Windows Analysis Report
https://www.msmetal.com/

Overview

General Information

Sample URL: https://www.msmetal.com/
Analysis ID: 1426773
Infos:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

HTML page contains hidden URLs or javascript code
Program does not show much activity (idle)

Classification

HTML page contains hidden URLs or javascript code
Source: https://www.msmetal.com/about HTTP Parser: Base64 decoded: https://www.msmetal.com:443
Source: https://www.msmetal.com/ HTTP Parser: No favicon
Source: https://www.msmetal.com/ HTTP Parser: No favicon
Source: https://www.msmetal.com/ HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=je2b07d6isg0 HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=je2b07d6isg0 HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_ HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_ HTTP Parser: No favicon
Source: https://www.msmetal.com/about HTTP Parser: No favicon
Source: https://www.msmetal.com/about HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=j8fqpnytt391 HTTP Parser: No favicon
Source: https://www.msmetal.com/services HTTP Parser: No favicon
Source: https://www.msmetal.com/services HTTP Parser: No favicon
Source: https://www.msmetal.com/services HTTP Parser: No favicon
Source: https://www.msmetal.com/services HTTP Parser: No favicon
Source: https://www.msmetal.com/services HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=mvnjx98r5gzx HTTP Parser: No favicon
Source: https://www.msmetal.com/quality HTTP Parser: No favicon
Source: https://www.msmetal.com/quality HTTP Parser: No favicon
Source: https://www.msmetal.com/quality HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=2mec21yeuptf HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=2mec21yeuptf HTTP Parser: No favicon
Source: https://www.msmetal.com/contact-us HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=r5jpsolu0d3j HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=xoy8jtzhvdk8 HTTP Parser: No favicon
Source: https://www.google.com/maps/embed/v1/place?key=AIzaSyC5lSLVBxlOHGqd4j1oY6yI42XO0NYzANQ&q=35195%20Forton%20Ct,%20Clinton%20Twp,%20MI%2048035,%20USA&zoom=15&center=42.55677050000001,-82.8820637&maptype=roadmap HTTP Parser: No favicon
Source: https://components.mywebsitebuilder.com/extern/maps-app/embed-place.html?q=35195%20Forton%20Ct,%20Clinton%20Twp,%20MI%2048035,%20USA&zoom=15&center=42.55677050000001,-82.8820637&maptype=roadmap HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=pmsuz3d7qsbp HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=lwcto272ak39 HTTP Parser: No favicon
Source: chrome.exe Memory has grown: Private usage: 0MB later: 82MB
Source: chromecache_177.2.dr String found in binary or memory: http://cipa.jp/exif/1.0/
Source: chromecache_268.2.dr, chromecache_252.2.dr String found in binary or memory: http://prismstandard.org/namespaces/prismusagerights/2.1/
Source: chromecache_270.2.dr String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_270.2.dr String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_222.2.dr String found in binary or memory: https://components.mywebsitebuilder.com/sitelio/404.png
Source: chromecache_222.2.dr String found in binary or memory: https://components.mywebsitebuilder.com/sitelio/favicon.ico
Source: chromecache_222.2.dr String found in binary or memory: https://components.mywebsitebuilder.com/sitelio/holding.css
Source: chromecache_185.2.dr String found in binary or memory: https://developers.google.com/maps/documentation/javascript/error-messages#
Source: chromecache_270.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_270.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_270.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_222.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_270.2.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_270.2.dr String found in binary or memory: https://recaptcha.net
Source: chromecache_270.2.dr String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_270.2.dr String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_270.2.dr String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_270.2.dr String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_185.2.dr String found in binary or memory: https://www.google.com
Source: chromecache_270.2.dr, chromecache_206.2.dr String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_270.2.dr String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__.
Source: chromecache_206.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js
Source: chromecache_222.2.dr String found in binary or memory: https://www.sitelio.com
Source: classification engine Classification label: clean1.win@23/196@0/29
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1980,i,13542139289165670709,13886856840263682688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.msmetal.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1980,i,13542139289165670709,13886856840263682688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.msmetal.com/" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: Window Recorder Window detected: More than 3 window changes detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: chromecache_248.2.dr Binary or memory string: x<sVmci
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1426773 URL: https://www.msmetal.com/ Startdate: 16/04/2024 Architecture: WINDOWS Score: 1 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4 unknown unknown 5->13 15 192.168.2.5 unknown unknown 5->15 17 2 other IPs or domains 5->17 10 chrome.exe 5->10         started        process4 dnsIp5 19 13.92.180.208 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->19 21 20.38.109.164 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->21 23 23 other IPs or domains 10->23
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.105.84
 unknown United States
15169 GOOGLEUS false
142.250.9.104
 unknown United States
15169 GOOGLEUS false
172.253.124.207
 unknown United States
15169 GOOGLEUS false
173.194.219.94
 unknown United States
15169 GOOGLEUS false
104.17.154.239
 unknown United States
13335 CLOUDFLARENETUS false
66.235.200.8
 unknown United States
13335 CLOUDFLARENETUS false
142.251.15.94
 unknown United States
15169 GOOGLEUS false
104.17.153.239
 unknown United States
13335 CLOUDFLARENETUS false
74.125.138.94
 unknown United States
15169 GOOGLEUS false
74.125.136.120
 unknown United States
15169 GOOGLEUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
20.38.109.164
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.105.94
 unknown United States
15169 GOOGLEUS false
74.125.136.95
 unknown United States
15169 GOOGLEUS false
142.250.105.95
 unknown United States
15169 GOOGLEUS false
74.125.138.106
 unknown United States
15169 GOOGLEUS false
142.250.9.139
 unknown United States
15169 GOOGLEUS false
172.253.124.95
 unknown United States
15169 GOOGLEUS false
52.239.140.10
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
64.233.177.104
 unknown United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
13.92.180.208
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
93.184.215.201
 unknown European Union
15133 EDGECASTUS false
142.251.15.139
 unknown United States
15169 GOOGLEUS false
35.190.14.35
 unknown United States
15169 GOOGLEUS false
64.233.176.207
 unknown United States
15169 GOOGLEUS false

Private

IP
192.168.2.4
192.168.2.6
192.168.2.5

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.msmetal.com/ false
    		unknown
    https://www.google.com/maps/embed/v1/place?key=AIzaSyC5lSLVBxlOHGqd4j1oY6yI42XO0NYzANQ&q=35195%20Forton%20Ct,%20Clinton%20Twp,%20MI%2048035,%20USA&zoom=15&center=42.55677050000001,-82.8820637&maptype=roadmap false
      		high
      https://components.mywebsitebuilder.com/extern/maps-app/embed-place.html?q=35195%20Forton%20Ct,%20Clinton%20Twp,%20MI%2048035,%20USA&zoom=15&center=42.55677050000001,-82.8820637&maptype=roadmap false
        		unknown
        https://www.msmetal.com/about false
          		unknown
          https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=j8fqpnytt391 false
            		high
            https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=mvnjx98r5gzx false
              		high
              https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=lwcto272ak39 false
                		high
                https://www.msmetal.com/quality false
                  		unknown
                  https://www.msmetal.com/contact-us false
                    		unknown
                    https://www.msmetal.com/services false
                      		unknown
                      https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=je2b07d6isg0 false
                        		high
                        https://www.google.com/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_ false
                          		high
                          about:blank false
                            		low
                            https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=xoy8jtzhvdk8 false
                              		high
                              https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=r5jpsolu0d3j false
                                		high
                                https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=2mec21yeuptf false
                                  		high
                                  https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduzUMUAAAAAMHqfxkZpwdwEckAL_hhoWOQP0B_&co=aHR0cHM6Ly93d3cubXNtZXRhbC5jb206NDQz&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=pmsuz3d7qsbp false
                                    		high