Loading ...

Play interactive tourEdit tour

Analysis Report http://t.orders.destinationmaternity.com/r/?id=h1fef42,971b0f,971b16&p1=sv.j-ss.xyz?gNVfz=am9obi5lbGxpb3R0QHJzYWdyb3VwLmNh

Overview

General Information

Sample URL:http://t.orders.destinationmaternity.com/r/?id=h1fef42,971b0f,971b16&p1=sv.j-ss.xyz?gNVfz=am9obi5lbGxpb3R0QHJzYWdyb3VwLmNh
Analysis ID:339442

Most interesting Screenshot:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain

Classification

Startup

  • System is w10x64
  • chrome.exe (PID: 3252 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'http://t.orders.destinationmaternity.com/r/?id=h1fef42,971b0f,971b16&p1=sv.j-ss.xyz?gNVfz=am9obi5lbGxpb3R0QHJzYWdyb3VwLmNh' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 3920 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,17135931925735234631,6662398635317680266,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1856 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6988 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1536,17135931925735234631,6662398635317680266,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5348 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6948 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1536,17135931925735234631,6662398635317680266,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4992 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus detection for URL or domainShow sources
Source: http://sv.j-ss.xyz/main/SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: global trafficHTTP traffic detected: GET /r/?id=h1fef42,971b0f,971b16&p1=sv.j-ss.xyz?gNVfz=am9obi5lbGxpb3R0QHJzYWdyb3VwLmNh HTTP/1.1Host: t.orders.destinationmaternity.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?gNVfz=am9obi5lbGxpb3R0QHJzYWdyb3VwLmNh HTTP/1.1Host: sv.j-ss.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /main/ HTTP/1.1Host: sv.j-ss.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tenk92cvbq28p8okbg65c8cfkr
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sv.j-ss.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Referer: http://sv.j-ss.xyz/main/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tenk92cvbq28p8okbg65c8cfkr
Source: e4e1f615eb30bb13_0.0.drString found in binary or memory: _keyhttps://www.youtube.com/s/player/9f996d3e/www-widgetapi.vflset/www-widgetapi.js equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: t.orders.destinationmaternity.com
Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 83ad5b4b0431c152_0.0.drString found in binary or memory: http://j-ss.xyz/5
Source: Current Session.0.drString found in binary or memory: http://sv.j-ss.xyz
Source: History-journal.0.drString found in binary or memory: http://sv.j-ss.xyz/?gNVfz=am9obi5lbGxpb3R0QHJzYWdyb3VwLmNh
Source: History Provider Cache.0.drString found in binary or memory: http://sv.j-ss.xyz/?gNVfz=am9obi5lbGxpb3R0QHJzYWdyb3VwLmNh2
Source: History-journal.0.drString found in binary or memory: http://sv.j-ss.xyz/?gNVfz=am9obi5lbGxpb3R0QHJzYWdyb3VwLmNhRedirecting...
Source: History-journal.0.drString found in binary or memory: http://sv.j-ss.xyz/?gNVfz=am9obi5lbGxpb3R0QHJzYWdyb3VwLmNhRedirecting.../
Source: Current Session.0.drString found in binary or memory: http://sv.j-ss.xyz/main/
Source: History Provider Cache.0.drString found in binary or memory: http://sv.j-ss.xyz/main/2
Source: History-journal.0.drString found in binary or memory: http://sv.j-ss.xyz/main/Redirecting...
Source: History-journal.0.drString found in binary or memory: http://sv.j-ss.xyz/main/Redirecting.../
Source: Current Session.0.drString found in binary or memory: http://sv.j-ss.xyz/main/main.php#KVm7BH87tRTjQEDEB8xItEHjSzNU4zUzDdboaPzL0z7IHNRM89p5DJQ6BzRozQPV1JN
Source: Current Session.0.drString found in binary or memory: http://sv.j-ss.xyzh
Source: History-journal.0.dr, History.0.drString found in binary or memory: http://t.orders.destinationmaternity.com/r/?id=h1fef42
Source: manifest.json0.0.dr, cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://accounts.google.com
Source: manifest.json0.0.dr, cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://apis.google.com
Source: 879e0a3f685d08f2_0.0.drString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GhYSaDTWhs4.O/m=gapi_iframes
Source: e9b5fa22c45aae07_0.0.drString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.L7mys-cL6BM.O/m=gapi_iframes
Source: cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.0.drString found in binary or memory: https://content.googleapis.com
Source: 2388fecebc52f9fe_0.0.drString found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: 2388fecebc52f9fe_0.0.drString found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.dr, efe0f311-4deb-442f-8fbc-5723cedee74b.tmp.1.dr, d7801c74-c9e9-4f72-aafe-1350d223d173.tmp.1.drString found in binary or memory: https://dns.google
Source: manifest.json0.0.drString found in binary or memory: https://feedback.googleusercontent.com
Source: cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.drString found in binary or memory: https://fonts.googleapis.com;
Source: cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor.0.drString found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.0.drString found in binary or memory: https://fonts.gstatic.com;
Source: 3dbe54b7c92541c6_0.0.drString found in binary or memory: https://google.com/
Source: 8feba683dc703faa_0.0.drString found in binary or memory: https://google.com/5
Source: 96bbb1b4acd4294b_0.0.drString found in binary or memory: https://google.com/5o
Source: 04e8b7623a668c0b_0.0.drString found in binary or memory: https://google.com/7
Source: cd1f0afd4ea22633_0.0.drString found in binary or memory: https://google.com/I
Source: e9b5fa22c45aae07_0.0.drString found in binary or memory: https://google.com/a
Source: e5afb582c6366c19_0.0.drString found in binary or memory: https://google.com/aj
Source: 9363fc750a36716b_0.0.drString found in binary or memory: https://google.com/dd
Source: 252603ae5628212e_0.0.drString found in binary or memory: https://google.com/v
Source: manifest.json0.0.drString found in binary or memory: https://hangouts.google.com/
Source: cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://ogs.google.com
Source: manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://play.google.com
Source: 2388fecebc52f9fe_0.0.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: Current Session.0.drString found in binary or memory: https://policies.google.com
Source: Current Session.0.drString found in binary or memory: https://policies.google.com#
Source: Network Action Predictor.0.drString found in binary or memory: https://policies.google.com/
Source: Current Session.0.dr, Favicons.0.drString found in binary or memory: https://policies.google.com/privacy?hl=en
Source: Current Session.0.drString found in binary or memory: https://policies.google.com/privacy?hl=en)Privacy
Source: History-journal.0.drString found in binary or memory: https://policies.google.com/privacy?hl=enPrivacy
Source: Current Session.0.drString found in binary or memory: https://policies.google.com/terms?hl=en
Source: Current Session.0.drString found in binary or memory: https://policies.google.com/terms?hl=en2Google
Source: Current Session.0.dr, Favicons.0.drString found in binary or memory: https://policies.google.com/terms?hl=en4
Source: History.0.drString found in binary or memory: https://policies.google.com/terms?hl=enGoogle
Source: Current Session.0.drString found in binary or memory: https://policies.google.comh
Source: b6b1d3734915a1e9_0.0.drString found in binary or memory: https://s.ytimg.com/yts/jsbin/fetch-polyfill-vfl6MZH8P/fetch-polyfill.js
Source: manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
Source: Favicons.0.drString found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico
Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 2388fecebc52f9fe_0.0.drString found in binary or memory: https://support.google.com/recaptcha
Source: 2388fecebc52f9fe_0.0.drString found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: 3dbe54b7c92541c6_0.0.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: Current Session.0.dr, manifest.json0.0.dr, cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://www.google.com
Source: QuotaManager.0.dr, manifest.json.0.dr, 000003.log0.0.drString found in binary or memory: https://www.google.com/
Source: QuotaManager.0.drString found in binary or memory: https://www.google.com//
Source: Current Session.0.drString found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: Favicons.0.drString found in binary or memory: https://www.google.com/intl/en/policies/privacy/-
Source: History-journal.0.drString found in binary or memory: https://www.google.com/intl/en/policies/privacy/Privacy
Source: Current Session.0.drString found in binary or memory: https://www.google.com/intl/en/policies/privacy/p
Source: Current Session.0.dr, Favicons.0.drString found in binary or memory: https://www.google.com/intl/en/policies/terms/
Source: Current Session.0.drString found in binary or memory: https://www.google.com/intl/en/policies/terms/=
Source: History.0.drString found in binary or memory: https://www.google.com/intl/en/policies/terms/Google
Source: Current Session.0.drString found in binary or memory: https://www.google.com/intl/en/policies/terms/M
Source: 797e4b0541426e04_0.0.drString found in binary or memory: https://www.google.com/js/bg/-G8VfAKUYb8WxmX_w6Q8mys20oGpQXMrrcIJY5m4T6M.js
Source: 12d96302da194ceb_0.0.drString found in binary or memory: https://www.google.com/js/bg/7JZ2fmCMVOl0vw20xI3AsjDeeds-Si0AsriAJ95C_5g.js
Source: f548000704400c0b_0.0.drString found in binary or memory: https://www.google.com/js/th/VTUAtZPSGoPqxKWISYzTadnUDWd_YumXMNF2imdJllM.js
Source: 2388fecebc52f9fe_0.0.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: 2388fecebc52f9fe_0.0.drString found in binary or memory: https://www.google.com/recaptcha/api2/
Source: Current Session.0.drString found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhPvkZAAAAALJ-7_WbPxTqDTrcCZ6aLEK8Y9v-&co=aHR0
Source: Current Session.0.drString found in binary or memory: https://www.google.com/recaptcha/api2/bframe?hl=en&v=qc5B-qjP0QEimFYUxcpWJy5B&k=6LdhPvkZAAAAALJ-7_Wb
Source: manifest.json0.0.drString found in binary or memory: https://www.google.com;
Source: Current Session.0.drString found in binary or memory: https://www.google.comh
Source: cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: cdf44fd4-b1ad-4ef0-9287-e06cca183067.tmp.1.drString found in binary or memory: https://www.gstatic.com
Source: Network Action Predictor.0.drString found in binary or memory: https://www.gstatic.com/
Source: 1ee63ee50b839f33_0.0.dr, 9363fc750a36716b_0.0.drString found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.3Jg6ZTi5ayM.es5
Source: cd1f0afd4ea22633_0.0.drString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.TCoB7ee77HA.O/rt=j/m=q_dnp
Source: 8feba683dc703faa_0.0.dr, 83ad5b4b0431c152_0.0.drString found in binary or memory: https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js
Source: 2388fecebc52f9fe_0.0.drString found in binary or memory: https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.jsa
Source: 2388fecebc52f9fe_0.0.drString found in binary or memory: https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.jsaD
Source: manifest.json0.0.drString found in binary or memory: https://www.gstatic.com;
Source: 000003.log5.0.drString found in binary or memory: https://www.youtube-nocookie.com
Source: Current Session.0.drString found in binary or memory: https://www.youtube-nocookie.com#
Source: QuotaManager.0.dr, 000003.log0.0.drString found in binary or memory: https://www.youtube-nocookie.com/
Source: Current Session.0.drString found in binary or memory: https://www.youtube-nocookie.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.0.drString found in binary or memory: https://www.youtube-nocookie.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.0.drString found in binary or memory: https://www.youtube-nocookie.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.0.drString found in binary or memory: https://www.youtube-nocookie.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: bf45d15a123c217e_0.0.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/9f996d3e/player_ias.vflset/en_US/base.js
Source: 8cbd6cb02760d992_0.0.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/9f996d3e/player_ias.vflset/en_US/embed.js
Source: 29ca6f217824d8ed_0.0.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/9f996d3e/player_ias.vflset/en_US/remote.js
Source: 36db2ea73c74132d_0.0.drString found in binary or memory: https://www.youtube-nocookie.com/s/player/9f996d3e/www-embed-player.vflset/www-embed-player.js
Source: e4e1f615eb30bb13_0.0.drString found in binary or memory: https://www.youtube.com/s/player/9f996d3e/www-widgetapi.vflset/www-widgetapi.js
Source: bf45d15a123c217e_0.0.drString found in binary or memory: https://youtube-nocookie.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: classification engineClassification label: mal48.win@43/218@12/10
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60002C63-CB4.pmaJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\93d71dfc-e62c-4ce9-9926-0817812e8940.tmpJump to behavior
Source: QuotaManager.0.drBinary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'http://t.orders.destinationmaternity.com/r/?id=h1fef42,971b0f,971b16&p1=sv.j-ss.xyz?gNVfz=am9obi5lbGxpb3R0QHJzYWdyb3VwLmNh'
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,17135931925735234631,6662398635317680266,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1856 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1536,17135931925735234631,6662398635317680266,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5348 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1536,17135931925735234631,6662398635317680266,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4992 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,17135931925735234631,6662398635317680266,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1856 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1536,17135931925735234631,6662398635317680266,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5348 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1536,17135931925735234631,6662398635317680266,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4992 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading3OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferIngress Tool Transfer1SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.