Edit tour

Windows Analysis Report
https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714#_msdynmkt_donottrack=0,_msdynmkt_linkid=37db13e4-8bf7-4e91-a0fa-9dd02c9e6ee4

Overview

General Information

Sample URL:	https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714#_msdynmkt_donottrack=0,_msdynmkt_linkid=37db13e4-8bf7-4e91-a
Analysis ID:	1633775
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,2008863830503996276,11104318198170679068,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714#_msdynmkt_donottrack=0,_msdynmkt_linkid=37db13e4-8bf7-4e91-a0fa-9dd02c9e6ee4" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
2.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://020g.online/nicolas/

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The URL '020g.online' does not match the legitimate domain for Microsoft., The domain '020g.online' is suspicious due to its unusual structure and lack of association with Microsoft., The use of a generic domain extension '.online' is often associated with phishing attempts., The presence of an input field asking for an email on a non-legitimate domain is a common phishing tactic. DOM: 2.4.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML

Source: https://020g.online/nicolas/

HTTP Parser: Number of links: 0

Source: https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714

HTTP Parser: Base64 decoded: <svg width='16' height='16' viewBox='0 0 16 16' fill='none' xmlns='http://www.w3.org/2000/svg'><path d='M10.1328 0.296875C10.9974 0.53125 11.7891 0.898438 12.5078 1.39844C13.2266 1.89323 13.8438 2.48177 14.3594 3.16406C14.8802 3.84115 15.2839 4.59375 15.5...

Source: https://020g.online/nicolas/

HTTP Parser: Title: One Drive - Login does not match URL

Source: https://020g.online/nicolas/

HTTP Parser: <input type="password" .../> found

Source: https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714#_msdynmkt_donottrack=0,_msdynmkt_linkid=37db13e4-8bf7-4e91-a0fa-9dd02c9e6ee4	HTTP Parser: No favicon
Source: https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714	HTTP Parser: No favicon
Source: https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714	HTTP Parser: No favicon
Source: https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714	HTTP Parser: No favicon
Source: https://020g.online/nicolas/	HTTP Parser: No favicon
Source: https://020g.online/nicolas/	HTTP Parser: No favicon
Source: https://020g.online/nicolas/	HTTP Parser: No favicon

Source: https://020g.online/nicolas/	HTTP Parser: No <meta name="author".. found
Source: https://020g.online/nicolas/	HTTP Parser: No <meta name="author".. found
Source: https://020g.online/nicolas/	HTTP Parser: No <meta name="author".. found

Source: https://020g.online/nicolas/	HTTP Parser: No <meta name="copyright".. found
Source: https://020g.online/nicolas/	HTTP Parser: No <meta name="copyright".. found
Source: https://020g.online/nicolas/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: chrome.exe

Memory has grown: Private usage: 18MB later: 36MB

Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714 HTTP/1.1Host: assets-fra.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: assets-fra.mkt.dynamics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714 HTTP/1.1Host: assets-fra.mkt.dynamics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/plainsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v1.0/orgs/b3baa109-6efd-ef11-b016-002248d9b9fa/landingpageforms/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714/visits HTTP/1.1Host: public-fra.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v1.0/orgs/b3baa109-6efd-ef11-b016-002248d9b9fa/landingpageforms/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714 HTTP/1.1Host: public-fra.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: assets-fra.mkt.dynamics.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: public-fra.mkt.dynamics.com
Source: global traffic	DNS traffic detected: DNS query: 020g.online
Source: global traffic	DNS traffic detected: DNS query: viraltrendingnews.cloud
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

HTTP traffic detected: POST /api/v1.0/orgs/b3baa109-6efd-ef11-b016-002248d9b9fa/landingpageforms/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714/visits HTTP/1.1Host: public-fra.mkt.dynamics.comConnection: keep-aliveContent-Length: 153sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/jsonsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/jsonsec-ch-ua-mobile: ?0Origin: https://assets-fra.mkt.dynamics.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Mar 2025 14:14:29 GMTContent-Type: text/htmlContent-Length: 548Connection: closeStrict-Transport-Security: max-age=2592000; preloadx-azure-ref: 20250310T141429Z-168c7c87b664lbhjhC1MNZ2hqs0000000900000000005ymnx-fd-int-roxy-purgeid: 83681152X-Cache: TCP_MISS
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 10 Mar 2025 14:15:10 GMTContent-Length: 0Connection: closex-ms-trace-id: 503c29ab42fefc3702764742de7af825Strict-Transport-Security: max-age=2592000; preload

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir1712_1087659470

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir1712_1087659470

Source: classification engine

Classification label: mal56.phis.win@22/15@20/111

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,2008863830503996276,11104318198170679068,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714#_msdynmkt_donottrack=0,_msdynmkt_linkid=37db13e4-8bf7-4e91-a0fa-9dd02c9e6ee4"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,2008863830503996276,11104318198170679068,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	12 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714#_msdynmkt_donottrack=0,_msdynmkt_linkid=37db13e4-8bf7-4e91-a0fa-9dd02c9e6ee4	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714	0%	Avira URL Cloud	safe
https://assets-fra.mkt.dynamics.com/favicon.ico	0%	Avira URL Cloud	safe
https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714	0%	Avira URL Cloud	safe
https://public-fra.mkt.dynamics.com/api/v1.0/orgs/b3baa109-6efd-ef11-b016-002248d9b9fa/landingpageforms/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714/visits	0%	Avira URL Cloud	safe
https://public-fra.mkt.dynamics.com/api/v1.0/orgs/b3baa109-6efd-ef11-b016-002248d9b9fa/landingpageforms/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=b%2FA6oOJGtoh7fC7ax7VUxlfXHqP1S4oaBrLbqfoB3%2BENnhevXOHQMkAmMhhcaj4YTUO4ea791Q6LBMsX0O95lVFwoeBqHh60UoPUI18F2uBpsyIgPkuGghVGdGHpbQ%3D%3D	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
prdia888cfr0aks.mkt.dynamics.com	51.138.215.192	true	false	unknown
viraltrendingnews.cloud	104.21.26.88	true	false	unknown
020g.online	172.67.220.6	true	true	unknown
www.google.com	172.217.16.196	true	false	high
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	high
public-fra.mkt.dynamics.com	unknown	unknown	false	high
assets-fra.mkt.dynamics.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://public-fra.mkt.dynamics.com/api/v1.0/orgs/b3baa109-6efd-ef11-b016-002248d9b9fa/landingpageforms/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714	false	Avira URL Cloud: safe	unknown
https://020g.online/nicolas/	true		unknown
https://public-fra.mkt.dynamics.com/api/v1.0/orgs/b3baa109-6efd-ef11-b016-002248d9b9fa/landingpageforms/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714/visits	false	Avira URL Cloud: safe	unknown
https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=b%2FA6oOJGtoh7fC7ax7VUxlfXHqP1S4oaBrLbqfoB3%2BENnhevXOHQMkAmMhhcaj4YTUO4ea791Q6LBMsX0O95lVFwoeBqHh60UoPUI18F2uBpsyIgPkuGghVGdGHpbQ%3D%3D	false	Avira URL Cloud: safe	unknown
https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714#_msdynmkt_donottrack=0,_msdynmkt_linkid=37db13e4-8bf7-4e91-a0fa-9dd02c9e6ee4	false		unknown
https://assets-fra.mkt.dynamics.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.99	unknown	United States	15169	GOOGLEUS	false
142.250.186.35	unknown	United States	15169	GOOGLEUS	false
142.250.185.78	unknown	United States	15169	GOOGLEUS	false
74.125.133.84	unknown	United States	15169	GOOGLEUS	false
172.217.16.206	unknown	United States	15169	GOOGLEUS	false
104.21.26.88	viraltrendingnews.cloud	United States	13335	CLOUDFLARENETUS	false
142.250.185.234	unknown	United States	15169	GOOGLEUS	false
172.67.135.203	unknown	United States	13335	CLOUDFLARENETUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
13.107.253.72	s-part-0044.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.67.220.6	020g.online	United States	13335	CLOUDFLARENETUS	true
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.72.110	unknown	United States	15169	GOOGLEUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false
51.138.215.192	prdia888cfr0aks.mkt.dynamics.com	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1633775
Start date and time:	2025-03-10 15:13:42 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714#_msdynmkt_donottrack=0,_msdynmkt_linkid=37db13e4-8bf7-4e91-a0fa-9dd02c9e6ee4
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@22/15@20/111

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.78, 142.250.185.99, 172.217.16.206, 74.125.133.84
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714#_msdynmkt_donottrack=0,_msdynmkt_linkid=37db13e4-8bf7-4e91-a0fa-9dd02c9e6ee4

Created / dropped Files

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 5752
Category:	dropped
Size (bytes):	5417
Entropy (8bit):	7.95243544962047
Encrypted:	false
SSDEEP:
MD5:	1ACAB8E55CA0A2B4ECE0E30701BE5C6E
SHA1:	2C47A99B36535AB4C0C37DB9218091F7CFD4C6FC
SHA-256:	5F7A2E242732B038EE4050D9D6E7D1E2F1690FD3C127E3C6FD9FFBB6A5951C8B
SHA-512:	F758EE4B8FCA689C3D814C74D862B2B4F64598977500F741434CEF8D4A9AA7B740995AE1BCD49DA71A0FEC4C8EBFF4E1CB40B112832898BB935CB5364AC9E3A1
Malicious:	false
Reputation:	unknown
Preview:	...........WgXSY.>. .45T....&..Hg>..AH...H'..$.(. C....R...BU...%.wP.CQT..:3w...?w'..k.....{.................Gt .`c9..............`............O\|..B..%.K..R......`W.a.R..N..`.........J...R...?.........Y.Y`....`.f`.f8j...Cd>..Oa`<..r...........YX.O.`........nf.s.d.#b...{.Isdr.y....w..5..>a......^.t.....3...'...O00..`..s.'..}....8$....@..P..gY.h....#7.7..l../...S.mj.d.#s.H1}>U..j9l_+..ZP..t...,...OM..W.WG...V#W..c....h.k..Y..mT..5Mk5..na....;..?1.C..R.....>c.'>7.......Vr..9~.?.O........%..@G4......n]..^.&.E......y.5..8....i".......:.."H6...j...)d...5^1.Mjn.;.d.+...}.K^..}.}...ZZfq.Hm.y.L..._..(.!F..L_..fq..;"O:....F.c.....G....w..b..XS.v..\\|.:.9...+.I.O..}.&Y...... Mz/..'.Y.y..c.Y......Q.B......=.....;T;...nA...........4.......tJ.hM..z.q...yv....;...$...,._."../.......e.?.f.........w......O:.....#;.~g...6.ag}..Kf..-l.)...Acy.f._(Q.........eA..1x.....3..........^%t2n...*s.MK1..h...3....Sh..N.i.V5.....\|...f.wj....,n..zJ..t)........Qc..

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	548
Entropy (8bit):	4.688532577858027
Encrypted:	false
SSDEEP:
MD5:	370E16C3B7DBA286CFF055F93B9A94D8
SHA1:	65F3537C3C798F7DA146C55AEF536F7B5D0CB943
SHA-256:	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
SHA-512:	75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
Malicious:	false
Reputation:	unknown
URL:	https://assets-fra.mkt.dynamics.com/favicon.ico
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 27130
Category:	dropped
Size (bytes):	26963
Entropy (8bit):	7.9899952742201155
Encrypted:	false
SSDEEP:
MD5:	D7DC4C1A8A98BAE6D0CAB52817E203FA
SHA1:	EC3655F3EBA2AFC9A512F641177D15009792EC5B
SHA-256:	B89A941B4111CEE1DB745A75EABC3FB28FF1706D8F36224EA2D4598ADB6EF255
SHA-512:	0C0553C387EF3C23D5614DCBDA33F5037F4779B666945354064CFB4AAC583C6AAB3BED2412CC807DF938907177C3F78A5CB6E68C23FBD2FF93143310BBC14B66
Malicious:	false
Reputation:	unknown
Preview:	...........z..\......4.m;Mc.m6f'..4..I2..m......e>g.<......QJ.................}:.\...B>.i'?...u...w5....t....'.?;fH..l_...f.).R..N5.m6.!....M..f..^.>tv[>....l)..S.....>Y`..{.....$.s...767'.e......bQ....b...aA...../...e.....]MYeN}....@.Cl.w.......~..i.....;.....s.t...SA.K...L3'5..c.&l..0.......m....vez..Q..I......\i.}.=.c......i..=\|..5...Z<.?J,....HAlH,r...g..1..7....!..oV[.Y..!+..m)..i..%....n...)....H%...dQ.....M..>.s2)Zx..ch..}\e...4....(.-.!..a.9..ZRDH6f6AqD[...".a1.z.g..Z?j....../h..i.......,.En(A......i...O.&.8.oKy=.q>...].....=....8..B.s(.F.0....-......l... .a @o"r.~C0O6...nir{\n.........-..I..?.].{Y?1.)..v.T......n..`]..i.i.C3.i...!G.7..L.j.........F3..('.V7.E....c.....i..3..V.{.".y\....y$.....Zr.\|.e...i5 ..p.7...7.7.S.K..#NS...Y..j...n...x{^./C.........N.K.......{...r...J.i.....A/_.,....W"...J.H;KlR.....Q....7......6...l..l.v.^..!8..w..ot.~1..;...)..9.i{.).+.....u1..C\.f..2...2x]...8 B...V......(.Ww.T...Q...E.M.....\|B..{...H3....j..L

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	2960
Entropy (8bit):	7.921924377109467
Encrypted:	false
SSDEEP:
MD5:	2F94138C0D0636F40B408F4A7174F921
SHA1:	9492280F462A83E018070DE93FB86415FA5E94B8
SHA-256:	E80C28749E98BE8169286755A24284E1B78E651D1F854C10DE21931CA50DBBAF
SHA-512:	9AC1BDF75F36BB9F3C2D548DB4244CE2F97D5EC63972E3041D8E06CDC679BE666A9CFA7CA826EBA3C49580A71A01D6B83B63418120F800511B96BBD5EDD102CC
Malicious:	false
Reputation:	unknown
URL:	https://020g.online/nicolas/
Preview:	(./..X.[.Zp..+......:......QJ\N......=9m.8.mG..L.D..../3.6.,.....e..K.n....W..k........./..r.,o._...."p.A6!..xCW.+}.......w.......RXZ..d...8.T...4 .Vb.....Q~.n%i5l.g..,..\|....a...y..D..c..Z..Q.S...TM.2U...........+U`.V1/..<.:dN1..ujCW&s..^....d[.E..`w..ur&.OXfy.tbYZ.0...."....l.-{......\...D^.Kw.<.I.,..M.....%.\i...8.... y...K.....M..H`.k#X`...0!`...G.....uDO...)...Z..u@Q..(...Y.`...H>...DC.Ob...7.K.+....W.N1e3.\|0..m^pl2....!.5.B.b.8.C.Z..j.f.....a.A..0....H......!.1.j+I......k.<..s..z.J...p.%2.....J.+.\.sH1,....Q,.>..s^I.K.+A.)_..h..l.4eE5.K\|.`.g.....!g..+j.o.a.R..Y.U...\|..@@........&......t'E.wj.3.....fD..\|.l>{ j.u@.:..j4.+Q....Ni.....*w.......:uMa!..-..tW@2.......6i:.6_.,.....J.Z;R.X.....d.l.Z.m1...3....@..)R...>...g...{m1.Hd..__.y..2....._......F.....KDz.k..W..>..[.e3dC.-r.j.u.~).u......0...)..RLXX....2d.e.9.....1]..k1. ..t9S..%....c.H...!..ia..b.c~}S6s.a.L.9.I?g.,K....N.M..sjr&g.D.W.A".<8.d.y"V.Zl.m%3uu....r&gr.(.5tSV.c.X.3

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	32
Entropy (8bit):	4.265319531114783
Encrypted:	false
SSDEEP:
MD5:	082CF463008E253A696BEF3FA20D2DD7
SHA1:	13CCDF67D935420564B42419F863A2D05BA94C2E
SHA-256:	DB046BF55550F52DD08801DDB9D6D9E86E0162346778CBF5D965D47A3F19251F
SHA-512:	FA4DFF596A295DAF79C6033EFC5B0113BD248DA3A91CE4DFD8A0371A9DE8D8D8D7C4A4AED86EF568937C10D4E32AEC18BE188EEB4C0A12E3C123DDB28A2FAEDE
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCRSqPy8-LH7REgUNwpsfdyEIs354AfUpARIZCUdN5Kli1JK6EgUNRZbD5CH7Ks9yfnJ_7g==?alt=proto
Preview:	CgkKBw3Cmx93GgAKCQoHDUWWw+QaAA==

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	568
Entropy (8bit):	5.047709385347708
Encrypted:	false
SSDEEP:
MD5:	238FA390E3C5EA75053AF6B2E3E4272C
SHA1:	0C4830E9DCD8055C8EF6B5FD2ADD9E1E0C32F61F
SHA-256:	BC58BD963EF8942E119A46533428E20D1ECA8AFB5D2356B0786854661B71BD7F
SHA-512:	6DB4339CC253C83AC039F5C57E2B58D2ED89BEB1F840835303870DE4EA0C251C43241F735CDB061CB1B01D2B938CB5F00FA155B105CF5D9A09C0C93245C407E5
Malicious:	false
Reputation:	unknown
URL:	https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714
Preview:	<div. data-form-id='fe7058e5-a1fd-ef11-bae3-000d3a959714'. data-form-api-url='https://public-fra.mkt.dynamics.com/api/v1.0/orgs/b3baa109-6efd-ef11-b016-002248d9b9fa/landingpageforms'. data-cached-form-url='https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714' ></div>. <script src = 'https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/fra/FormLoader/FormLoader.bundle.js' ></script>. <script>document.documentElement.lang = navigator.language;</script>

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65461)
Category:	downloaded
Size (bytes):	798352
Entropy (8bit):	5.4341942415054865
Encrypted:	false
SSDEEP:
MD5:	027FCB222FF7F55727BB05FE563E0845
SHA1:	BACB3A9D3AF2F802ABEF77271FF629CAD2BC46CD
SHA-256:	DA08B220F1F44BAD02CF221BDBA5DBD284017271CE76A579406F8B75B0627753
SHA-512:	4DFE7C514B6A2B6854AFC27B7BE142C9EEE83063F86D1F20C023B322BFC78E2532E75A187FF6D44B52683692DFDB4429B74D90C9CCAD99C8A4EB7A5480A5025C
Malicious:	false
Reputation:	unknown
URL:	https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/fra/FormLoader/FormLoader.bundle.js
Preview:	/! For license information please see FormLoader.bundle.js.LICENSE.txt /.var d365mktforms;(()=>{var e,t,n={686:function(e,t){var n="undefined"!=typeof self?self:this,r=function(){function e(){this.fetch=!1,this.DOMException=n.DOMException}return e.prototype=n,new e}();!function(e){!function(t){var n="URLSearchParams"in e,r="Symbol"in e&&"iterator"in Symbol,i="FileReader"in e&&"Blob"in e&&function(){try{return new Blob,!0}catch(e){return!1}}(),a="FormData"in e,o="ArrayBuffer"in e;if(o)var s=["[object Int8Array]","[object Uint8Array]","[object Uint8ClampedArray]","[object Int16Array]","[object Uint16Array]","[object Int32Array]","[object Uint32Array]","[object Float32Array]","[object Float64Array]"],u=ArrayBuffer.isView\|\|function(e){return e&&s.indexOf(Object.prototype.toString.call(e))>-1};function l(e){if("string"!=typeof e&&(e=String(e)),/[^a-z0-9\-#$%&'*+.^_`\|~]/i.test(e))throw new TypeError("Invalid character in header field name");return e.toLowerCase()}function c(e){return"strin

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (732)
Category:	downloaded
Size (bytes):	35792
Entropy (8bit):	4.213729367610327
Encrypted:	false
SSDEEP:
MD5:	8D5E4CAD75A4ADE4E187CD811E1626D0
SHA1:	19060AAA7FE6198FCCE51C5E9C21DE24117DDCAF
SHA-256:	0F957B2A551052EC4321E32C2C7CA601E934954E8B6AF676787DE24D79205457
SHA-512:	3308533B2DE18EE9EB28DC78CCECCF3FFC3E09B7369FC699FA755F37ED2A1F264D3938FE1783E4EA9D0BFE0C82772EB4DF0A4E24B47036BD395B4A4698B72BEF
Malicious:	false
Reputation:	unknown
URL:	https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/forms/fe7058e5-a1fd-ef11-bae3-000d3a959714
Preview:	<!DOCTYPE html><html><head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Marketing Form</title>. <meta name="referrer" content="never">. <meta type="xrm/designer/setting" name="type" value="marketing-designer-content-editor-document">. <meta type="xrm/designer/setting" name="layout-editable" value="marketing-designer-layout-editable">. <style>. .hide-on-desktop-class {. display: none !important;. }. . .editor-control-layout html {. box-sizing: border-box;. background-color: #fff;. }. .editor-control-layout ,. .editor-control-layout :before,. .editor-control-layout *:after {. box-sizing: inherit;. }.. .marketingForm h1 {. color: #000;. margin: 0px;.

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	43719
Entropy (8bit):	7.9907989746822015
Encrypted:	true
SSDEEP:
MD5:	CAEAB4CE22052BD4C04FD16E61381CC0
SHA1:	C7F8CBA61CFBABF8186506F93F25B8986BD088AC
SHA-256:	24A74DDF112FDAAB7D884FAF02C10FAF0BA8C641729BDF0138EE8093A6C51E4F
SHA-512:	E6041EC759BF0E63D186F897EBEBD0EA4983B237303FA036337AC2ED0EB5D36CE45DDF84CF88B85AE5C60BDECBB6736416E3EFC64D74A75BD4BCD21B29A3D207
Malicious:	false
Reputation:	unknown
URL:	https://020g.online/favicon.ico
Preview:	(./..X,..6.T$ .........6?n.Q.....z....K&...`.\|..I.L.H....o.....`...K....?.......?.[._.....V...l...=O....zT..5..}..Z_-_.w...n...u..'..F.K.M.X.+....W..<@\b..t..'..D.~.].f..l..j..UM"....j.</>.a....0...P..E.:.;M0.....P...^.....:.?sH..n.i.7.T..z@w.D.w,.1..I.N.D..f?..G....HQ.9.t../.\z..y8zl....(h.B!6\|iQ0.u.(..X.......ZO......0...C..........dG.1.#.!.f.....@B..a.. 4.(D5..N.....Y.dx%P_.]...o.......i."."(..A.V.QDu\..\|...tLy..G.e[xs:.b.z....`...Y.A.A.{.].....f..&Hj_...V........J..i...A.a.R...w..p..pjti'....y....tE.n... .HD..?....p............b0M.`........%....b..M.+..1)J..>....c[.P!..B6..fBmdo...........F}OG].........r.....w...:..t.VMV..,.5il.._..W....h.....z.k.PBJ.....)..."...ybe.8....../.b;.eT..\|d.....O...?...5AXK....r=:.]P.k...n..6A..1f#!..NO.u6C.\.....5....c\Gj.....X~qC..5.0m..=..q.!.....,.p...^9ly?.{a...f}.O..N'6..u.O/.1...b....#.an.y...&.3M...~.[.d+.....!I.f...C.a..t..... ..'....~. &L...R..iw{`.g.a.H..R...5.../v..vC..?M..j.....q0.......2.K.v.

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2653
Entropy (8bit):	4.656205643398799
Encrypted:	false
SSDEEP:
MD5:	B5E6292FA9517549D45416C9C6CD4E06
SHA1:	30671DFF46C5A0530354ABB1CE0A67DB1FAEFAFC
SHA-256:	90686C009E85AC275D42155E113026F48A0D6DDE754290201DF12AF9F872E34E
SHA-512:	9B5A10924D16C847652C9F966AF70373642508F84F8A3C96470F69DE5BD3546E8905F7D18687AE7A5B18D4A42D772EDA6754F835FD25DD3036F029F603314C92
Malicious:	false
Reputation:	unknown
Preview:	{.. "FormFailedToLoad": "Failed to load form",.. "FormFailedToLoadCors": "The form can not be loaded on a domain that hasn't been allowed for external form hosting or there is a network connectivity issue",.. "LearnMore": "Learn more",.. "FormSubmitted": "Form submitted",.. "FormSubmittedWaitlist": "You have been added to the waitlist.",.. "FormSubmitError": "Error submitting the form",.. "Reload": "Reload",.. "LookupLoading": "loading...",.. "LookupGenericError": "There was a problem retrieving items. Try again later.",.. "ValidationRequiredField": "This field is required",.. "ValidationSessionSelectionRequired": "Please choose at least one session",.. "ValidationSingleSessionSelectionRequired": "Please choose a session",.. "EventFailedToLoad": "Failed to load event.",.. "EventAtCapacity": "The event is full and is not accepting any more sign-ups.",.. "EventNotLive": "We are still setting up this event. Please check again in some time or contact the event organizer ",..

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	dropped
Size (bytes):	124
Entropy (8bit):	6.3753702014286615
Encrypted:	false
SSDEEP:
MD5:	DFE91F9D6F0462D2EF9B0F94C0B7DA9C
SHA1:	3AECF3F8294251351DFE7AF6CB963643A605ACBE
SHA-256:	23B7EE73089E5DC10A58442D989A0F091BFC156EC8B5DCF865C7C6435157439D
SHA-512:	DFF1E0C5BB177DD4AA2C0D548A0A305D6E9D3E39BDB8353459A2D40D4FFFCAEB7272046F672D9C81456689B21A48FB6A019F8F1D0962D673C7795CEBB9B9846D
Malicious:	false
Reputation:	unknown
Preview:	(./..X...BH....m.h;..7~/9T.m.bn..u...L...yG....K...(.L.kh5-.Ha..0.Z..Z.y_}J.........ns..9..Y]...0..mS.<..;/..`HnX...f.

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 75819
Category:	dropped
Size (bytes):	75545
Entropy (8bit):	7.994685670849929
Encrypted:	true
SSDEEP:
MD5:	7E67275B5FE3DDB4776B9D1C760BD8C0
SHA1:	4E21BAA6482840C163CA098E2754234A92B0DCA3
SHA-256:	7C41E0A703B71552345C99C9895F3CFEC34EA4DCA51D57D351AFF1BE2E2BD95A
SHA-512:	02D56CE317058BEE2A1CDBE00976C664AF568CBE4C9DF7F0175B26A51341DD78C6B801017D5673F70B9D9F6D126908C5EB755794EC2F60F2F1CB0B7DD67D8D81
Malicious:	false
Reputation:	unknown
Preview:	...........[.WT..U..i..Z......Szh.N..n..B.s$.ah......O....3..9{....$..F.....L.O.j/^.L}........Mq..._^.J.ix-.=.......8...z..GF..x..\|......5.^.......~N..8m...%....R........h..m....(..9..MP...v..i.r:0.....GA.......X...g!.scz.x]...i.3C....g..k.14^....Tz}sf.I...g......]..\|.U...u...Z.....%.Q..../Z......;........t.=Y.oK....'...ek...P...sB.....O...o..A../..9..+............r.}y#.Zj.............+.+=A+...........Q:....jjy....L,>.(.(j........>..Zu.Ui...,.W....6..m'.>C1..E..BP.:...m.........8..\|.4..{oz..X.g.u......w....[...?...\|.......=Y.4...-_.r.={.'....e...+.hqb.~.....:./l....d....L.D#k..J. .5.4....T...Q...\|.....n^.....#:....w.l..u...mE.T...~L.....Z..h...o..5...H.M/....qk.....'.B;.....R..v#.E.<#.O.....)....O.6#.j+..7.......\..vE..k...A<.EE...)..g.......r"........][...]SJ._rf.RLSP..@..../.....h&..w.EY.p+.....<m. u...G....e.l..oSMM9l./(.^&.#.0.../.c1.~...?.g{iw>.~$....J...J...n.ZZh..[k..j....n..a..I.nnn.=r....(.2.K..s..".

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 21 x 18, 8-bit grayscale, non-interlaced
Category:	downloaded
Size (bytes):	146
Entropy (8bit):	5.83460829298183
Encrypted:	false
SSDEEP:
MD5:	C7350DD5AC7E6DBAB0919D1F590D3723
SHA1:	060C79B3684C0AE4B0CAD3E988F894FA438488BE
SHA-256:	C7778CC7DF0E80C7AD3D7610C56CA320F3D27BCC23EC0FF4DD9EE9B1E27BA401
SHA-512:	22030F73689D4A959B4A604420F2967ED694D9CF004DC2731393E0E2E5F0AA92FB89B0FDAE9D394519531420F1CE1BA2D9C142516AB30A8692064897F7BD69C3
Malicious:	false
Reputation:	unknown
URL:	https://viraltrendingnews.cloud/img/ar.png
Preview:	.PNG........IHDR..............y.....YIDAT..c...01.T...m...'.s@Q.......K..G......?..+.......36.....s.v.v....._..WL...&lEw.e....a....jz....IEND.B`.

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	36974
Entropy (8bit):	4.231178686788906
Encrypted:	false
SSDEEP:
MD5:	AA18B7F99270CF996FA6386EE588611F
SHA1:	D6D3AF42CDDE57BC06AABBF6CF37324703EC8202
SHA-256:	A140C6FD8896BE2B8E77E85401490E0C4B740CCCD7E9617A7367548677B1754F
SHA-512:	50BDB7771EFA646CD699AAA9ECD2E87DEA03FC5FF31586A80AF8F6F1AF8AD50CF7A722835BF11E1CB609338BCD2592301057501E9B56561BD39114597D935675
Malicious:	false
Reputation:	unknown
Preview:	{"formRenderingStatus":0,"formHtml":"<!DOCTYPE html><html><head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <title>Marketing Form</title>\n <meta name=\"referrer\" content=\"never\">\n <meta type=\"xrm/designer/setting\" name=\"type\" value=\"marketing-designer-content-editor-document\">\n <meta type=\"xrm/designer/setting\" name=\"layout-editable\" value=\"marketing-designer-layout-editable\">\n <style>\n .hide-on-desktop-class {\n display: none !important;\n }\n \n .editor-control-layout html {\n box-sizing: border-box;\n background-color: #fff;\n }\n .editor-control-layout ,\n .editor-control-layout :before,\n .editor-control-layout *:after {\n box-sizing: inherit;\n }\n\n

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 209548
Category:	downloaded
Size (bytes):	209504
Entropy (8bit):	7.990120243038089
Encrypted:	true
SSDEEP:
MD5:	8A0136212EC7002331BE0BBFFFBDB7D3
SHA1:	CD4EC346CDA8F080FF0B85A670476E1ECD138E9E
SHA-256:	307A5CBC7AA8BE0D45AB2CD3E4CCB459EA0066B20C3AC12C301FDDD1F90826C9
SHA-512:	D6003E28E6E7F70A73A92A8062781D7597881DA8564862CF278171916CDFE806A9EC06CB6A248865F985015330EFC8F1DF118C6AD0368EA48E1F6E882214E7F8
Malicious:	false
Reputation:	unknown
URL:	https://viraltrendingnews.cloud/img/cd.png
Preview:	...........>@...PNG........IHDR...U...x.....e.......IDATx.....-.J@....\.<+.pP.;s.?(..a....K.E.}..".cv[.HJ..&.........o......o......o......o......o......o..............[.Y...?~...'.X.P.:.k...P.7...c..f.^..z.4.C..b.AJ.Zi.a..t.....6..T.z.2.`m.3vI.b.#u@.M."...6..{..6.}~}I.i......h.;o_q........./......G....!...!...'p._".M.uR3..3..5.4..r.C(2.+[.mL.k..Ih.../(.6.a.=..}.......2...1."W..$...G.Lu.'....i.06......_.....[T.wv^s....g\...V@.vi>M...?.^.n...........*b......O.....F..........i.........f..2....0p...............T.e@.tr...`/Z.$.....r............F..N.2)....1.g.t@.U.e.$......o.hg.+.+n.nh..v...g.}..........[b..y.oq.. N.^.g.Zhq..g!.`.{............... '.O......dV.i........5.@h..9Mc1.1.h....Vb.b74TP`.-.5=....m..7;........J....W.N...oZ...!^..@P....X.?....[.n...l..ho=(GP...y[../3s.rK..;v...u.....p...?....JE..B/.(...2..I......vz1ES.Z!W..}X ...\|...(......:.~.A.@.Cv....J/.....V...Z..=.q..b^.>.....0u.....$D[@.-.. .X.~!.+......\|.........A~.^........"...

Static File Info

⊘No static file info

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714#_msdynmkt_donottrack=0,_msdynmkt_linkid=37db13e4-8bf7-4e91-a0fa-9dd02c9e6ee4

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 78

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Static File Info

Windows Analysis Report
https://assets-fra.mkt.dynamics.com/b3baa109-6efd-ef11-b016-002248d9b9fa/digitalassets/standaloneforms/fe7058e5-a1fd-ef11-bae3-000d3a959714#_msdynmkt_donottrack=0,_msdynmkt_linkid=37db13e4-8bf7-4e91-a0fa-9dd02c9e6ee4