Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://sock-zizifn-anycast.cyliuhao.workers.dev/

Overview

General Information

Sample URL:http://sock-zizifn-anycast.cyliuhao.workers.dev/
Analysis ID:1594097
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
HTML page contains obfuscated javascript
Program does not show much activity (idle)

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2208,i,17120848005554578694,4858189122772677613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5848 --field-trial-handle=2208,i,17120848005554578694,4858189122772677613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sock-zizifn-anycast.cyliuhao.workers.dev/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://sock-zizifn-anycast.cyliuhao.workers.dev/Avira URL Cloud: detection malicious, Label: phishing

Phishing

barindex
HTML page contains obfuscated javascript
Source: https://js.player.cntv.cn/creator/vodplayer.jsHTTP Parser: var a0_0x51f3=['7G179E7AA7A17G179P7A9','ui_webFullScreen','iPhone','zIndex','hasBarrage','barrageApp
Source: https://sock-zizifn-anycast.cyliuhao.workers.dev/HTTP Parser: No favicon
Source: https://sock-zizifn-anycast.cyliuhao.workers.dev/HTTP Parser: No favicon
Source: https://sock-zizifn-anycast.cyliuhao.workers.dev/HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtmlHTTP Parser: No favicon
Source: chromecache_480.2.drString found in binary or memory: http://js.data.cctv.com/__aplus_plugin_cctv.js
Source: chromecache_488.2.drString found in binary or memory: http://js.player.cntv.cn/creator/fingerprint2.js
Source: chromecache_480.2.drString found in binary or memory: http://js.player.cntv.cn/creator/h5.worker?v=220805
Source: chromecache_480.2.drString found in binary or memory: http://js.player.cntv.cn/creator/html5player_analysis_lib.js
Source: chromecache_488.2.drString found in binary or memory: http://js.player.cntv.cn/creator/html5player_standard_multi.js
Source: chromecache_480.2.drString found in binary or memory: http://js.player.cntv.cn/creator/liveplayer_controls.js
Source: chromecache_480.2.drString found in binary or memory: http://ldncctvwbcdali.v.myalicdn.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8
Source: chromecache_480.2.drString found in binary or memory: http://ldncctvwbcdbd.a.bdydns.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8
Source: chromecache_480.2.drString found in binary or memory: http://ldncctvwbcdcnc.v.wscdns.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8
Source: chromecache_480.2.drString found in binary or memory: http://ldncctvwbcdtxy.liveplay.myqcloud.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8
Source: chromecache_480.2.drString found in binary or memory: http://ldncctvwbndali.v.myalicdn.com/ldncctvwbnd/ldcctv1_2/index.m3u8
Source: chromecache_480.2.drString found in binary or memory: http://ldncctvwbndcnc.v.wscdns.com/ldncctvwbnd/ldcctv1_2/index.m3u8
Source: chromecache_480.2.drString found in binary or memory: http://ldncctvwbndhwy.cntv.myhwcdn.cn/ldncctvwbnd/ldcctv1_2/index.m3u8
Source: chromecache_480.2.drString found in binary or memory: http://ldncctvwbndtxy.liveplay.myqcloud.com/ldncctvwbnd/ldcctv1_2/index.m3u8
Source: chromecache_583.2.drString found in binary or memory: http://ns.attribution.com/ads/1.0/
Source: chromecache_488.2.drString found in binary or memory: http://vdn.apps.cntv.cn/api/getIpadVideoInfo.do?pid=
Source: chromecache_480.2.drString found in binary or memory: http://vdnad.apps.cntv.cn/api/getIpadInfoAd.do?pid=
Source: chromecache_524.2.drString found in binary or memory: http://videojs.com/
Source: chromecache_480.2.drString found in binary or memory: https://a.app.qq.com/o/simple.jsp?pkgname=cn.cntv&android_schema=
Source: chromecache_480.2.drString found in binary or memory: https://a.app.qq.com/o/simple.jsp?pkgname=cn.cntv&ios_scheme=
Source: chromecache_480.2.drString found in binary or memory: https://a.app.qq.com/o/simple.jsp?pkgname=cn.cntvhd&ios_scheme=
Source: chromecache_480.2.drString found in binary or memory: https://api.live.cntv.cn/livestatic/zs/livestatic_config/unity_html5.json
Source: chromecache_480.2.drString found in binary or memory: https://api.live.cntv.cn/livestatic/zs/livestatic_config/unity_pcweb.json
Source: chromecache_480.2.drString found in binary or memory: https://app.cctv.com/special/download/ysyy/index.html
Source: chromecache_313.2.drString found in binary or memory: https://dh5.cntv.cdn20.com/asp/h5e/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/main
Source: chromecache_313.2.drString found in binary or memory: https://dhls.cntv.cdn20.com/asp/audio/f/4/d/4/f4d4981c63ad47ad9b0b436df933de91/mp3/main.m3u8
Source: chromecache_313.2.drString found in binary or memory: https://dhls.cntv.cdn20.com/asp/enc/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/mai
Source: chromecache_313.2.drString found in binary or memory: https://dhls.cntv.cdn20.com/asp/hlsaudio/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de9
Source: chromecache_313.2.drString found in binary or memory: https://dhls2.cntv.cdn20.com/asp/enc2/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/m
Source: chromecache_387.2.drString found in binary or memory: https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9
Source: chromecache_524.2.drString found in binary or memory: https://github.com/kesla/parse-headers/
Source: chromecache_524.2.drString found in binary or memory: https://github.com/kesla/parse-headers/blob/master/LICENCE
Source: chromecache_524.2.drString found in binary or memory: https://github.com/mozilla/vtt.js
Source: chromecache_524.2.drString found in binary or memory: https://github.com/mozilla/vtt.js/blob/main/LICENSE
Source: chromecache_524.2.drString found in binary or memory: https://github.com/videojs/video.js/blob/main/LICENSE
Source: chromecache_313.2.drString found in binary or memory: https://hls.cntv.cdn20.com/asp/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/main.m3u
Source: chromecache_488.2.dr, chromecache_480.2.drString found in binary or memory: https://js.data.cctv.com/__aplus_plugin_cctv.js
Source: chromecache_488.2.drString found in binary or memory: https://js.player.cntv.cn/creator/fingerprint2.js
Source: chromecache_480.2.drString found in binary or memory: https://js.player.cntv.cn/creator/html5player_analysis_lib.js
Source: chromecache_488.2.drString found in binary or memory: https://js.player.cntv.cn/creator/html5player_standard_multi.js
Source: chromecache_480.2.drString found in binary or memory: https://js.player.cntv.cn/creator/liveplayer_controls.js
Source: chromecache_313.2.drString found in binary or memory: https://p1.img.cctvpic.com/fmspic/2025/01/07/f4d4981c63ad47ad9b0b436df933de91-180.jpg
Source: chromecache_257.2.drString found in binary or memory: https://p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/headerDown.png?a
Source: chromecache_257.2.drString found in binary or memory: https://p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/headerUp.png?a
Source: chromecache_480.2.drString found in binary or memory: https://player.cntv.cn/html5Player/images/
Source: chromecache_480.2.drString found in binary or memory: https://player.cntv.cn/html5Player/images/20190905/cctvnews_loading.gif
Source: chromecache_480.2.drString found in binary or memory: https://player.cntv.cn/html5Player/images/cctv_html5player_loading.gif
Source: chromecache_366.2.drString found in binary or memory: https://tv.cctv.com/cctv4asia/
Source: chromecache_480.2.drString found in binary or memory: https://vdnad.apps.cntv.cn/api/getIpadInfoAd.do?pid=
Source: chromecache_524.2.drString found in binary or memory: https://www.brightcove.com/
Source: classification engineClassification label: mal52.phis.win@20/546@0/28
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2208,i,17120848005554578694,4858189122772677613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sock-zizifn-anycast.cyliuhao.workers.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5848 --field-trial-handle=2208,i,17120848005554578694,4858189122772677613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2208,i,17120848005554578694,4858189122772677613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5848 --field-trial-handle=2208,i,17120848005554578694,4858189122772677613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.