Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo

Overview

General Information

Sample URL:https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo
Analysis ID:651269
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

  • System is w10x64
  • chrome.exe (PID: 908 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 2344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1616,14634851570262047367,15075039812273795490,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1948 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 142.250.186.84:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET /1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo HTTP/1.1Host: gsrzhggshb-dot-yamm-track.appspot.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX36dHMP67Z959rwZxdJTqy3VDYw0MYVvlmUlQq0mm0gmT29AguD4bEEEGCTMf63Celfo HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: gsrzhggshb-dot-yamm-track.appspot.com
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.drString found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.drString found in binary or memory: https://accounts.google.com/MergeSession
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.drString found in binary or memory: https://apis.google.com
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr, 2c7c40c0-5cfd-461f-9221-aca85076d819.tmp.1.dr, ec7c974b-d1fc-4542-9501-ab21b469a52a.tmp.1.drString found in binary or memory: https://dns.google
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: History Provider Cache.0.drString found in binary or memory: https://gsrzhggshb-dot-yamm-track.appspot.com/1lpRxsL6emj-pbrWbcRro26sHywnCVWz1SsderoXdqic43e6OgQFX3
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.drString found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.drString found in binary or memory: https://play.google.com
Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.drString found in binary or memory: https://www.google.com
Source: manifest.json.0.drString found in binary or memory: https://www.google.com/
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 5e8ea667-a6e8-4eba-a696-88cda71f823c.tmp.1.drString found in binary or memory: https://www.gstatic.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownHTTPS traffic detected: 142.250.186.84:443 -> 192.168.2.3:49756 version: TLS 1.2