Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://0722.housunzi.eu.org/

Overview

General Information

Sample URL:http://0722.housunzi.eu.org/
Analysis ID:1595588
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
HTML page contains obfuscated javascript
Detected clear text password fields (password is not hidden)
HTML body contains password input but no form action
Program does not show much activity (idle)
Submit button contains javascript call

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2100,i,2604952844154620487,17880675682300276279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4120 --field-trial-handle=2100,i,2604952844154620487,17880675682300276279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://0722.housunzi.eu.org/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://0722.housunzi.eu.org/Avira URL Cloud: detection malicious, Label: phishing
Source: chromecache_898.2.drBinary or memory string: encryptd.setPublicKey('-----BEGIN PUBLIC KEY-----' + PUBLIC_KEY + '-----END PUBLIC KEY-----');memstr_285c9b9e-e

Phishing

barindex
HTML page contains obfuscated javascript
Source: https://js.player.cntv.cn/creator/vodplayer.jsHTTP Parser: var a0_0x51f3=['7G179E7AA7A17G179P7A9','ui_webFullScreen','iPhone','zIndex','hasBarrage','barrageApp
Source: https://english.cctv.com/HTTP Parser: <input type="text"... for password input
Source: https://english.cctv.com/HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://english.cctv.com/HTTP Parser: On click: queryByInputnewtop(document.getElementById('mytxtdafdfasdf').value);return false
Source: https://english.cctv.com/HTTP Parser: On click: queryByInputnewtop(document.getElementById('mytxtdafdfasdf').value);return false
Source: https://english.cctv.com/HTTP Parser: On click: queryByInputnewtop(document.getElementById('mytxtdafdfasdf').value);return false
Source: https://english.cctv.com/HTTP Parser: On click: queryByInputnewtop(document.getElementById('mytxtdafdfasdf').value);return false
Source: https://english.cctv.com/HTTP Parser: On click: queryByInputnewtop(document.getElementById('mytxtdafdfasdf').value);return false
Source: https://english.cctv.com/HTTP Parser: On click: queryByInputnewtop(document.getElementById('mytxtdafdfasdf').value);return false
Source: https://english.cctv.com/HTTP Parser: On click: queryByInputnewtop(document.getElementById('mytxtdafdfasdf').value);return false
Source: https://english.cctv.com/HTTP Parser: <input type="password" .../> found
Source: http://0722.housunzi.eu.org/HTTP Parser: No favicon
Source: http://0722.housunzi.eu.org/HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtmlHTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtmlHTTP Parser: No favicon
Source: https://english.cctv.com/HTTP Parser: No <meta name="author".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="author".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="author".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="author".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="author".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="author".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="author".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="copyright".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="copyright".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="copyright".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="copyright".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="copyright".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="copyright".. found
Source: https://english.cctv.com/HTTP Parser: No <meta name="copyright".. found
Source: chrome.exeMemory has grown: Private usage: 0MB later: 44MB
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: return 'https://www.yahoo.com'; equals www.yahoo.com (Yahoo)
Source: chromecache_752.2.drString found in binary or memory: http://chinaplus.cri.cn/
Source: chromecache_625.2.drString found in binary or memory: http://developer.yahoo.com/yui/license.html
Source: chromecache_752.2.drString found in binary or memory: http://en.gmw.cn/?spm=C69523.P89571092934.EQFGUD6X4J5X.6
Source: chromecache_752.2.drString found in binary or memory: http://en.people.cn/?spm=C69523.P89571092934.EQFGUD6X4J5X.4
Source: chromecache_752.2.drString found in binary or memory: http://en.qstheory.cn/
Source: chromecache_752.2.drString found in binary or memory: http://eng.taiwan.cn/?spm=C69523.P89571092934.EQFGUD6X4J5X.7
Source: chromecache_787.2.drString found in binary or memory: http://js.player.cntv.cn/creator/fingerprint2.js
Source: chromecache_787.2.drString found in binary or memory: http://js.player.cntv.cn/creator/html5player_standard_multi.js
Source: chromecache_524.2.drString found in binary or memory: http://jsfiddle.net/NDYV8/16/
Source: chromecache_524.2.drString found in binary or memory: http://jsfiddle.net/NDYV8/19/
Source: chromecache_625.2.drString found in binary or memory: http://lapo.it/asn1js/
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: http://mail.google.com
Source: chromecache_752.2.drString found in binary or memory: http://mn.cctv.com/?spm=C69523.P89571092934.0.0
Source: chromecache_699.2.drString found in binary or memory: http://ns.attribution.com/ads/1.0/
Source: chromecache_738.2.drString found in binary or memory: http://qrcode.cntv.cn/LZnXlD1Z
Source: chromecache_787.2.drString found in binary or memory: http://vdn.apps.cntv.cn/api/getIpadVideoInfo.do?pid=
Source: chromecache_337.2.drString found in binary or memory: http://videojs.com/
Source: chromecache_625.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: http://www.cctv.com
Source: chromecache_752.2.drString found in binary or memory: http://www.china.org.cn/?spm=C69523.P89571092934.EQFGUD6X4J5X.5
Source: chromecache_752.2.drString found in binary or memory: http://www.chinadaily.com.cn/?spm=C69523.P89571092934.EQFGUD6X4J5X.2
Source: chromecache_607.2.drString found in binary or memory: http://www.idangero.us/
Source: chromecache_607.2.drString found in binary or memory: http://www.idangero.us/swiper/
Source: chromecache_524.2.drString found in binary or memory: http://www.lalit.org/lab/javascript-css-font-detect/
Source: chromecache_524.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_524.2.drString found in binary or memory: http://www.stucox.com/blog/you-cant-detect-a-touchscreen/
Source: chromecache_752.2.drString found in binary or memory: http://www.xinhuanet.com/english/home.htm
Source: chromecache_524.2.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=781447
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/03/08/VIDEBzwrVbezHbZthFrywHpW240308.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/03/08/VIDErSBILgIMUMcpLdjplehE240308.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/11/11/VIDE3qWiGjOMWgcSObkEkW6R241111.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/11/11/VIDEyIz77RparkEvhTWPbC7t241111.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/11/12/VIDEBZFQNHhyEnFxc3r77Te9241112.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/11/12/VIDEGJ0z1rSSFiSuXLO2B7Bg241112.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/11/20/VIDENdNvwptFj1kYxlUINZ8u241120.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/11/25/VIDEAOLt9dqCc2dfjJ7Jbyva241125.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/11/26/VIDEAykuJRQ38VYmuc2rbArT241126.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/11/26/VIDEW9SY4GGQfmLgxiuzSfso241126.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/11/27/VIDEabZrqv5WyQe8nW74tb6Q241127.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/12/02/VIDESLOnrePllTx7nbpjIxCC241202.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/12/16/VIDEtpuGVA63B98TipcQoBoi241216.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2024/12/17/VIDEI7xn7fmwDfknkg8EBc6w241217.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/01/PHOAFNTb6lVq48uYgEgWh2xK250101.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/02/PHOAWBIthFV770oIUY8ZL6kT250102.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/02/PHOAfLBYqzC6gJocPSQszyC2250102.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/05/PHOAuBs597VKfyQIEqZQpfpU250105.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/09/PHOAD9tePi9xNamI76TTsBI1250109.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/09/VIDElFZ4ruIEsyDujnEyXteQ250109.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/09/VIDEpPHQWSp2whm2dgjTkwcw250109.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/10/VIDECzGLaBLSRfRTc38anQJs250110.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/10/VIDEVYpb3YcDzcVTZrhHPHZp250110.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/10/VIDEWoOKlBC1NtwuYpcGUOov250110.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/10/VIDEYTcXZowx6rBFA2JmkUoC250110.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/10/VIDEkxIqjPsjcCISclGldxLo250110.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/10/VIDEmTKIfk72M6nV1yMXNIrU250110.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/10/VIDEnvldmVI5UjWn5vqepxO5250110.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/12/PHOA0vmOALMFETkx4EBxKPQR250112.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/12/PHOArtYK49xoC0jXQOJ327fb250112.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/13/VIDEMoADkgvsiRbdsHPZ0zip250113.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/13/VIDEN9XI6TNWJ2W8VDi1UDwK250113.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/13/VIDEXQCrysEg5QmLn0nS7HxO250113.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/13/VIDEueIPK2S57DQc4lZkxfvB250113.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/16/ARTI96B1hOcc9KpIi5M5maqF250116.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/17/ARTINpb0WMsP7v2dztHulbOH250117.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/17/ARTIzjzbzEHxVevqLiWWFI7D250117.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/19/ARTITQqN0zsd7m8IEvIGpmJY250119.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/19/ARTIZscRPniM4iHGJLPwuyJl250119.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/19/ARTIzDwcELRxQxi6PAWo3dhR250119.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/20/ARTIjmQGdmK8KPe9J6uz9efV250120.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/20/ARTIsyKhZQfSIqFAP2db1WiR250120.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/2025/01/20/PHOAybWlgDruhfcOfRNZV1Y6250120.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/live_zb/LIVE5007.html?spm=C69523.PYFTpp6ydurE.M8Qjjv8nP1If.2&amp;pageid=500
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/news/
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/news/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/panview/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/special/Macao25yearson/h5/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/special/worldconferenceofclassics/h5/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/specialreports/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/view/chinaface/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/view/chinaqa/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/view/culture/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/view/economy/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/view/globalview/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/view/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/view/intotibet/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/view/nature/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/view/realxinjiang/index.shtml
Source: chromecache_752.2.drString found in binary or memory: https://english.cctv.com/view/trending/index.shtml
Source: chromecache_524.2.drString found in binary or memory: https://github.com/Modernizr/Modernizr/blob/master/feature-detects/canvas/winding.js
Source: chromecache_524.2.drString found in binary or memory: https://github.com/Modernizr/Modernizr/issues/548
Source: chromecache_524.2.drString found in binary or memory: https://github.com/Valve/fingerprintjs2
Source: chromecache_524.2.drString found in binary or memory: https://github.com/Valve/fingerprintjs2/issues/66
Source: chromecache_878.2.drString found in binary or memory: https://github.com/emn178/js-sha512
Source: chromecache_337.2.drString found in binary or memory: https://github.com/kesla/parse-headers/
Source: chromecache_337.2.drString found in binary or memory: https://github.com/kesla/parse-headers/blob/master/LICENCE
Source: chromecache_337.2.drString found in binary or memory: https://github.com/mozilla/vtt.js
Source: chromecache_337.2.drString found in binary or memory: https://github.com/mozilla/vtt.js/blob/main/LICENSE
Source: chromecache_337.2.drString found in binary or memory: https://github.com/videojs/video.js/blob/main/LICENSE
Source: chromecache_787.2.drString found in binary or memory: https://js.data.cctv.com/__aplus_plugin_cctv.js
Source: chromecache_787.2.drString found in binary or memory: https://js.player.cntv.cn/creator/fingerprint2.js
Source: chromecache_787.2.drString found in binary or memory: https://js.player.cntv.cn/creator/html5player_standard_multi.js
Source: chromecache_625.2.drString found in binary or memory: https://kjur.github.io/jsrsasign/license/
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://mail.10086.cn/
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://mail.126.com
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://mail.163.com
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://mail.21cn.com/w2
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://mail.sina.com.cn
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://mail.sohu.com
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://mail.tom.com
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://mail.wo.cn/
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://outlook.live.com/owa/
Source: chromecache_333.2.drString found in binary or memory: https://reg.cctv.com
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://reg.cctv.com/openapi/v2/user/captcha/dynamic/puzzle/check?timestamp=
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://reg.cctv.com/openapi/v2/user/captcha/dynamic/puzzle?timestamp=
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://staff.cntv.cn/
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://vip.163.com
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://vip.sina.com.cn
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://webmail30.189.cn/w2/index.html
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://www.188.com/
Source: chromecache_337.2.drString found in binary or memory: https://www.brightcove.com/
Source: chromecache_524.2.drString found in binary or memory: https://www.browserleaks.com/canvas#how-does-it-work
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://www.cctv.com/
Source: chromecache_752.2.drString found in binary or memory: https://www.cctv.com/?spm=C69523.P89571092934.0.0
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://www.yahoo.com
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://www.yeah.net
Source: chromecache_898.2.dr, chromecache_738.2.drString found in binary or memory: https://wx.mail.qq.com/
Source: classification engineClassification label: mal52.phis.win@22/936@0/31
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2100,i,2604952844154620487,17880675682300276279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://0722.housunzi.eu.org/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4120 --field-trial-handle=2100,i,2604952844154620487,17880675682300276279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2100,i,2604952844154620487,17880675682300276279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4120 --field-trial-handle=2100,i,2604952844154620487,17880675682300276279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote Services1
Archive Collected Data		Data ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Extra Window Memory Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.