Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga

Overview

General Information

Sample URL:http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga
Analysis ID:764047
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 5496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
    • chrome.exe (PID: 3552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1764,i,13192198239046418531,5295402104946012676,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.102Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.g1iar8f.livelovesouthatlanta.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.g1iar8f.livelovesouthatlanta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.g1iar8f.livelovesouthatlanta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 09 Dec 2022 10:06:53 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveVary: Accept-EncodingContent-Encoding: gzipContent-Length: 90Keep-Alive: timeout=5, max=75Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 07 8a 84 64 a4 2a 14 24 a6 a7 2a 94 64 24 96 28 54 e6 97 2a 64 24 96 a5 2a 14 a5 16 96 a6 16 97 a4 a6 28 24 e7 97 e6 a4 28 e4 01 35 25 a5 2a a4 81 f4 e9 01 00 96 f5 b5 25 4a 00 00 00 Data Ascii: 0310Q/Qp/Kd*$*d$(T*d$*($(5%*%J
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 09 Dec 2022 10:06:54 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 90Keep-Alive: timeout=5, max=74Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 07 8a 84 64 a4 2a 14 24 a6 a7 2a 94 64 24 96 28 54 e6 97 2a 64 24 96 a5 2a 14 a5 16 96 a6 16 97 a4 a6 28 24 e7 97 e6 a4 28 e4 01 35 25 a5 2a a4 81 f4 e9 01 00 96 f5 b5 25 4a 00 00 00 Data Ascii: 0310Q/Qp/Kd*$*d$(T*d$*($(5%*%J
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1