Edit tour
Windows
Analysis Report
https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTl
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Sigma detected: Suspicious Office Token Search Via CLI
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection
Classification
- System is w10x64
- chrome.exe (PID: 6456 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3788 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2280 --fi eld-trial- handle=222 0,i,114878 2893267852 4807,13658 8408321543 07327,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 1716 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://cdp1. tracking.e 360.salesf orce.com/c lick?jwt=e yJ0eXAiOiJ KV1QiLCJhb GciOiJIUzI 1NiJ9.eyJ0 ZW5hbnRfaW QiOiJhMzYw L3Byb2QvNT BhMGYyODg2 ZTg4NDA3Y2 I1ODUwYmRj OWQwZGIxZT UiLCJjcmVh dGlvbl90aW 1lIjoxNzE0 MTAxOTIyLC JtZXNzYWdl X2lkIjoiMG d4d3poYXc3 czloeGZoZW NuNjNuYnFw Izg0YjRlN2 VjLTdhZjUt NDU5Yi1hNT YxLWE1ZmVl MTE3NTllNi IsImNoYW5u ZWxfdHlwZS I6ImVtYWls IiwiZXhwIj oxNzQ1NjM3 OTIyLCJyZW RpcmVjdF91 cmwiOiJodH RwczovL3Zt bWVzc2FuZ2 VyLnJkb2Nt Z2xvYmFsLm NvbS9kb2Nz L2luZGV4Ln BocD9tYWls PSUyMGphbW VzLmZheUBj b3VudHluYX Rpb25hbGJh bmsuY29tJn BhdGhzPWFi b3ZlJmxpbm s9RmF4X091 dGxvb2siLC JpbmRpdmlk dWFsX2lkIj oiNDA4YWI4 OGRlY2JmND FjMjRhYTZh MDRlOWU1OW MzZDAifQ.i -tkK1Lnys- MM487ot1Mr SYQb6ExLgZ NRQbgsH8B2 K0)" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
⊘No yara matches
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |