Windows Analysis Report https://sites.google(dot)com/view/settlements213/home
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | File opened: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false | low |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 438534 |
Start date: | 22.06.2021 |
Start time: | 18:10:49 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 2m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://sites.google(dot)com/view/settlements213/home |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | UNKNOWN |
Classification: | unknown0.win@3/11@0/0 |
Cookbook Comments: |
|
Warnings: | Show All
|
Errors: |
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30296 |
Entropy (8bit): | 1.8605648089779507 |
Encrypted: | false |
SSDEEP: | 48:IwEGcprNGwpLcG/ap8QGIpcmXGvnZpvm/GoUqp9mJOGo4BpmmOGWK69m0OGWU6vm:rYZXZe2AWmotmJfmJ5BMm4m0kmmfmacX |
MD5: | 878F6E75560A7BCF665E62368F78DD52 |
SHA1: | D521D2562C35D68C3F41DD2B30D7095FEE2181D0 |
SHA-256: | EDA61623F2DC58E113C0199D68DEF0BF1F154447EFE77693F5DC91A1DA68E8B9 |
SHA-512: | 63F34797CB4391B5AFD7D6C1858C0943DFC396C0D8FC4A24EBD1E39ABD7AF26EB69320C6DF0044B1072BEC0F5B6D0FDE160ECF17E39C128247312F8D3DE47118 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24216 |
Entropy (8bit): | 1.6390885986370147 |
Encrypted: | false |
SSDEEP: | 48:IwIGcprFGwpasG4pQUGrapbSaGQpB+GHHpcrTGUp8cGzYpmtSGoptHg2+BYBG6Xg:r8ZPQs6iBSijN2FWIM8jBg |
MD5: | 46345BF1E5C465D00EDB255BCE937172 |
SHA1: | 201389B59CF4245D6C1128400E92D8FC8A0E78D7 |
SHA-256: | 1A3B87E496FDBD76C5A5EC3042B459BB73D46E4C34F1AF3ECC1D68451C3D10DE |
SHA-512: | D930E59A5D235713B3878394DABFD89B8D0D8AE4CA577126B72257E45B051F22F6F4F6D0EAC124646342D2A1F74F370158B521E00334344C2943761D14A65AE7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5658216756333923 |
Encrypted: | false |
SSDEEP: | 48:IwxGcprAGwpapG4pQFGrapbSc2GQpKqCG7HpRqVTGIpG:rHZIQr61BScOAqtTqDA |
MD5: | 78DB92FCD8D7B4451753742A858B6AE2 |
SHA1: | 5A7A49326FBD8B710013C2E70EC8A2CE3A289513 |
SHA-256: | 4F043D952F80067378AD85AC0F17DFB8DCE27EA96655AAB75C0573DF8D730585 |
SHA-512: | 2D3527C00CC2061134265464986E7E386C11FA979F38C6202AA8151F49BA9F9931A43E7A65180589A3296872C01C51B1E339B945348AAB6BEF34AEBED59E895F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/errorPageStrings.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/NewErrorPageTemplate.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/httpErrorPagesScripts.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2997 |
Entropy (8bit): | 4.4885437940628465 |
Encrypted: | false |
SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=9560 |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/down.png |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13029 |
Entropy (8bit): | 0.4815174792351695 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lo9rF9lo9R9lW98j9vnl9X:kBqoIQuGjhnlZ |
MD5: | 2F46CFB490CCBDBCFBD28792D005A077 |
SHA1: | A56897CEDC5A1DB503A461A5FF44372A7EBB659A |
SHA-256: | 44976D52E7929422BC3823922CAF0E45C98B3E08E635E88189458D081C6D094D |
SHA-512: | DF57AB478A9586A9D868DC6EBFF3EDA45C42B69A0BC87C8841DFDCA2B0B9C25BF70E94FA0C0F3E448CF9500BDA93D584375B01D015346F290C9C08D6A8999372 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 0.27918767598683664 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab |
MD5: | AB889A32AB9ACD33E816C2422337C69A |
SHA1: | 1190C6B34DED2D295827C2A88310D10A8B90B59B |
SHA-256: | 4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA |
SHA-512: | BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34409 |
Entropy (8bit): | 0.35972934092217357 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwNF9lwNl9l2NT9l2NTt:kBqoxKAuvScS+c6gBtIt/Hg2+Bf |
MD5: | FD15FB28C638EE20D913FFFFAE826077 |
SHA1: | 8C0DE9E86AAF0AE7AB5084457630854A3A8B4DFA |
SHA-256: | 67246C462856CE3B97289FB2F5828FE0B5056D1CAFD3DC77F8831ED0CCBF1DD3 |
SHA-512: | BF3E29837DA285834D23A1C1CE11B4FCA84C55F2C42B2C755555010CEBE868AC15C995D1B57DFB4F4E5ACBA1FAB4A869A737F3C09FE00AED65E748D89B1FC0D9 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 22, 2021 18:11:31.231041908 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:31.290250063 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:31.407047033 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:31.468137980 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:32.428855896 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:32.479039907 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:33.400293112 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:33.450886011 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:34.274051905 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:34.335560083 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:35.269670963 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:35.328089952 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:36.219062090 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:36.274034977 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:37.157812119 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:37.225214005 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:38.254081011 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:38.307334900 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:38.662821054 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:38.724009037 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:39.140641928 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:39.191082954 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:40.409518003 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:40.460099936 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:41.413151979 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:41.463820934 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:42.560211897 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:42.624856949 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:44.044919968 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:44.101236105 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:44.960789919 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:45.011217117 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:45.750377893 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:45.800508022 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:46.604410887 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:46.654558897 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:47.385190010 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:47.452554941 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:11:48.643721104 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:11:48.694945097 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:12:05.622778893 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:12:05.695518017 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jun 22, 2021 18:12:05.935760021 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 22, 2021 18:12:05.997952938 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 18:11:37 |
Start date: | 22/06/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff676660000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 18:11:38 |
Start date: | 22/06/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x180000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|