Play interactive tour

Edit tour

Windows Analysis Report https://my.visme.co/view/y4mrjzjj-rolling-components-ltd

Overview

General Information

Sample URL:	https://my.visme.co/view/y4mrjzjj-rolling-components-ltd
Analysis ID:	467704
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Antivirus detection for URL or domain

HTML body contains low number of good links

No HTML title found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6508 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://my.visme.co/view/y4mrjzjj-rolling-components-ltd' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6740 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,1888589540985915792,11004349824563291009,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1760 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 7244 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1544,1888589540985915792,11004349824563291009,131072 --lang=en-GB --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=6932 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: https://documentspockfinancial.blob.core.windows.net/med6eb/office365.html

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish10

Show sources

Source: Yara match

File source: 79598.3.pages.csv, type: HTML

Source: https://documentspockfinancial.blob.core.windows.net/med6eb/office365.html

HTTP Parser: Number of links: 0

Source: https://documentspockfinancial.blob.core.windows.net/med6eb/office365.html

HTTP Parser: HTML title missing

Source: https://documentspockfinancial.blob.core.windows.net/med6eb/office365.html

HTTP Parser: No <meta name="author".. found

Source: https://documentspockfinancial.blob.core.windows.net/med6eb/office365.html

HTTP Parser: No <meta name="copyright".. found

Source: 6b71c6b04690002a_0.1.dr	String found in binary or memory: 2Bhttps://www.facebook.com/.well-known/aggregated-event-measurement/ equals www.facebook.com (Facebook)
Source: Current Session.1.dr	String found in binary or memory: X(https://www.facebook.com/tr/ [id ev ] #0 equals www.facebook.com (Facebook)
Source: 6b71c6b04690002a_0.1.dr	String found in binary or memory: https://www.facebook.com/.well-known/aggregated-event-measurement/ equals www.facebook.com (Facebook)
Source: 6b71c6b04690002a_0.1.dr	String found in binary or memory: https://www.facebook.com/tr equals www.facebook.com (Facebook)
Source: Current Session.1.dr	String found in binary or memory: https://www.facebook.com/tr/ equals www.facebook.com (Facebook)

Source: 77EC63BDA74BD0D0E0426DC8F8008506.3.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 5a15cdcdf5e4a1f1_0.1.dr	String found in binary or memory: http://schema.org
Source: Favicons.1.dr	String found in binary or memory: http://www.visme.co/?vc=Top-Bar-CTA
Source: History Provider Cache.1.dr	String found in binary or memory: http://www.visme.co/?vc=Top-Bar-CTA2
Source: History Provider Cache.1.dr	String found in binary or memory: http://www.visme.co/?vc=Top-Bar-CTA2:
Source: History.1.dr	String found in binary or memory: http://www.visme.co/?vc=Top-Bar-CTACreate
Source: Current Session.1.dr	String found in binary or memory: http://www.visme.co/?vc=Top-Bar-CTAx
Source: Reporting and NEL-journal.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=%2BAxHG9HGpWFGxFixgGc1Gro18JobGPw1NyBCTxEBDNJpe1xzS2CZj%2Fl
Source: Reporting and NEL-journal.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=042ZWZqTelj%2BZcTCfnXYGKEvQpY%2Bn5THNcAx5I0CdiOm8JDTrbx%2Bv
Source: Reporting and NEL.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=3uGYuhbgnDqgUPkLVOiC2VdC%2FiZt2cMoRrNGHWfgI3S8Q7NjWbDHMnxL%
Source: Reporting and NEL-journal.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=8Dp9TQrHpEeF1J7kgq4Dpm6jm6a0YoLH9Tw2OJwTMEYY2c1nwDOMQByF7iJ
Source: Reporting and NEL-journal.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=ClP5MB0hxnyMDqmCNSVcOWqg%2BbIXMIMgW0n1OhkNvaGbxdOL2urXUZZFH
Source: Reporting and NEL-journal.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=K3gQI4%2FwzG3LsPjeU%2BPZnncLHer6jTO%2BcPn2M8vERw1u9XaFGcb2i
Source: Reporting and NEL-journal.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=OdgmlbHpUPun%2BL93c7mBo2LeB%2FfKtuzZgJAeLyzkY2q%2BNqB2B13H8
Source: Reporting and NEL-journal.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=QYorrWnhS6upMSJtcaBsX1Y7%2FAKy133nJJIJzoOKbMSei7FCfp0SwXC3O
Source: Reporting and NEL-journal.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=dY1VT4sYm8xXyNAHOwGQ3cCh7%2BC8ph66ipNtX3m9AQO3kRgVU0n4fK9qv
Source: Reporting and NEL.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=iMwGRa5apY1g2DMYX5Lj3PhlpG4tuFWWL8btZPu47v59nqM36O1xYSATJCm
Source: Reporting and NEL-journal.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=os1myc9d6puCf4fPCSZioaZFI1QdCwnkQ8NVVLUpLWaNHL1CaQTGNXe%2BT
Source: Reporting and NEL-journal.3.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=roPN2Qsjw%2B%2B%2FKTXtJxbJK9eKQMJyO%2B8PCTT63HIsKX00nROSLGY
Source: 4f4a3d05c542d732_0.1.dr	String found in binary or memory: https://a.visme.co/a.js
Source: Current Session.1.dr	String found in binary or memory: https://a.visme.co/index.html
Source: manifest.json0.1.dr, b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://accounts.google.com
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://ajax.googleapis.com/
Source: 496d9e45f8604516_0.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: b49c05c509033192_0.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsa
Source: b49c05c509033192_0.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsaD
Source: fbeef185f77778d5_0.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: f6dbe2b0af0cc202_0.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.jsa
Source: f6dbe2b0af0cc202_0.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.jsaD
Source: manifest.json0.1.dr, b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://apis.google.com
Source: 9a5a492f128722e8_0.1.dr	String found in binary or memory: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Source: 4eb0f0604fdb4b2d_0.1.dr	String found in binary or memory: https://cdn.firstpromoter.com/fpr.js
Source: 4eb0f0604fdb4b2d_0.1.dr	String found in binary or memory: https://cdn.firstpromoter.com/fpr.jsa
Source: 4eb0f0604fdb4b2d_0.1.dr	String found in binary or memory: https://cdn.firstpromoter.com/fpr.jsaD
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/
Source: 7222a50007eb25d7_0.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.7/ScrollMagic.min.js
Source: 7222a50007eb25d7_0.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.7/ScrollMagic.min.jsaD
Source: a379b12a49028f81_0.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.7/plugins/debug.addIndicators.min.js
Source: a379b12a49028f81_0.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.7/plugins/debug.addIndicators.min.jsaD
Source: f31f33ae619631da_0.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: a84326ff637d7068_0.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js
Source: a84326ff637d7068_0.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.jsaD
Source: b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: c0c506559f4d2ade_0.1.dr	String found in binary or memory: https://cloudflareinsights.com/cdn-cgi/rum
Source: Network Action Predictor.1.dr	String found in binary or memory: https://code.jquery.com/
Source: 163c945c56f96c6c_0.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 6b71c6b04690002a_0.1.dr	String found in binary or memory: https://connect.facebook.net/
Source: d4a01e854b42e407_0.1.dr, 6b71c6b04690002a_0.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: 6b71c6b04690002a_0.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.jsaD
Source: 6b71c6b04690002a_0.1.dr	String found in binary or memory: https://connect.facebook.net/log/fbevents_telemetry/
Source: 5a15cdcdf5e4a1f1_0.1.dr, 90fe993920a17793_0.1.dr	String found in binary or memory: https://connect.facebook.net/signals/config/734022223348259?v=2.9.44&r=stable
Source: 5a15cdcdf5e4a1f1_0.1.dr	String found in binary or memory: https://connect.facebook.net/signals/config/734022223348259?v=2.9.44&r=stableaD
Source: manifest.json0.1.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL-journal.3.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: fbd400e3d3d24fc3_0.1.dr	String found in binary or memory: https://dashboard.visme.co/api/affiliate/partner
Source: 636288cf69f73793_0.1.dr	String found in binary or memory: https://dashboard.visme.co/api/auth.js?1629309302893
Source: fbd400e3d3d24fc3_0.1.dr	String found in binary or memory: https://dashboard.visme.co/api/auth/channel
Source: fbd400e3d3d24fc3_0.1.dr	String found in binary or memory: https://dashboard.visme.co/js/channel.js
Source: fbd400e3d3d24fc3_0.1.dr	String found in binary or memory: https://dashboard.visme.co/js/channel.jsa
Source: fbd400e3d3d24fc3_0.1.dr	String found in binary or memory: https://dashboard.visme.co/js/channel.jsaD
Source: 768ca039773876de_0.1.dr	String found in binary or memory: https://dashboard.visme.co/register-visme3.js
Source: 768ca039773876de_0.1.dr	String found in binary or memory: https://dashboard.visme.co/register-visme3.jsaD
Source: d217b36d75e6979c_0.1.dr	String found in binary or memory: https://dashboard.visme.co/v2/request-demo
Source: ab8f89e2-af65-4efa-a6e7-fd2d6b890530.tmp.3.dr, b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr, 7e94a541-1111-47e0-b4ba-76fc92a8fe6d.tmp.3.dr	String found in binary or memory: https://dns.google
Source: Network Action Predictor.1.dr	String found in binary or memory: https://documentspockfinancial.blob.core.windows.net/
Source: History.1.dr, Current Session.1.dr	String found in binary or memory: https://documentspockfinancial.blob.core.windows.net/med6eb/office365.html
Source: History.1.dr	String found in binary or memory: https://documentspockfinancial.blob.core.windows.net/med6eb/office365.htmlLogin
Source: History.1.dr	String found in binary or memory: https://documentspockfinancial.blob.core.windows.net/med6eb/office365.htmlLogin/(ok
Source: manifest.json0.1.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: 6cdda5703ec85cc3_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1053096647/?random=1629309310705&cv
Source: 93f88bfdbddae738_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1053096647/?random=1629309335572&cv
Source: d890b4e6eafa49c4_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1053096647/?random=1629309339630&cv
Source: ab06e7a083a72fae_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1053096647/?random=1629309343790&cv
Source: dbc8feedb595f1fd_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1053096647/?random=1629309350248&cv
Source: 7ce3b9db28f2de50_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1053096647/?random=1629309356553&cv
Source: e494ebaace04c0ea_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1053096647/?random=1629309365766&cv
Source: 045f46eb81408cac_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1053096647/?random=1629309368635&cv
Source: manifest.json0.1.dr	String found in binary or memory: https://hangouts.google.com/
Source: Network Action Predictor.1.dr	String found in binary or memory: https://ka-f.fontawesome.com/
Source: Network Action Predictor.1.dr	String found in binary or memory: https://kit.fontawesome.com/
Source: c9603f0f37418e30_0.1.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: Network Action Predictor.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: a84f12098c73714f_0.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: 000003.log3.1.dr	String found in binary or memory: https://my.visme.co
Source: Favicons.1.dr	String found in binary or memory: https://my.visme.co/static/images/favicon.png
Source: Favicons-journal.1.dr	String found in binary or memory: https://my.visme.co/static/images/favicon.pngni;#
Source: b37cfd925151de17_0.1.dr	String found in binary or memory: https://my.visme.co/static/js/player.4.2.187.bundle.js
Source: History.1.dr	String found in binary or memory: https://my.visme.co/utils/goto/1472972343?url=https%3A%2F%2Fdocumentspockfinancial.blob.core.windows
Source: Current Session.1.dr	String found in binary or memory: https://my.visme.co/view/y4mrjzjj-rolling-components-ltd
Source: History Provider Cache.1.dr	String found in binary or memory: https://my.visme.co/view/y4mrjzjj-rolling-components-ltd2
Source: History.1.dr	String found in binary or memory: https://my.visme.co/view/y4mrjzjj-rolling-components-ltdRolling
Source: History-journal.1.dr	String found in binary or memory: https://my.visme.co/view/y4mrjzjj-rolling-components-ltdT
Source: Favicons-journal.1.dr	String found in binary or memory: https://my.visme.co/view/y4mrjzjj-rolling-components-ltdgB
Source: Favicons-journal.1.dr	String found in binary or memory: https://my.visme.co/view/y4mrjzjj-rolling-components-ltdni;#
Source: Current Session.1.dr	String found in binary or memory: https://my.visme.coh
Source: b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://play.google.com
Source: 5dbb9ed6240a7934_0.1.dr	String found in binary or memory: https://prinzhorn.github.io/skrollr/dist/skrollr.min.js
Source: 5dbb9ed6240a7934_0.1.dr	String found in binary or memory: https://prinzhorn.github.io/skrollr/dist/skrollr.min.jsaD
Source: b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://redirector.gvt1.com
Source: 8ae9cc7827d4bf2a_0.1.dr	String found in binary or memory: https://s7.addthis.com/js/300/addthis_widget.js
Source: 87e88ff7ccbbe6a8_0.1.dr	String found in binary or memory: https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
Source: Current Session.1.dr	String found in binary or memory: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html#rand=0.5331640560564099&iit=162930930
Source: manifest.json.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://scrollmagic.io/
Source: 64100df6aa7908ac_0.1.dr, 322756f7d9ac04d6_0.1.dr	String found in binary or memory: https://scrollmagic.io/assets/js/lib/greensock/TweenMax.min.js
Source: 64100df6aa7908ac_0.1.dr	String found in binary or memory: https://scrollmagic.io/assets/js/lib/greensock/TweenMax.min.jsaD
Source: 43462a7ee86f274e_0.1.dr	String found in binary or memory: https://scrollmagic.io/scrollmagic/uncompressed/plugins/animation.gsap.js
Source: 43462a7ee86f274e_0.1.dr	String found in binary or memory: https://scrollmagic.io/scrollmagic/uncompressed/plugins/animation.gsap.jsaD
Source: 9a5a492f128722e8_0.1.dr	String found in binary or memory: https://services.google.com/sitestats/
Source: b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://ssl.gstatic.com
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/
Source: 94507e6800935d69_0.1.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
Source: 94507e6800935d69_0.1.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.jsaD
Source: 154492e5c538145e_0.1.dr	String found in binary or memory: https://static.ads-twitter.com/uwt.js
Source: c0c506559f4d2ade_0.1.dr	String found in binary or memory: https://static.cloudflareinsights.com/beacon.min.js
Source: c0c506559f4d2ade_0.1.dr	String found in binary or memory: https://static.cloudflareinsights.com/beacon.min.jsaD
Source: messages.json83.1.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json83.1.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 4eb0f0604fdb4b2d_0.1.dr	String found in binary or memory: https://t.firstpromoter.com/get_details
Source: 4eb0f0604fdb4b2d_0.1.dr	String found in binary or memory: https://t.firstpromoter.com/tr
Source: 9a5a492f128722e8_0.1.dr, de9027b1817f4760_0.1.dr	String found in binary or memory: https://tagassistant.google.com/
Source: 93369d9bc9a3da44_0.1.dr	String found in binary or memory: https://v1.addthisedge.com/live/boost/ra-5411da2048bc494d/_ate.track.config_resp
Source: 18d095e3a3585d1b_0.1.dr	String found in binary or memory: https://visme.co/
Source: 6deebb808db06934_0.1.dr	String found in binary or memory: https://visme.co/(
Source: d217b36d75e6979c_0.1.dr	String found in binary or memory: https://visme.co//
Source: 045f46eb81408cac_0.1.dr	String found in binary or memory: https://visme.co/0
Source: 201f2ca2bbae2af6_0.1.dr	String found in binary or memory: https://visme.co/1)
Source: 106133a52859013b_0.1.dr	String found in binary or memory: https://visme.co/:
Source: 259cd42b7b987324_0.1.dr	String found in binary or memory: https://visme.co/;7hpo(/
Source: e494ebaace04c0ea_0.1.dr	String found in binary or memory: https://visme.co/?
Source: 9a5a492f128722e8_0.1.dr	String found in binary or memory: https://visme.co/A
Source: 201f2ca2bbae2af6_0.1.dr	String found in binary or memory: https://visme.co/G
Source: 6204a4e16982f9db_0.1.dr	String found in binary or memory: https://visme.co/M
Source: 18d095e3a3585d1b_0.1.dr	String found in binary or memory: https://visme.co/N
Source: 106133a52859013b_0.1.dr	String found in binary or memory: https://visme.co/O
Source: 18d095e3a3585d1b_0.1.dr	String found in binary or memory: https://visme.co/R
Source: 947fcc35c78613d8_0.1.dr	String found in binary or memory: https://visme.co/RJ
Source: 106133a52859013b_0.1.dr	String found in binary or memory: https://visme.co/S
Source: 4eb0f0604fdb4b2d_0.1.dr	String found in binary or memory: https://visme.co/X
Source: f2813b7942d10c39_0.1.dr	String found in binary or memory: https://visme.co/a
Source: 322756f7d9ac04d6_0.1.dr	String found in binary or memory: https://visme.co/c$#ko(/
Source: 87e88ff7ccbbe6a8_0.1.dr	String found in binary or memory: https://visme.co/h
Source: 6cdda5703ec85cc3_0.1.dr	String found in binary or memory: https://visme.co/p
Source: dbc8feedb595f1fd_0.1.dr	String found in binary or memory: https://visme.co/s
Source: 259cd42b7b987324_0.1.dr	String found in binary or memory: https://visme.co/t
Source: 93369d9bc9a3da44_0.1.dr	String found in binary or memory: https://visme.co/u$
Source: 154492e5c538145e_0.1.dr	String found in binary or memory: https://visme.co/v
Source: 5a15cdcdf5e4a1f1_0.1.dr	String found in binary or memory: https://wa.me/
Source: a84f12098c73714f_0.1.dr	String found in binary or memory: https://windows.net/
Source: 496d9e45f8604516_0.1.dr	String found in binary or memory: https://windows.net/:
Source: f31f33ae619631da_0.1.dr	String found in binary or memory: https://windows.net/=
Source: c9603f0f37418e30_0.1.dr	String found in binary or memory: https://windows.net/k
Source: 163c945c56f96c6c_0.1.dr	String found in binary or memory: https://windows.net/u
Source: de9027b1817f4760_0.1.dr, ca7fe54def9628fa_0.1.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: de9027b1817f4760_0.1.dr	String found in binary or memory: https://www.google-analytics.com/analytics.jsaD
Source: de9027b1817f4760_0.1.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: manifest.json0.1.dr, b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://www.google.com;
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://www.googleadservices.com/
Source: 9a5a492f128722e8_0.1.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion.js
Source: 9a5a492f128722e8_0.1.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion.jsaD
Source: b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 9a5a492f128722e8_0.1.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: b57bf87b-f646-4df7-a3db-f13b04c6bd56.tmp.3.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.1.dr	String found in binary or memory: https://www.gstatic.com;
Source: 6b71c6b04690002a_0.1.dr	String found in binary or memory: https://www.instagram.com/tr/
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co
Source: 000003.log0.1.dr	String found in binary or memory: https://www.visme.co/
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co/?vc=Top-Bar-CTA
Source: History Provider Cache.1.dr	String found in binary or memory: https://www.visme.co/?vc=Top-Bar-CTA2
Source: History Provider Cache.1.dr	String found in binary or memory: https://www.visme.co/?vc=Top-Bar-CTA2:
Source: History.1.dr	String found in binary or memory: https://www.visme.co/?vc=Top-Bar-CTACreate
Source: History.1.dr	String found in binary or memory: https://www.visme.co/Create
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co/create-printables/
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co/create-printables/9Create
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co/create-printables/:
Source: Favicons.1.dr, Current Session.1.dr	String found in binary or memory: https://www.visme.co/jobs/
Source: History.1.dr	String found in binary or memory: https://www.visme.co/jobs/Careers
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co/make-infographics/
Source: History.1.dr	String found in binary or memory: https://www.visme.co/make-infographics/Free
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co/presentation-software/
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co/presentation-software/.Best
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co/presentation-software/2
Source: History.1.dr	String found in binary or memory: https://www.visme.co/presentation-software/Best
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co/professional-document-creator/
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co/professional-document-creator/7Online
Source: History.1.dr	String found in binary or memory: https://www.visme.co/professional-document-creator/Online
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.co/video-maker/
Source: History.1.dr	String found in binary or memory: https://www.visme.co/video-maker/Free
Source: 6deebb808db06934_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.
Source: 731b8de554f7b803_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2
Source: 259cd42b7b987324_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=
Source: 18d095e3a3585d1b_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/plugins/social-warfare/assets/js/script.min.js?ver=4.2.1
Source: Favicons.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/img/favicon.png
Source: Favicons.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/img/favicon.png1
Source: 0a9d420e2f657699_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/blazy.js
Source: 0a9d420e2f657699_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/blazy.jsa
Source: 0a9d420e2f657699_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/blazy.jsaD
Source: d3c2b4b4519f0c48_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/bootstrap.youtubepopup.min.js
Source: d217b36d75e6979c_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/functions-live.js?ver=3.3999993
Source: d217b36d75e6979c_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/functions-live.js?ver=3.3999993aD
Source: 201f2ca2bbae2af6_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/functions-menu.js?ver=1.14999998
Source: 6204a4e16982f9db_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/functions-parallax-live.js?ver=1.123
Source: f2813b7942d10c39_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/masonry.pkgd.min.js
Source: b5a47af98ee28895_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/paroller-lib.js
Source: b5a47af98ee28895_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/paroller-lib.jsaD
Source: 947fcc35c78613d8_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/js/svg-animation-lib.js
Source: 106133a52859013b_0.1.dr	String found in binary or memory: https://www.visme.co/wp-content/themes/visme/slick/slick.min.js
Source: Current Session.1.dr	String found in binary or memory: https://www.visme.coh
Source: 74a20469eab3072d_0.1.dr	String found in binary or memory: https://z.moatads.com/addthismoatframe568911941483/moatframe.js

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\8fe9e971-d001-4dce-8fad-ef0edc8d293d.tmp

Jump to behavior

Source: classification engine

Classification label: mal56.phis.win@48/275@0/51

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://my.visme.co/view/y4mrjzjj-rolling-components-ltd'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,1888589540985915792,11004349824563291009,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1760 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1544,1888589540985915792,11004349824563291009,131072 --lang=en-GB --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=6932 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,1888589540985915792,11004349824563291009,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1760 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1544,1888589540985915792,11004349824563291009,131072 --lang=en-GB --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=6932 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-611D4971-196C.pma

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report https://my.visme.co/view/y4mrjzjj-rolling-components-ltd

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

AV Detection:

Phishing:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails