817F641CFF0138EAEFE20343E5A446DAFB4CE71D255A940A |
SHA-512: | DE27AEE762CD114C80E733E6EE269FFD75C0CA2E44B93B942D3CE1467FE9CD97FAA804B497FE85BDAEF5362068F61FA44DAADCFE627F69FF1E257F336AC0CC20 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.001974485734652 |
Encrypted: | false |
SSDEEP: | |
MD5: | C2FC2374B7A1ABC5010D84150EC07F80 |
SHA1: | 99E6308C1613D164318512D62AC2C608402BDEB6 |
SHA-256: | 981AFE3E4CCD8255E4E778D33AD87FB8820E241B87868BC84F9DE7C52E3545A0 |
SHA-512: | 743B9ADC2A3F18DCC1B0005419F2276C51CF3333A13ED5ACB79239A6FAB7C8E47BD66267B8508FD7C2774C71F6CB0A1D74D4A26C7B8C1C1FD89B9EB014B260AF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 564 |
Entropy (8bit): | 4.72971822420855 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8E325DC2FEA7C8900FC6C4B8C6C394FE |
SHA1: | 1B3291D4EEA179C84145B2814CB53E6A506EC201 |
SHA-256: | 0B52C5338AF355699530A47683420E48C7344E779D3E815FF9943CBFDC153CF2 |
SHA-512: | 084C608F1F860FB08EF03B155658EA9988B3628D3C0F0E9561FDFF930E5912004CDDBCC43B1FA90C21FE7F5A481AC47C64B8CAA066C2BDF3CF533E152BF96C14 |
Malicious: | false |
Reputation: | unknown |
URL: | https://u43197812.ct.sendgrid.net/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 132 |
Entropy (8bit): | 4.401640733272911 |
Encrypted: | false |
SSDEEP: | |
MD5: | 310E794861855F03DACD1A6BD12A5D26 |
SHA1: | 7B1E76A469D9B35349C242A1C7EB5FE5E1F8AA92 |
SHA-256: | 6F25D08A0DA028A31DB3CB3FD36FC6AA36ED01BF44058520DC8689763A1B0F6A |
SHA-512: | 3CEE575EF31C8ABE2E51EE6BD8281DD921776B89F347EDA63EAA2D74803ABDCA6A8FC13568B6278BCA0C2DAAC75A7A5AF2E4E963A8CAB9FAF576AFDFC66BBC67 |
Malicious: | false |
Reputation: | unknown |
URL: | https://u43197812.ct.sendgrid.net/ls/click?upn=u001.TgFW-2BQD-2FE7yMaclzIJQwn9qZF3-2FXzpRvXEX0tzW6EB6gW8DDwAKUWABjk0Cpq-2Fdz4M57xGIo5-2F6KKAb29fluuw-3D-3DTs77_rO-2FlG9aNEfOODMQQnJrFgo3hymD2kiOmvLq7huX3fN9kYkz1gV86mx1on2uqoUekik3S0U5MQ-2BxcTxAAAQVsKocjCr5fk64t9c-2BiBkNJXy814oSZh73tt0nhb1jvW2xtial-2FOsgz3g0mSHtIRCFl5GrdLWROfg4NHudyZFT9PzdpDy9ws7m-2FBCMZU8k2-2B1CQBE7tuMnHvmEFc-2BemeBWNkvmjrwhbxK-2FKMSGu6rwTB3Y-3D |
Preview: |