Edit tour
Windows
Analysis Report
http://116.198.42.183/uqcjjj
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Machine Learning detection for dropped file
Downloads executable code via HTTP
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
PE file contains an invalid checksum
PE file does not import any functions
PE file overlay found
Classification
- System is w10x64
- chrome.exe (PID: 4268 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5924 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2356 --fi eld-trial- handle=225 2,i,131121 9806318045 3466,53753 2355245901 2381,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6420 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://116.19 8.42.183/u qcjjj" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira: | ||
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTP traffic detected: |