Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://jzebra.com/wp-admin/css/colors/blue/telpiiaaa?OyNmbSPjwj

Overview

General Information

Sample URL:https://jzebra.com/wp-admin/css/colors/blue/telpiiaaa?OyNmbSPjwj
Analysis ID:1606871
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 7112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1900,i,9773269369724412599,3458966232268932431,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 460 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jzebra.com/wp-admin/css/colors/blue/telpiiaaa?OyNmbSPjwj" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://jzebra.com/wp-admin/css/colors/blue/telpiiaaa?OyNmbSPjwjAvira URL Cloud: detection malicious, Label: malware
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:64512 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:64531 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:64532 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:64533 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 18MB later: 31MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global trafficDNS traffic detected: DNS query: jzebra.com
Source: global trafficDNS traffic detected: DNS query: cdn.shopify.com
Source: global trafficDNS traffic detected: DNS query: gtm.shopify.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 64513 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64485 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64488 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64516 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64491 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64499 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64510 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64531 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64473
Source: unknownNetwork traffic detected: HTTP traffic on port 64504 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64468 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 64482 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64505
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64504
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64506
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64509
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64508
Source: unknownNetwork traffic detected: HTTP traffic on port 64479 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64466
Source: unknownNetwork traffic detected: HTTP traffic on port 64496 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64501
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64468
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64500
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64503
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64502
Source: unknownNetwork traffic detected: HTTP traffic on port 64509 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64480
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64482
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64484
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64483
Source: unknownNetwork traffic detected: HTTP traffic on port 64515 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64483 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64516
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64515
Source: unknownNetwork traffic detected: HTTP traffic on port 64486 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64518
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64517
Source: unknownNetwork traffic detected: HTTP traffic on port 64501 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64520 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64475
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64474
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64477
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64510
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64476
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64479
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64512
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64478
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64511
Source: unknownNetwork traffic detected: HTTP traffic on port 64474 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64514
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64513
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64491
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64490
Source: unknownNetwork traffic detected: HTTP traffic on port 64497 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64493
Source: unknownNetwork traffic detected: HTTP traffic on port 64506 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64537 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64492
Source: unknownNetwork traffic detected: HTTP traffic on port 64512 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64495
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64494
Source: unknownNetwork traffic detected: HTTP traffic on port 64466 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64480 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64527
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64526
Source: unknownNetwork traffic detected: HTTP traffic on port 64517 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64523 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64486
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64485
Source: unknownNetwork traffic detected: HTTP traffic on port 64494 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64488
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64487
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64520
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64523
Source: unknownNetwork traffic detected: HTTP traffic on port 64477 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64489
Source: unknownNetwork traffic detected: HTTP traffic on port 64475 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64498 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64532 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64503 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64537
Source: unknownNetwork traffic detected: HTTP traffic on port 64526 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64497
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64496
Source: unknownNetwork traffic detected: HTTP traffic on port 64495 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64499
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64532
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64498
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64531
Source: unknownNetwork traffic detected: HTTP traffic on port 64478 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64533
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64535
Source: unknownNetwork traffic detected: HTTP traffic on port 64535 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64508 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64514 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64500 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64489 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64492 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64511 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64505 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64518 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64493 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64476 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64533 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64502 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64484 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64487 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64527 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64473 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64490 -> 443
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:64512 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:64531 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:64532 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:64533 version: TLS 1.2
Source: classification engineClassification label: mal48.win@17/6@14/154
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1900,i,9773269369724412599,3458966232268932431,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jzebra.com/wp-admin/css/colors/blue/telpiiaaa?OyNmbSPjwj"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1900,i,9773269369724412599,3458966232268932431,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected