Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://smilodon-bat-m9ct.squarespace.com/

Overview

General Information

Sample URL:https://smilodon-bat-m9ct.squarespace.com/
Analysis ID:715059

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 2356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://smilodon-bat-m9ct.squarespace.com/ MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
    • chrome.exe (PID: 3680 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1780,i,14577578927144506689,3581255691260910574,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
  • cleanup
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://smilodon-bat-m9ct.squarespace.com/Avira URL Cloud: detection malicious, Label: phishing
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdater
Source: unknownHTTPS traffic detected: 151.101.0.237:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.132
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.132
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.132
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.132
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.132
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.132
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.132
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknownHTTPS traffic detected: 151.101.0.237:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: classification engineClassification label: mal48.win@24/0@10/164
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdater
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://smilodon-bat-m9ct.squarespace.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1780,i,14577578927144506689,3581255691260910574,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1780,i,14577578927144506689,3581255691260910574,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdater
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
2
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium2
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://smilodon-bat-m9ct.squarespace.com/0%VirustotalBrowse
https://smilodon-bat-m9ct.squarespace.com/100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
216.58.212.173
truefalse
    high
    static.squarespace.map.fastly.net
    151.101.0.237
    truefalse
      unknown
      www.google.com
      172.217.16.132
      truefalse
        high
        smilodon-bat-m9ct.squarespace.com
        198.185.159.177
        truefalse
          high
          clients.l.google.com
          142.250.185.238
          truefalse
            high
            squarespace.map.fastly.net
            151.101.128.238
            truefalse
              unknown
              prod.squarespace.map.fastly.net
              151.101.192.238
              truefalse
                unknown
                clients2.google.com
                unknown
                unknownfalse
                  high
                  images.squarespace-cdn.com
                  unknown
                  unknownfalse
                    unknown
                    assets.squarespace.com
                    unknown
                    unknownfalse
                      high
                      static1.squarespace.com
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        https://smilodon-bat-m9ct.squarespace.com/false
                          high
                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs
                          IPDomainCountryFlagASNASN NameMalicious
                          142.250.186.35
                          unknownUnited States
                          15169GOOGLEUSfalse
                          34.104.35.123
                          unknownUnited States
                          15169GOOGLEUSfalse
                          151.101.192.238
                          prod.squarespace.map.fastly.netUnited States
                          54113FASTLYUSfalse
                          172.217.18.3
                          unknownUnited States
                          15169GOOGLEUSfalse
                          151.101.0.237
                          static.squarespace.map.fastly.netUnited States
                          54113FASTLYUSfalse
                          142.250.185.238
                          clients.l.google.comUnited States
                          15169GOOGLEUSfalse
                          151.101.128.238
                          squarespace.map.fastly.netUnited States
                          54113FASTLYUSfalse
                          198.185.159.177
                          smilodon-bat-m9ct.squarespace.comUnited States
                          53831SQUARESPACEUSfalse
                          239.255.255.250
                          unknownReserved
                          unknownunknownfalse
                          142.250.186.132
                          unknownUnited States
                          15169GOOGLEUSfalse
                          216.58.212.173
                          accounts.google.comUnited States
                          15169GOOGLEUSfalse
                          142.250.184.227
                          unknownUnited States
                          15169GOOGLEUSfalse
                          172.217.16.132
                          www.google.comUnited States
                          15169GOOGLEUSfalse
                          142.250.186.138
                          unknownUnited States
                          15169GOOGLEUSfalse
                          IP
                          192.168.2.1
                          127.0.0.1
                          Joe Sandbox Version:36.0.0 Rainbow Opal
                          Analysis ID:715059
                          Start date and time:2022-10-03 15:44:28 +02:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:
                          Hypervisor based Inspection enabled:false
                          Report type:light
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Sample URL:https://smilodon-bat-m9ct.squarespace.com/
                          Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
                          Number of analysed new started processes analysed:12
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          Analysis Mode:stream
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal48.win@24/0@10/164
                          • Exclude process from analysis (whitelisted): SIHClient.exe
                          • Excluded IPs from analysis (whitelisted): 20.190.159.64, 20.190.159.23, 40.126.31.73, 20.190.159.4, 40.126.31.69, 20.190.159.71, 20.190.159.68, 20.190.159.73, 172.217.18.3, 34.104.35.123, 142.250.186.138, 142.250.185.227, 142.250.184.227
                          • Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, prda.aadg.msidentity.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, login.live.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, login.msa.msidentity.com, www.tm.a.prd.aadg.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                          • Not all processes where analyzed, report is missing behavior information
                          No created / dropped files found
                          No static file info