Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://brazen-fragrance-732.notion.site/Anchor-Associates-Shared-Document-a4d1f8d7fb1844e5a2dc23b7052de8d7

Overview

General Information

Sample URL:https://brazen-fragrance-732.notion.site/Anchor-Associates-Shared-Document-a4d1f8d7fb1844e5a2dc23b7052de8d7
Analysis ID:532127

Most interesting Screenshot:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
HTML body contains low number of good links
No HTML title found

Classification

Process Tree

  • System is start
  • chrome.exe (PID: 4648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://brazen-fragrance-732.notion.site/Anchor-Associates-Shared-Document-a4d1f8d7fb1844e5a2dc23b7052de8d7 MD5: 74859601FB4BEEA84B40D874CCB56CAB)
    • chrome.exe (PID: 1928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,9822164152030246903,13514851213017893151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:8 MD5: 74859601FB4BEEA84B40D874CCB56CAB)
  • cleanup

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

barindex
Phishing site detected (based on favicon image match)Show sources
Source: https://anchorassociates.z6.web.core.windows.net/Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 58111.2.pages.csv, type: HTML
Source: https://anchorassociates.z6.web.core.windows.net/HTTP Parser: Number of links: 0
Source: https://anchorassociates.z6.web.core.windows.net/HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/loginHTTP Parser: Number of links: 1
Source: https://login.microsoftonline.com/common/loginHTTP Parser: Number of links: 1
Source: https://anchorassociates.z6.web.core.windows.net/HTTP Parser: HTML title missing
Source: https://anchorassociates.z6.web.core.windows.net/HTTP Parser: HTML title missing
Source: https://login.microsoftonline.com/common/loginHTTP Parser: HTML title missing
Source: https://login.microsoftonline.com/common/loginHTTP Parser: HTML title missing
Source: https://anchorassociates.z6.web.core.windows.net/HTTP Parser: No <meta name="author".. found
Source: https://anchorassociates.z6.web.core.windows.net/HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/loginHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/loginHTTP Parser: No <meta name="author".. found
Source: https://anchorassociates.z6.web.core.windows.net/HTTP Parser: No <meta name="copyright".. found
Source: https://anchorassociates.z6.web.core.windows.net/HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/loginHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/loginHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 20.190.159.138:443 -> 192.168.2.3:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.8:443 -> 192.168.2.3:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.134:443 -> 192.168.2.3:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.8:443 -> 192.168.2.3:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.21.140.114:443 -> 192.168.2.3:53697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.21.140.114:443 -> 192.168.2.3:60817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.8.31:443 -> 192.168.2.3:61536 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.3:52440 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.3:50801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:52306 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:52305 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:52304 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.3:52271 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:61996 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:61997 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:61998 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.199.120.182:443 -> 192.168.2.3:61999 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:62000 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:62002 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:62003 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.112.88.60:443 -> 192.168.2.3:58671 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.123.195.67:443 -> 192.168.2.3:63240 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.123.195.67:443 -> 192.168.2.3:63239 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.123.195.67:443 -> 192.168.2.3:63242 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.123.195.67:443 -> 192.168.2.3:63243 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.123.195.67:443 -> 192.168.2.3:53262 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.199.120.182:443 -> 192.168.2.3:64216 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.3:54720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.109.8.21:443 -> 192.168.2.3:54723 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 0MB later: 26MB
Source: unknownDNS traffic detected: queries for: brazen-fragrance-732.notion.site
Source: unknownNetwork traffic detected: HTTP traffic on port 63239 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50733
Source: unknownNetwork traffic detected: HTTP traffic on port 64209 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 64513 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51948
Source: unknownNetwork traffic detected: HTTP traffic on port 61998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64220
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59308
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55747
Source: unknownNetwork traffic detected: HTTP traffic on port 58403 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61282 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64221 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64219
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64218
Source: unknownNetwork traffic detected: HTTP traffic on port 51176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61407 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63243
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64211
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63242
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64210
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64213
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64212
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64215
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64214
Source: unknownNetwork traffic detected: HTTP traffic on port 54711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64217
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64216
Source: unknownNetwork traffic detected: HTTP traffic on port 53265 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55518
Source: unknownNetwork traffic detected: HTTP traffic on port 62000 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53697
Source: unknownNetwork traffic detected: HTTP traffic on port 65060 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53696
Source: unknownNetwork traffic detected: HTTP traffic on port 53271 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52306 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61996
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61997
Source: unknownNetwork traffic detected: HTTP traffic on port 60105 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61998
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61999
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53460
Source: unknownNetwork traffic detected: HTTP traffic on port 59127 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64221
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63377
Source: unknownNetwork traffic detected: HTTP traffic on port 64215 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52305 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49301 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65450
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
Source: unknownNetwork traffic detected: HTTP traffic on port 59070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61768
Source: unknownNetwork traffic detected: HTTP traffic on port 58402 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61407
Source: unknownNetwork traffic detected: HTTP traffic on port 58662 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51948 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52559 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 60884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 63240 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53460 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65221
Source: unknownNetwork traffic detected: HTTP traffic on port 59157 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63458 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51176
Source: unknownNetwork traffic detected: HTTP traffic on port 58427 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64220 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61535
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61536
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63959
Source: unknownNetwork traffic detected: HTTP traffic on port 60816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52271
Source: unknownNetwork traffic detected: HTTP traffic on port 54712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62501
Source: unknownNetwork traffic detected: HTTP traffic on port 58711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52559
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49301
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 62001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52673
Source: unknownNetwork traffic detected: HTTP traffic on port 53270 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58662
Source: unknownNetwork traffic detected: HTTP traffic on port 61449 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55368 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59070
Source: unknownNetwork traffic detected: HTTP traffic on port 51523 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 52440 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61282
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52440
Source: unknownNetwork traffic detected: HTTP traffic on port 58404 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58309
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58427
Source: unknownNetwork traffic detected: HTTP traffic on port 53275 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62009
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58671
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63573
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62000
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62001
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62002
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62003
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64665
Source: unknownNetwork traffic detected: HTTP traffic on port 54718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63458
Source: unknownNetwork traffic detected: HTTP traffic on port 53264 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52626 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62151 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61472 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63341
Source: unknownNetwork traffic detected: HTTP traffic on port 58309 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64216 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53263 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53269 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64210 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62151
Source: unknownNetwork traffic detected: HTTP traffic on port 51380 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63241
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63240
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54645
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59422
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64208
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60884
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63239
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50290
Source: unknownNetwork traffic detected: HTTP traffic on port 65221 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58151 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64209
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51380
Source: unknownNetwork traffic detected: HTTP traffic on port 63377 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60885
Source: unknownNetwork traffic detected: HTTP traffic on port 55747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65172 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60817
Source: unknownNetwork traffic detected: HTTP traffic on port 54645 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56317
Source: unknownNetwork traffic detected: HTTP traffic on port 54725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51413 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55105
Source: unknownNetwork traffic detected: HTTP traffic on port 53274 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56110 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59157
Source: unknownNetwork traffic detected: HTTP traffic on port 64763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59422 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62501 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64218 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61463
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63242 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61376 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64665 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54393
Source: unknownNetwork traffic detected: HTTP traffic on port 64819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55518 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52665 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62667 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61472
Source: unknownNetwork traffic detected: HTTP traffic on port 53268 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55105 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61536 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65172
Source: unknownNetwork traffic detected: HTTP traffic on port 62003 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54714
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65297
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61370
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54718
Source: unknownNetwork traffic detected: HTTP traffic on port 61996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55368
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54710
Source: unknownNetwork traffic detected: HTTP traffic on port 55219 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58401
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61009
Source: unknownNetwork traffic detected: HTTP traffic on port 57807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63959 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56317 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59308 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64513
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54728
Source: unknownNetwork traffic detected: HTTP traffic on port 64212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65060
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52305
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52306
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54725
Source: unknownNetwork traffic detected: HTTP traffic on port 57144 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55810
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58403
Source: unknownNetwork traffic detected: HTTP traffic on port 61009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52304
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58402
Source: unknownNetwork traffic detected: HTTP traffic on port 53273 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52665
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58404
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56110
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64763
Source: unknownNetwork traffic detected: HTTP traffic on port 63243 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64217 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61376
Source: unknownNetwork traffic detected: HTTP traffic on port 53262 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52271 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63241 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59904
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64819
Source: unknownNetwork traffic detected: HTTP traffic on port 63341 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 53261 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64214 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61535 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53267 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64208 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59127
Source: unknownNetwork traffic detected: HTTP traffic on port 58401 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53264
Source: unknownNetwork traffic detected: HTTP traffic on port 64219 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53263
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53262
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53261
Source: unknownNetwork traffic detected: HTTP traffic on port 58671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58151
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60105
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62644
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61463 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54393 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55326
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53268
Source: unknownNetwork traffic detected: HTTP traffic on port 53272 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53267
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53266
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53265
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51523
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53269
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53271
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53270
Source: unknownNetwork traffic detected: HTTP traffic on port 63573 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61449
Source: unknownNetwork traffic detected: HTTP traffic on port 63714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53275
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53274
Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53273
Source: unknownNetwork traffic detected: HTTP traffic on port 61370 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53272
Source: unknownNetwork traffic detected: HTTP traffic on port 65297 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52304 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52626
Source: unknownNetwork traffic detected: HTTP traffic on port 65450 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62644 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55219
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51413
Source: unknownNetwork traffic detected: HTTP traffic on port 54722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62667
Source: unknownNetwork traffic detected: HTTP traffic on port 50290 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58171
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64213 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53266 -> 443
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknownTCP traffic detected without corresponding DNS query: 8.238.32.126
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.134
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.134
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.134
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.134
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.134
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.134
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.134
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.134
Source: unknownHTTPS traffic detected: 20.190.159.138:443 -> 192.168.2.3:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.8:443 -> 192.168.2.3:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.134:443 -> 192.168.2.3:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.8:443 -> 192.168.2.3:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.21.140.114:443 -> 192.168.2.3:53697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.21.140.114:443 -> 192.168.2.3:60817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.8.31:443 -> 192.168.2.3:61536 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.152.110.14:443 -> 192.168.2.3:52440 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.3:50801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:52306 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:52305 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.3:52304 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.3:52271 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:61996 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:61997 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:61998 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.199.120.182:443 -> 192.168.2.3:61999 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:62000 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:62002 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.3:62003 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.112.88.60:443 -> 192.168.2.3:58671 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.123.195.67:443 -> 192.168.2.3:63240 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.123.195.67:443 -> 192.168.2.3:63239 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.123.195.67:443 -> 192.168.2.3:63242 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.123.195.67:443 -> 192.168.2.3:63243 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.123.195.67:443 -> 192.168.2.3:53262 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.199.120.182:443 -> 192.168.2.3:64216 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.3:54720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.109.8.21:443 -> 192.168.2.3:54723 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\alfredo\AppData\Local\Temp\f6cb3c36-eaaf-4e3d-906a-5845f3375ccc.tmp
Source: classification engineClassification label: mal56.phis.win@33/100@23/282
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://brazen-fragrance-732.notion.site/Anchor-Associates-Shared-Document-a4d1f8d7fb1844e5a2dc23b7052de8d7
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,9822164152030246903,13514851213017893151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,9822164152030246903,13514851213017893151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61A833B3-1228.pma
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsExtra Window Memory Injection1Process Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Extra Window Memory Injection1Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.