Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://www.securityguardsofamerica.com/

Overview

General Information

Sample URL:http://www.securityguardsofamerica.com/
Analysis ID:1458485
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Detected non-DNS traffic on DNS port
Found iframes
HTTP GET or POST without a user agent
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

  • System is w10x64
  • chrome.exe (PID: 1476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2008,i,6229302302422100775,420420988365765024,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 4408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.securityguardsofamerica.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://securityguardsofamerica.com/HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/793078452?random=1718640940676&cv=11&fst=1718640940676&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be46c0v9181079419za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fsecurityguardsofamerica.com%2F&hn=www.googleadservices.com&frm=0&tiba=Security%20Guards%20of%20America%20%E2%80%93%20Security%20Guards%20of%20America&npa=0&pscdl=noapi&auid=1018955956.1718640941&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
Source: https://securityguardsofamerica.com/HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-XCKPGHLY5Y&gacid=1815839443.1718640941&gtm=45je46c0v9117056200za200zb9181079419&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=1637662210
Source: https://securityguardsofamerica.com/HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/793078452?random=1718640940676&cv=11&fst=1718640940676&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be46c0v9181079419za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fsecurityguardsofamerica.com%2F&hn=www.googleadservices.com&frm=0&tiba=Security%20Guards%20of%20America%20%E2%80%93%20Security%20Guards%20of%20America&npa=0&pscdl=noapi&auid=1018955956.1718640941&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
Source: https://securityguardsofamerica.com/HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-XCKPGHLY5Y&gacid=1815839443.1718640941&gtm=45je46c0v9117056200za200zb9181079419&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=1637662210
Source: https://securityguardsofamerica.com/HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/793078452?random=1718640940676&cv=11&fst=1718640940676&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be46c0v9181079419za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fsecurityguardsofamerica.com%2F&hn=www.googleadservices.com&frm=0&tiba=Security%20Guards%20of%20America%20%E2%80%93%20Security%20Guards%20of%20America&npa=0&pscdl=noapi&auid=1018955956.1718640941&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
Source: https://securityguardsofamerica.com/HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-XCKPGHLY5Y&gacid=1815839443.1718640941&gtm=45je46c0v9117056200za200zb9181079419&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=1637662210
Source: https://securityguardsofamerica.com/HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/793078452?random=1718640940676&cv=11&fst=1718640940676&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be46c0v9181079419za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fsecurityguardsofamerica.com%2F&hn=www.googleadservices.com&frm=0&tiba=Security%20Guards%20of%20America%20%E2%80%93%20Security%20Guards%20of%20America&npa=0&pscdl=noapi&auid=1018955956.1718640941&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
Source: https://securityguardsofamerica.com/HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-XCKPGHLY5Y&gacid=1815839443.1718640941&gtm=45je46c0v9117056200za200zb9181079419&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=1637662210
Source: https://securityguardsofamerica.com/HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/793078452?random=1718640940676&cv=11&fst=1718640940676&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be46c0v9181079419za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fsecurityguardsofamerica.com%2F&hn=www.googleadservices.com&frm=0&tiba=Security%20Guards%20of%20America%20%E2%80%93%20Security%20Guards%20of%20America&npa=0&pscdl=noapi&auid=1018955956.1718640941&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
Source: https://securityguardsofamerica.com/HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-XCKPGHLY5Y&gacid=1815839443.1718640941&gtm=45je46c0v9117056200za200zb9181079419&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=1637662210
Source: https://securityguardsofamerica.com/services/HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/793078452?random=1718640965650&cv=11&fst=1718640965650&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be46c0v9181079419za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fsecurityguardsofamerica.com%2Fservices%2F&hn=www.googleadservices.com&frm=0&tiba=Services%20%E2%80%93%20Security%20Guards%20of%20America&npa=0&pscdl=noapi&auid=1018955956.1718640941&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
Source: https://securityguardsofamerica.com/services/HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/793078452?random=1718640965650&cv=11&fst=1718640965650&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be46c0v9181079419za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fsecurityguardsofamerica.com%2Fservices%2F&hn=www.googleadservices.com&frm=0&tiba=Services%20%E2%80%93%20Security%20Guards%20of%20America&npa=0&pscdl=noapi&auid=1018955956.1718640941&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
Source: https://securityguardsofamerica.com/services/armed-guards/HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/793078452?random=1718640986442&cv=11&fst=1718640986442&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be46c0v9181079419za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fsecurityguardsofamerica.com%2Fservices%2Farmed-guards%2F&hn=www.googleadservices.com&frm=0&tiba=Armed%20Guards%20%E2%80%93%20Security%20Guards%20of%20America&npa=0&pscdl=noapi&auid=1018955956.1718640941&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
Source: about:blankHTTP Parser: No favicon
Source: https://securityguardsofamerica.com/HTTP Parser: No <meta name="author".. found
Source: https://securityguardsofamerica.com/HTTP Parser: No <meta name="author".. found
Source: https://securityguardsofamerica.com/HTTP Parser: No <meta name="author".. found
Source: https://securityguardsofamerica.com/HTTP Parser: No <meta name="author".. found
Source: https://securityguardsofamerica.com/HTTP Parser: No <meta name="author".. found
Source: https://securityguardsofamerica.com/services/HTTP Parser: No <meta name="author".. found
Source: https://securityguardsofamerica.com/services/HTTP Parser: No <meta name="author".. found
Source: https://securityguardsofamerica.com/services/armed-guards/HTTP Parser: No <meta name="author".. found
Source: https://securityguardsofamerica.com/HTTP Parser: No <meta name="copyright".. found
Source: https://securityguardsofamerica.com/HTTP Parser: No <meta name="copyright".. found
Source: https://securityguardsofamerica.com/HTTP Parser: No <meta name="copyright".. found
Source: https://securityguardsofamerica.com/HTTP Parser: No <meta name="copyright".. found
Source: https://securityguardsofamerica.com/HTTP Parser: No <meta name="copyright".. found
Source: https://securityguardsofamerica.com/services/HTTP Parser: No <meta name="copyright".. found
Source: https://securityguardsofamerica.com/services/HTTP Parser: No <meta name="copyright".. found
Source: https://securityguardsofamerica.com/services/armed-guards/HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49787 version: TLS 1.0
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.5:49712 -> 1.1.1.1:53
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49787 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.securityguardsofamerica.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: securityguardsofamerica.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.9.5 HTTP/1.1Host: securityguardsofamerica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://securityguardsofamerica.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9