Edit tour

Windows Analysis Report
sign_ins.html

Overview

General Information

Sample name:	sign_ins.html
Analysis ID:	1431644
MD5:	dd688d153b4188aa7d2fb091c01f7153
SHA1:	b9ed5a7a51f6fd901e084257f33ff624198162b1
SHA256:	deeb74d8c7067780ee4f11538d8256fc283d6ca923155b9f5bbb749b6c95b843

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected javascript redirector / loader

Detected TCP or UDP traffic on non-standard ports

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\sign_ins.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,15821164105216175379,7343618671121473826,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Detected javascript redirector / loader

Source: sign_ins.html

HTTP Parser: Low number of body elements: 1

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49726 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 29MB

Source: global traffic

TCP traffic: 192.168.2.16:49718 -> 142.251.15.100:139

Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.139
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.139
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.138
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.100
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.101
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.113
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.15.100
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.138
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.100
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.113
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.101
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.15.100
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.139
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.138
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.101
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.113
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.100
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.15.100
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.139
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.100
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.102
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.101
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.138
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.113
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.15.100
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	DNS traffic detected: DNS query: d33z9r12iu5vuo.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49726 version: TLS 1.2

Source: classification engine

Classification label: sus21.phis.winHTML@16/10@4/94

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\sign_ins.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,15821164105216175379,7343618671121473826,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,15821164105216175379,7343618671121473826,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
d33z9r12iu5vuo.cloudfront.net	18.165.113.51	true	false		high
www.google.com	142.250.105.105	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.136.94	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.105.84	unknown	United States	15169	GOOGLEUS	false
18.165.113.51	d33z9r12iu5vuo.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
142.250.105.105	www.google.com	United States	15169	GOOGLEUS	false
142.250.105.138	unknown	United States	15169	GOOGLEUS	false
172.253.124.113	unknown	United States	15169	GOOGLEUS	false
173.194.219.94	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431644
Start date and time:	2024-04-25 14:57:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	sign_ins.html
Detection:	SUS
Classification:	sus21.phis.winHTML@16/10@4/94
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 74.125.136.94, 172.253.124.113, 172.253.124.101, 172.253.124.139, 172.253.124.138, 172.253.124.102, 172.253.124.100, 142.250.105.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 11:58:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9825681839261486
Encrypted:	false
SSDEEP:
MD5:	16AFEDC757BF696A88169D1658277B5C
SHA1:	F3CDD82E7BC124447EEEE6ABE45903C628BD5DFD
SHA-256:	AFAA881AA6718190E4DAC0EB1B6B56D19D3859C7D6D781B4E68F0EA1014A14B5
SHA-512:	9F3783F250722A0C0DA38148FE2A692E17DE871486509243628EA72B3DD52BC4AE79B1D794145D27C9F468007A5C623B6D49BF20419B003A5C7473E1473827ED
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....R:9D....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XDg....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XMg....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XMg....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XMg..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XNg...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?..}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 11:58:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9993778207011528
Encrypted:	false
SSDEEP:
MD5:	ED2E5ED8CBFA5893716622CFCB4A4AF0
SHA1:	14F5FC297FA20AFC0B3DE01D5049238F1B0B73CE
SHA-256:	888A73F1A237D59B4FD089B387360E97373B330AF36B50C4FBC6EE77618AA379
SHA-512:	D8FA7A5021716253C0CD2D60D19FA36266DCDD62C49341B6CC9A541B172C381D23E09973ADE1CC6F1E84E3F310C9855E0C17B9F83DCBBC84A6359A2688AA550A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......D....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XDg....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XMg....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XMg....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XMg..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XNg...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?..}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.008481512227346
Encrypted:	false
SSDEEP:
MD5:	16AFE225700E7C0528312B5C70933890
SHA1:	3D040944FA8769D8C2958B479A3C1E74D0299395
SHA-256:	FAFA7A7C18B29B8CA28A128FA56901E56793F2A20B4FC904F5F9B94A572C755B
SHA-512:	A7D7283CF7F3648D1A8E198DB4872A6F4D823C46C1F62BCB4D16CE539843B3B523AE7F4A95B60C6CA691EAEE93EE6D37186CE851CF7369BCE2C8EA39E3E157A0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XDg....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XMg....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XMg....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XMg..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?..}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 11:58:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9989971161145346
Encrypted:	false
SSDEEP:
MD5:	E504BE1E733E6564CA46B815F319D76D
SHA1:	CCFD0871C80C6276E7C841BF73AD0E84B89B3077
SHA-256:	C719AA5C87490F88C6B3A8AF563808ECA4CBDF956786C9CE0EC6516205E71EE9
SHA-512:	305364BB96704A80D7C1D719AD1AEE9B90A676B4D79E731FCE184A93B88D1B20BEF7A2762D0AD34FC24C80EB113964B505D4B26988F74FB75B85853369F64A2E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......'D....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XDg....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XMg....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XMg....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XMg..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XNg...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?..}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 11:58:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9842473597024775
Encrypted:	false
SSDEEP:
MD5:	C36A837F34D3F461CFFD0337A5378E37
SHA1:	0EB5D8CD9D4B70B1E793D76441EE41418D6F686B
SHA-256:	291109BEBAAC0EFCC8A69DA10D57CE90AFA205379F8CFC9E644EFED28E15C418
SHA-512:	4A75E91E176B7FA9BCA9F78D78880C576AC2F967E90243547FA68B6D74F32899C39599D1639BF2CF905976AA42BF0BF0749B5C35625F209DD1BA4C2B3BC941C9
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....@14D....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XDg....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XMg....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XMg....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XMg..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XNg...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?..}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 11:58:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9972351147376046
Encrypted:	false
SSDEEP:
MD5:	54EDAE1C212D12B84716588FB8122577
SHA1:	072E279F3C19CD7DD3E1A89828A4964ED021270A
SHA-256:	B7ACC596E2F79CA11F32093E6AB4FAF4562CA7D5E17DEFFC4C7CFB3094306681
SHA-512:	B1B477B28E47F4A37D5AB91B199102E7DCD9B257BE0A3B6C03A99570F7AC1688CD869EB126D13CDC14AA83D722BEA421E13DE6D0E1085471A3315C66BB34CF0A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......D....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XDg....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XMg....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XMg....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XMg..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XNg...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?..}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	198335
Entropy (8bit):	5.1171045102579855
Encrypted:	false
SSDEEP:
MD5:	7B5A69F0106E89B10ED5B2CAE6D9946E
SHA1:	A5D68BD34F92EC7D2C56EE5BE75FC7F2EC06E2AF
SHA-256:	EB841D8E3ED41601058774D4219F7F3E91346D2831467A1C504D4743D6672843
SHA-512:	6999C9113A656B5C869B8BA2B93F321E13A9A74070FB3E60AF85C4B7701055D2D15610C5B36493F70B78794F294987257D8EF1A171A5C26909FEC99BE3D42931
Malicious:	false
Reputation:	unknown
URL:	https://d33z9r12iu5vuo.cloudfront.net/11.316.000/angie_app/styles.css
Preview:	@charset "UTF-8";.mat-ripple{overflow:hidden;position:relative}.mat-ripple:not(:empty){transform:translateZ(0)}.mat-ripple.mat-ripple-unbounded{overflow:visible}.mat-ripple-element{position:absolute;border-radius:50%;pointer-events:none;transition:opacity,transform 0ms cubic-bezier(0,0,.2,1);transform:scale3d(0,0,0)}.cdk-high-contrast-active .mat-ripple-element{display:none}.mat-table{background:white}.mat-table thead,.mat-table tbody,.mat-table tfoot,mat-header-row,mat-row,mat-footer-row,[mat-header-row],[mat-row],[mat-footer-row],.mat-table-sticky{background:inherit}mat-row,mat-header-row,mat-footer-row,th.mat-header-cell,td.mat-cell,td.mat-footer-cell{border-bottom-color:#0000001f}.mat-header-cell{color:#0000008a}.mat-cell,.mat-footer-cell{color:#000000de}.mat-paginator{background:white}.mat-paginator,.mat-paginator-page-size .mat-select-trigger{color:#0000008a}.mat-paginator-decrement,.mat-paginator-increment{border-top:2px solid rgba(0,0,0,.54);border-right:2px solid rgba(0,0,0,.5

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3146)
Category:	downloaded
Size (bytes):	3182
Entropy (8bit):	5.317476818739068
Encrypted:	false
SSDEEP:
MD5:	2A7C827A8B443BBA9F02B9937506C421
SHA1:	4B56AF2D6D5FAC052E7A95831C33FE7B8A8814C6
SHA-256:	75CD23375C1037EBDA72CE4A7479CFF4786546342079317600158FDCD1526ADF
SHA-512:	195D0316F89D482B83D7A0CBF55AD7A19E054B07B948E4A50E3CF9E1FD06776F9840F427A968A09B3853F2AE5AC2DB368CCD970A859399351708D9F917CC5C56
Malicious:	false
Reputation:	unknown
URL:	https://d33z9r12iu5vuo.cloudfront.net/11.316.000/angie_app/runtime.js
Preview:	(()=>{"use strict";var e,v={},g={};function r(e){var n=g[e];if(void 0!==n)return n.exports;var t=g[e]={id:e,loaded:!1,exports:{}};return v[e].call(t.exports,t,t.exports,r),t.loaded=!0,t.exports}r.m=v,e=[],r.O=(n,t,o,f)=>{if(!t){var a=1/0;for(i=0;i<e.length;i++){for(var[t,o,f]=e[i],l=!0,u=0;u<t.length;u++)(!1&f\|\|a>=f)&&Object.keys(r.O).every(b=>r.O[b](t[u]))?t.splice(u--,1):(l=!1,f<a&&(a=f));if(l){e.splice(i--,1);var d=o();void 0!==d&&(n=d)}}return n}f=f\|\|0;for(var i=e.length;i>0&&e[i-1][2]>f;i--)e[i]=e[i-1];e[i]=[t,o,f]},r.n=e=>{var n=e&&e.__esModule?()=>e.default:()=>e;return r.d(n,{a:n}),n},r.d=(e,n)=>{for(var t in n)r.o(n,t)&&!r.o(e,t)&&Object.defineProperty(e,t,{enumerable:!0,get:n[t]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce((n,t)=>(r.f[t](e,n),n),[])),r.u=e=>(68592===e?"common":e)+".js",r.miniCssF=e=>{},r.hmd=e=>((e=Object.create(e)).children\|\|(e.children=[]),Object.defineProperty(e,"exports",{enumerable:!0,set:()=>{throw new Error("ES Modules may not assign module.exp

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (58313)
Category:	downloaded
Size (bytes):	58351
Entropy (8bit):	5.568949801757836
Encrypted:	false
SSDEEP:
MD5:	5BBA8C61F0A6211AD7C0448B96D6216C
SHA1:	16FFF8BE0BE0263EAE192BBCB3B24DCC5554AC1F
SHA-256:	8BB37D5AD8D890C95D150F18E3640F7E69456FB6839CE25E8592A30EF2645179
SHA-512:	6C9F5A03A2B2FE5F93616D2BF68BC7086AC7062421D62EFF0B1644220AECE50E87B5B3EFE3BD73B619158AC43FC11D320321ECB54CDB4BAD8BD589A80066546B
Malicious:	false
Reputation:	unknown
URL:	https://d33z9r12iu5vuo.cloudfront.net/11.316.000/angie_app/polyfills.js
Preview:	(self.webpackChunkangie=self.webpackChunkangie\|\|[]).push([[76429],{7435:(r,u,t)=>{"use strict";t(64924),t(71339),t(14641),t(1306),t(62699),t(14425),t(53818)},64924:()=>{"use strict";!function(o){const c=o.performance;function h(it){c&&c.mark&&c.mark(it)}function d(it,k){c&&c.measure&&c.measure(it,k)}h("Zone");const E=o.__Zone_symbol_prefix\|\|"__zone_symbol__";function S(it){return E+it}const w=!0===o[S("forceDuplicateZoneCheck")];if(o.Zone){if(w\|\|"function"!=typeof o.Zone.__symbol__)throw new Error("Zone already loaded.");return o.Zone}let N=(()=>{class it{constructor(s,l){this._parent=s,this._name=l?l.name\|\|"unnamed":"<root>",this._properties=l&&l.properties\|\|{},this._zoneDelegate=new K(this,this._parent&&this._parent._zoneDelegate,l)}static assertZonePatched(){if(o.Promise!==Wt.ZoneAwarePromise)throw new Error("Zone.js has detected that ZoneAwarePromise `(window\|global).Promise` has been overwritten.\nMost likely cause is that a Promise polyfill has been loaded after Zone.js (Polyfill

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1775742
Entropy (8bit):	5.624018933382625
Encrypted:	false
SSDEEP:
MD5:	6D8A4E5C4D342E9D7A751CC89B3283A2
SHA1:	BB3791221531A43BAA11EBC9DDFA29F041C0EC77
SHA-256:	D280CC23E0FA45DD3799CC9DE2FE4FB1B6BF5F2BC273BD20F2E67E9E73456922
SHA-512:	BB0CCD1FF7505939810596C5858B20648493CDFF17A1895B4CA87BF6EF9423EE85288EEFAFE31381049A71167B60208EFDEEFA383D187863C94DE09378B6CC7E
Malicious:	false
Reputation:	unknown
URL:	https://d33z9r12iu5vuo.cloudfront.net/11.316.000/angie_app/main.js
Preview:	(self.webpackChunkangie=self.webpackChunkangie\|\|[]).push([[40179],{7760:(et,K,l)=>{"use strict";l.d(K,{z:()=>ee});var e=l(45126),a=l(20372),_=l(12046),M=l(78102),d=l(65848),C=l(52561),O=l(42510),y=l(28832),A=l(44615),S=(()=>((S\|\|(S={})).TASK_TRACKING_BASE_URL="task-tracking",S))();class D{}D.TASK_TRACKING_BASE_URL=S.TASK_TRACKING_BASE_URL,D.TASK_TRACKING__BASE_URL_HOME_ROUTE="/"+D.TASK_TRACKING_BASE_URL;var P=l(36138);class ee{}ee.AUTH="users",ee.DASHBOARD="dashboard",ee.MANAGER_DASHBOARD=a.v.MANAGER_DASHBOARD,ee.LEARNER_DASHBOARD="learner-dashboard",ee.MY_LEARNING="my-learning",ee.MY_PROFILE="my-profile",ee.USERS=P.ko,ee.GROUPS="groups",ee.REPORTS="reports",ee.SETTINGS="settings",ee.FORBIDDEN="forbidden",ee.NOT_FOUND="not-found",ee.COURSES=e.wX,ee.ENROLLMENTS=_.C,ee.LEARNER_RESOURCE_LIST="learner_resource_list",ee.STORE="store",ee.CATALOG="catalog",ee.CLIENTS="clients",ee.COMPONENTS="components",ee.FORUMS="forums",ee.INTEGRATIONS=A.Y,ee.TASK_TRACKING=D,ee.LEARNER_RESOURCES=d.z,ee.CONT

Static File Info

General

File type:	HTML document, ASCII text
Entropy (8bit):	5.459381128122781
TrID:	HyperText Markup Language (12001/1) 20.69% HyperText Markup Language (12001/1) 20.69% HyperText Markup Language (11501/1) 19.83% HyperText Markup Language (11501/1) 19.83% HyperText Markup Language (11001/1) 18.97%
File name:	sign_ins.html
File size:	1'926 bytes
MD5:	dd688d153b4188aa7d2fb091c01f7153
SHA1:	b9ed5a7a51f6fd901e084257f33ff624198162b1
SHA256:	deeb74d8c7067780ee4f11538d8256fc283d6ca923155b9f5bbb749b6c95b843
SHA512:	f750bd075966c6ce4f84d009c20c30931c9ad5cdaa3ac75945e10fa6f8d4b9644b1d81f9e26824aca144ff7f5371b0fa5ddc49059dadbe619fd6ff9e520b4326
SSDEEP:	24:0pgnkfdJW8r7eBthUKzE9+1X50T6DR50ahSQ1K50ALc/Q1K50GQ1Bs7RyNYGRWlJ:0FfHW8nueQYT6AaUaALKaGjMvwKjLuF1
TLSH:	3A41C68E2C0C7E22975646CA26F0704C751F7D6F78009DD256A7C17A2C809CCC28F2BC
File Content Preview:	<!doctype html>.<html lang="en">..<head>...<meta charset="utf-8"/>...<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1"/>...<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=5, minimum-scale=1, user-scalable=yes

File Icon


Icon Hash:	173149cccc490307

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report sign_ins.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Static File Info

General

File Icon

Windows Analysis Report
sign_ins.html