Loading ...

Play interactive tourEdit tour

Windows Analysis Report T8778900.htm

Overview

General Information

Sample Name:T8778900.htm
Analysis ID:553251
MD5:9ecd9d528b79dc5f487fd1a7da751141
SHA1:e54a3809d54b7c8659db1686929e6179618aee95
SHA256:ccb208a61103e03d568f30e89be14ae742b9e3e1d43febd82d8ef5a30386deb7
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish44
Multi AV Scanner detection for domain / URL
Phishing site detected (based on image similarity)

Classification

Process Tree

  • System is start
  • chrome.exe (PID: 1152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument C:\Users\alfredo\Desktop\T8778900.htm MD5: 74859601FB4BEEA84B40D874CCB56CAB)
    • chrome.exe (PID: 7532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,2046187624704850442,12645649154862179304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:8 MD5: 74859601FB4BEEA84B40D874CCB56CAB)
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
T8778900.htmJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security

    Sigma Overview

    No Sigma rule has matched

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for domain / URLShow sources
    Source: valdia.quatiappcn.pwVirustotal: Detection: 6%Perma Link

    Phishing:

    barindex
    Yara detected HtmlPhish44Show sources
    Source: Yara matchFile source: T8778900.htm, type: SAMPLE
    Phishing site detected (based on image similarity)Show sources
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 15382.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 30160.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 15382.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 30160.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 15382.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 30160.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 15382.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 30160.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 15382.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 30160.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 15382.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 30160.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 15382.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 30160.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 15382.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 30160.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 15382.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 30160.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 15382.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: file:///C:/Users/alfredo/Desktop/T8778900.htm?bbre=lyEkgpYFoQSmVBxjnthW#/qwQDSlLbHKUpjZJGf-@&!HvpKldf45hPjcQxWSt@&!KOSvI4cgbML9q627jQkliGxAUsw@&-alex.eichenmuller@erickson.com-ShZUbziuvILCoXGdnrm/igmSLyucMVHnWUpReMatcher: Found strong image similarity, brand: Microsoft image: 30160.2.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: unknownHTTPS traffic detected: 40.126.31.4:443 -> 192.168.2.3:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.160.6:443 -> 192.168.2.3:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.160.74:443 -> 192.168.2.3:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.126.31.139:443 -> 192.168.2.3:49780 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.87.212.60:443 -> 192.168.2.3:51166 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.87.212.60:443 -> 192.168.2.3:51167 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:50457 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:50456 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:56242 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.126.31.139:443 -> 192.168.2.3:50919 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.3:50920 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.3:59168 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.3:59162 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.3:56051 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.109.88.34:443 -> 192.168.2.3:61096 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.3:52251 version: TLS 1.2
    Source: chrome.exeMemory has grown: Private usage: 1MB later: 26MB
    Source: unknownDNS traffic detected: queries for: accounts.google.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50458
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50457
    Source: unknownNetwork traffic detected: HTTP traffic on port 51167 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52757
    Source: unknownNetwork traffic detected: HTTP traffic on port 59162 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50456
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59432
    Source: unknownNetwork traffic detected: HTTP traffic on port 56242 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61748
    Source: unknownNetwork traffic detected: HTTP traffic on port 52836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64611
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61225
    Source: unknownNetwork traffic detected: HTTP traffic on port 57677 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 58947 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 61748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59168
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51283
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56051
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52251
    Source: unknownNetwork traffic detected: HTTP traffic on port 51241 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59162
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 51926 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 58950 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61096
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51166
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51167
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51165
    Source: unknownNetwork traffic detected: HTTP traffic on port 58948 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56051 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56674 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59933 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 62660 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59854 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59168 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50919
    Source: unknownNetwork traffic detected: HTTP traffic on port 50458 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50920
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59432 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51003 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52251 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 64611 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57677
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59854
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61930
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 61096 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55575 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52836
    Source: unknownNetwork traffic detected: HTTP traffic on port 54985 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 50456 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56242
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62239
    Source: unknownNetwork traffic detected: HTTP traffic on port 50920 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59939 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50919 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64930
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 63972 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51166 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 61930 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 61225 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64272
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58949
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58948
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58947
    Source: unknownNetwork traffic detected: HTTP traffic on port 51283 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54985
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58950
    Source: unknownNetwork traffic detected: HTTP traffic on port 59423 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 64930 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63972
    Source: unknownNetwork traffic detected: HTTP traffic on port 51165 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51926
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51241
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51003
    Source: unknownNetwork traffic detected: HTTP traffic on port 51759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59939
    Source: unknownNetwork traffic detected: HTTP traffic on port 62239 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55575
    Source: unknownNetwork traffic detected: HTTP traffic on port 58949 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59933
    Source: unknownNetwork traffic detected: HTTP traffic on port 64272 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50457 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59423
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56674
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62660
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.102.62
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.102.62
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.102.62
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.102.62
    Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.6
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.74
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.74
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.74
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.74
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.74
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.74
    Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.74
    Source: unknownHTTPS traffic detected: 40.126.31.4:443 -> 192.168.2.3:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.160.6:443 -> 192.168.2.3:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.160.74:443 -> 192.168.2.3:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.126.31.139:443 -> 192.168.2.3:49780 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.87.212.60:443 -> 192.168.2.3:51166 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.87.212.60:443 -> 192.168.2.3:51167 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:50457 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:50456 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.242.101.226:443 -> 192.168.2.3:56242 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.126.31.139:443 -> 192.168.2.3:50919 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.3:50920 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.3:59168 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.3:59162 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.3:56051 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.109.88.34:443 -> 192.168.2.3:61096 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.3:52251 version: TLS 1.2
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\alfredo\AppData\Local\Temp\1d70778e-d55d-47c8-8e3b-f8e38bd120d3.tmp
    Source: classification engineClassification label: mal60.phis.winHTM@30/212@12/207
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument C:\Users\alfredo\Desktop\T8778900.htm
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,2046187624704850442,12645649154862179304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,2046187624704850442,12645649154862179304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61E201E2-480.pma
    Source: Window RecorderWindow detected: More than 3 window changes detected

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsExtra Window Memory Injection1Process Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Extra Window Memory Injection1Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.