Windows Analysis Report
9463911040.svg

Overview

General Information

Sample name: 9463911040.svg
Analysis ID: 1640763
MD5: f5e200711b012492c7100a9e18d314ee
SHA1: 1829409144f381ca64d1e37983e0025f424d2f2f
SHA256: af137a84c3edd93774cfec84fe065d9e31bd4ab7539199f0c67c258b428a802c
Infos:

Detection

HTMLPhisher
Score: 52
Range: 0 - 100
Confidence: 100%

Signatures

Yara detected HtmlPhish80
Yara detected JavaScript embedded in SVG
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port

Classification

Phishing
barindex
Yara detected HtmlPhish80
Source: Yara match File source: 9463911040.svg, type: SAMPLE
Yara detected JavaScript embedded in SVG
Source: Yara match File source: 9463911040.svg, type: SAMPLE
Source: unknown HTTPS traffic detected: 172.217.16.196:443 -> 192.168.2.7:49687 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.7:57927 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.7:63444 -> 162.159.36.2:53
Source: unknown TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://2k.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://33across.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://360yield.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://3lift.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://a-mo.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://acxiom.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ad-score.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ad-stir.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ad.gt
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adentifi.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adform.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adingo.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://admatrix.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://admission.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://admixer.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adnami.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adnxs.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adroll.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adsafeprotected.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adscale.de
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adsmeasurement.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adsrvr.org
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adswizz.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adthrive.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://adtrafficquality.google
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://advividnetwork.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://aggregation-service-site-dot-clz200258-datateam-italy.ew.r.appspot.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://akpytela.cz
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://alketech.eu
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://amazon-adsystem.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://aniview.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://anonymised.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://apex-football.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://aphub.ai
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://appconsent.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://appier.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://appsflyer.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://appsflyersdk.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://aqfer.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://atirun.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://atomex.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://audience360.com.au
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://audienceproject.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://authorizedvault.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://avads.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ayads.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://azubiyo.de
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://beaconmax.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://bidswitch.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://bidtheatre.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://blendee.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://bluems.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://boost-web.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://bounceexchange.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://bypass.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://casalemedia.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://cazamba.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://cdn-net.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://clickonometrics.pl
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://connatix.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://connected-stories.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://convertunits.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://coupang.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://cpx.to
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://crcldu.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://creative-serving.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://creativecdn.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://criteo.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ctnsnet.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://d-edgeconnect.media
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://dabbs.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://dailymail.co.uk
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://dailymotion.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://daum.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://deepintent.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://demand.supply
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://display.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://disqus.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://docomo.ne.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://dotdashmeredith.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://dotomi.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://doubleclick.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://doubleverify.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://dreammail.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://dynalyst.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ebayadservices.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ebis.ne.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://edkt.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://elle.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://elnacional.cat
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://eloan.co.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://euleriancdn.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://explorefledge.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ezoic.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://fanbyte.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://fandom.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://finn.no
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://flashtalking.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://fout.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://fwmrm.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://gama.globo
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://get3rdspace.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://getcapi.co
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://getyourguide.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ghtinc.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://globo.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://gmossp-sp.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://gokwik.co
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://google-analytics.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://googleadservices.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://googlesyndication.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://grxchange.gr
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://gsspat.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://gumgum.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://gunosy.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://halcy.de
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://html-load.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://i-mobile.co.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://im-apps.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://impact-ad.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://indexww.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ingereck.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://inmobi.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://innovid.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://iobeya.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://jivox.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://jkforum.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://kargo.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://kidoz.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://kompaspublishing.nl
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ladsp.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://linkedin.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://logly.co.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://lucead.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://lwadm.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://mail.ru
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://media.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://media6degrees.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://mediaintelligence.de
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://mediamath.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://mediavine.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://metro.co.uk
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://microad.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://momento.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://moshimo.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://naver.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://nexxen.tech
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://nhnace.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://nodals.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://onet.pl
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://onetag-sys.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://open-bid.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://openx.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://optable.co
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://outbrain.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://paa-reporting-advertising.amazon
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://payment.goog
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://permutive.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://pinterest.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://postrelease.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://presage.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://primecaster.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-demos-ad-server.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-demos-dsp-a.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-demos-dsp-b.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-demos-dsp-x.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-demos-dsp-y.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-demos-dsp.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-demos-ssp-a.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-demos-ssp-b.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-demos-ssp-x.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-demos-ssp-y.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-demos-ssp.dev
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandbox-test.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandcastle-dev-ad-server.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandcastle-dev-dsp-a1.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandcastle-dev-dsp-b1.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandcastle-dev-dsp-x.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandcastle-dev-dsp-y.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandcastle-dev-dsp.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandcastle-dev-ssp-a.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandcastle-dev-ssp-b.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandcastle-dev-ssp-x.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandcastle-dev-ssp-y.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://privacy-sandcastle-dev-ssp.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://ptb-msmt-static-5jyy5ulagq-uc.a.run.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://pub.network
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://pubmatic.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://pubtm.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://quantserve.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://quora.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://r2b2.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://relevant-digital.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://retargetly.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://rubiconproject.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://samplicio.us
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://sascdn.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://seedtag.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://semafor.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://sephora.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://shared-storage-demo-content-producer.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://shared-storage-demo-publisher-a.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://shared-storage-demo-publisher-b.web.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://shinobi.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://shinystat.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://simeola.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://singular.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://sitescout.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://smadexprivacysandbox.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://snapchat.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://socdm.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://sportradarserving.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://stackadapt.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://storygize.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://superfine.org
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://t13.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://taboola.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://tailtarget.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://tamedia.com.tw
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://tangooserver.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://teads.tv
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://theryn.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://tiktok.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://tncid.app
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://toponad.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://torneos.gg
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://tpmark.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://tribalfusion.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://trip.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://triptease.io
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://trkkn.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://tya-dev.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://uinterbox.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://undertone.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://unrulymedia.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://uol.com.br
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://usemax.de
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://validate.audio
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://verve.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://vg.no
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://vidazoo.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://vpadn.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://washingtonpost.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://weborama-tech.ru
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://weborama.fr
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://wepowerconnections.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://worldhistory.org
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://wp.pl
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://yahoo.co.jp
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://yahoo.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://yelp.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://yieldlab.net
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://yieldmo.com
Source: privacy-sandbox-attestations.dat.0.dr String found in binary or memory: https://youronlinechoices.eu
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49687
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63452 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63459 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63459
Source: unknown Network traffic detected: HTTP traffic on port 49687 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63452
Source: unknown HTTPS traffic detected: 172.217.16.196:443 -> 192.168.2.7:49687 version: TLS 1.2
Creates files inside the system directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\scoped_dir6660_456613850 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6660_1220190882 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6660_1220190882\privacy-sandbox-attestations.dat Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6660_1220190882\manifest.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6660_1220190882\_metadata\ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6660_1220190882\_metadata\verified_contents.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6660_1220190882\manifest.fingerprint Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\scoped_dir6660_665337034 Jump to behavior
Deletes files inside the Windows folder
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File deleted: C:\Windows\SystemTemp\scoped_dir6660_456613850 Jump to behavior
Source: classification engine Classification label: mal52.phis.winSVG@23/4@2/3
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2008,i,7492967644631357018,6530129153233175342,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2028 /prefetch:3
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\9463911040.svg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2008,i,7492967644631357018,6530129153233175342,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2028 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1640763 Sample: 9463911040.svg Startdate: 17/03/2025 Architecture: WINDOWS Score: 52 20 Yara detected HtmlPhish80 2->20 22 Yara detected JavaScript embedded in SVG 2->22 6 chrome.exe 10 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4 unknown unknown 6->14 16 192.168.2.7, 138, 443, 49672 unknown unknown 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 www.google.com 172.217.16.196, 443, 49687, 63452 GOOGLEUS United States 11->18
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.16.196
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.7
192.168.2.4

Contacted Domains

Name IP Active
www.google.com 172.217.16.196 true