Windows Analysis Report
product1122.html

Overview

General Information

Sample name: product1122.html
Analysis ID: 1427942
MD5: 61728329516b48e684e53bf8c05c213d
SHA1: 5b1b9ef4cb22cae4e6ed7b8078049230e656796c
SHA256: 15dc91b3d82d1cdfc355e3e43d6cb4bb163d9cb4aa7cbfb0eb6eb081d56fdc63
Tags: html
Infos:

Detection

Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Detected javascript redirector / loader
Suspicious Javascript code found in HTML file
Drops PE files
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Uses insecure TLS / SSL version for HTTPS connection

Classification

AV Detection
barindex
Antivirus detection for dropped file
Source: C:\Users\user\Downloads\c46b6438-bd12-465d-b351-51dc91ef4986.tmp Avira: detection malicious, Label: HEUR/AGEN.1308740
Source: C:\Users\user\Downloads\d384f462-4692-49be-a501-11ea5575a036.tmp Avira: detection malicious, Label: HEUR/AGEN.1308740
Multi AV Scanner detection for dropped file
Source: C:\Users\user\Downloads\Unconfirmed 163765.crdownload (copy) ReversingLabs: Detection: 34%
Source: C:\Users\user\Downloads\Unconfirmed 163765.crdownload (copy) Virustotal: Detection: 40% Perma Link
Source: C:\Users\user\Downloads\Unconfirmed 462822.crdownload (copy) ReversingLabs: Detection: 34%
Source: C:\Users\user\Downloads\Unconfirmed 462822.crdownload (copy) Virustotal: Detection: 40% Perma Link
Source: C:\Users\user\Downloads\c46b6438-bd12-465d-b351-51dc91ef4986.tmp ReversingLabs: Detection: 34%
Source: C:\Users\user\Downloads\c46b6438-bd12-465d-b351-51dc91ef4986.tmp Virustotal: Detection: 40% Perma Link
Source: C:\Users\user\Downloads\d384f462-4692-49be-a501-11ea5575a036.tmp ReversingLabs: Detection: 34%
Source: C:\Users\user\Downloads\d384f462-4692-49be-a501-11ea5575a036.tmp Virustotal: Detection: 40% Perma Link
Multi AV Scanner detection for submitted file
Source: product1122.html ReversingLabs: Detection: 18%
Source: product1122.html Virustotal: Detection: 14% Perma Link

Phishing
barindex
Detected javascript redirector / loader
Source: product1122.html HTTP Parser: Low number of body elements: 0
Suspicious Javascript code found in HTML file
Source: product1122.html HTTP Parser: new blob(
Source: product1122.html HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/product1122.html HTTP Parser: No favicon
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49735 version: TLS 1.0
Source: unknown HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49750 version: TLS 1.2
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49735 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8ZygSYb+E9LZ41W&MD=MbLbDFfe HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A410900C4F3X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAATwdX/XGkOieJ3azlI5pjHSWR29bpBxciZCgYKIaVI6SOAus4HXTolF%2BUwDpdd/QKtfDCPU15YDGM2POeP2tCNtfBMGqTxWDBKxzQ9mCOEpHF37s0zz0wxFWwutY%2BU3A989FiwPfmoWnXchUzX4HazcgPWknHYXH6CUoTOMZ86yJ9pQcd07yqZVVwT%2Bpc3olUhDEmTMB%2BHWWuYT7hTOBkpt4EsWGmBIPSFHU07omOf%2BAAXM0ejIjGFS9B3gWRMbqaVk7BpUwEbSmaPcEBonIZ6extyZBqS5zPsm8HyiJ/nKfF%2BjBagkQDz3VIGz0Fu78F6CcENujCJuietvZiWrw808DZgAACHfBmPj%2B2SE2qAFAQPOHqSwXSo4D2tU1iFuMTj/J5w5wGGsnFNnYeUQD7YopsLZejSF7phmGb3xs3K6oqxMO8xPaCVKcgzLlMCmeYkScxwu7Mf6IKPOgIuBIhwyGjw5%2B9l9OXYRKJaR4P410JAYYr8ASNpeGhpbnGWGi4clP%2B4Wp8zuvUWvMY0ovxFHqeJ1x%2Bcm2Y3H5kxeYqEnxpSRoioZD5WudE2SWRbpFTUgtj%2Btisf2UDUNFeQcqYH5N/TmIDlcN%2BMm9cH2HyWYj9TNSvbOd7upIlNsZAfx8pvB4R3TauTSH/W5jhVus%2BUMUGjEjnfSkn5QlpkZOS17K614dpIYxvMMah3zzikDmbrljKwyCoFZ5d6J8UrHJAXz/UIzn/aZsH8ZCfM0PLR4bVZr8l%2BJQ9WztMdvAgd%2BYvmWae0BRojEf1KVm8XxutA0CSTrvKkXllkWPwbWDWiwu0iKIU0B4Dq9Kt2zg5N/Wn%2BqvJ3ci5WKpuICMzCKiZpzF09FBZzb/iMDLB0m/miE9jWSB6KPEDxDSVV8emhXssvgiuS83Xu1CkJIvvyR6ZTuAbgW7EOwY2AE%3D%26p%3DX-Agent-DeviceId: 01000A410900C4F3X-BM-CBT: 1713431843User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 4707AE76704648C1BD97EEC7199EEC7FX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; MUIDB=81C61E09498D41CC97CDBBA354824ED1
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8ZygSYb+E9LZ41W&MD=MbLbDFfe HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: unknown DNS traffic detected: queries for: www.google.com
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4788Host: login.live.com
Source: c46b6438-bd12-465d-b351-51dc91ef4986.tmp.0.dr, d384f462-4692-49be-a501-11ea5575a036.tmp.0.dr String found in binary or memory: http://weather.yahooapis.com/forecastrss?w=4118
Source: c46b6438-bd12-465d-b351-51dc91ef4986.tmp.0.dr, d384f462-4692-49be-a501-11ea5575a036.tmp.0.dr String found in binary or memory: http://www.ctvnews.ca/rss/business/ctv-news-business-headlines-1.867648
Source: c46b6438-bd12-465d-b351-51dc91ef4986.tmp.0.dr, d384f462-4692-49be-a501-11ea5575a036.tmp.0.dr String found in binary or memory: http://www.ctvnews.ca/rss/ctvnews-ca-top-stories-public-rss-1.822009
Source: c46b6438-bd12-465d-b351-51dc91ef4986.tmp.0.dr, d384f462-4692-49be-a501-11ea5575a036.tmp.0.dr String found in binary or memory: http://xml.weather.yahoo.com/ns/rss/1.0
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: c46b6438-bd12-465d-b351-51dc91ef4986.tmp.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: d384f462-4692-49be-a501-11ea5575a036.tmp.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: mal72.phis.winHTML@34/4@2/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\c46b6438-bd12-465d-b351-51dc91ef4986.tmp Jump to behavior
Source: product1122.html ReversingLabs: Detection: 18%
Source: product1122.html Virustotal: Detection: 14%
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\product1122.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2200,i,12531877602374010323,3505977888523723621,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5072 --field-trial-handle=2200,i,12531877602374010323,3505977888523723621,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2200,i,12531877602374010323,3505977888523723621,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5072 --field-trial-handle=2200,i,12531877602374010323,3505977888523723621,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: c46b6438-bd12-465d-b351-51dc91ef4986.tmp.0.dr Static PE information: section name: .text entropy: 7.934603388933473
Source: d384f462-4692-49be-a501-11ea5575a036.tmp.0.dr Static PE information: section name: .text entropy: 7.934603388933473
Drops PE files
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\c46b6438-bd12-465d-b351-51dc91ef4986.tmp Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\Unconfirmed 163765.crdownload (copy) Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\d384f462-4692-49be-a501-11ea5575a036.tmp Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\Unconfirmed 462822.crdownload (copy) Jump to dropped file
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1427942 Sample: product1122.html Startdate: 18/04/2024 Architecture: WINDOWS Score: 72 31 Antivirus detection for dropped file 2->31 33 Multi AV Scanner detection for dropped file 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 2 other signatures 2->37 6 chrome.exe 12 2->6         started        process3 dnsIp4 23 192.168.2.16 unknown unknown 6->23 25 192.168.2.4 unknown unknown 6->25 27 2 other IPs or domains 6->27 15 d384f462-4692-49be-a501-11ea5575a036.tmp, PE32 6->15 dropped 17 c46b6438-bd12-465d-b351-51dc91ef4986.tmp, PE32 6->17 dropped 19 C:\...\Unconfirmed 462822.crdownload (copy), PE32 6->19 dropped 21 C:\...\Unconfirmed 163765.crdownload (copy), PE32 6->21 dropped 10 chrome.exe 6->10         started        13 chrome.exe 6->13         started        file5 process6 dnsIp7 29 www.google.com 64.233.176.99, 443, 49718, 49744 GOOGLEUS United States 10->29
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
64.233.176.99
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.16
192.168.2.4
192.168.2.6

Contacted Domains

Name IP Active
www.google.com 64.233.176.99 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
file:///C:/Users/user/Desktop/product1122.html false
    		low