Edit tour
Windows
Analysis Report
https://www.adobe.com/go/ConnectMac11Plus
Overview
General Information
| Sample URL: | https://www.adobe.com/go/ConnectMac11Plus |
| Analysis ID: | 791293 |
 | |
Detection
| Score: | 0 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
No high impact signatures.
Classification
- System is w10x64_ra
chrome.exe (PID: 2152 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// www.adobe. com/go/Con nectMac11P lus MD5: 7BC7B4AEDC055BB02BCB52710132E9E1) - chrome.exe (PID: 3076 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2040 --fi eld-trial- handle=179 2,i,153061 3569296293 8665,15731 3184428459 19162,1310 72 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationTarg etPredicti on /prefet ch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
- cleanup
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | Directory created: | ||
| Source: | Classification label: | ||
| Source: | File created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | File created: | ||
| Source: | Window detected: | ||
| Source: | Directory created: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 3 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 2.16.238.9 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false | |
| 2.19.126.84 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
| 142.250.181.238 | unknown | United States | 15169 | GOOGLEUS | false | |
| 1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
| 34.104.35.123 | unknown | United States | 15169 | GOOGLEUS | false | |
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
| 216.58.212.131 | unknown | United States | 15169 | GOOGLEUS | false | |
| 142.250.185.131 | unknown | United States | 15169 | GOOGLEUS | false | |
| 216.58.212.132 | unknown | United States | 15169 | GOOGLEUS | false | |
| 142.250.186.141 | unknown | United States | 15169 | GOOGLEUS | false |
| IP |
|---|
| 192.168.2.1 |
| 127.0.0.1 |
| Joe Sandbox Version: | 36.0.0 Rainbow Opal |
| Analysis ID: | 791293 |
| Start date and time: | 2023-01-25 09:37:51 +01:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Sample URL: | https://www.adobe.com/go/ConnectMac11Plus |
| Analysis system description: | Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip) |
| Number of analysed new started processes analysed: | 12 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | stream |
| Analysis stop reason: | Timeout |
| Detection: | CLEAN |
| Classification: | clean0.win@26/3@0/107 |
- Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, usocoreworker.exe, svchost.exe
- Not all processes where analyzed, report is missing behavior information
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 191610206 |
| Entropy (8bit): | 7.9940299949210205 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | DE2BD886093C1561CF269AFE61C0E251 |
| SHA1: | CEA8D88F741E0A5670135A922553AEB72C975FFC |
| SHA-256: | FE4ECAA3823E50A7A4443439982B27737AA636622FF42D7D3E8DB645F64A2766 |
| SHA-512: | AA117968F7B6DE77E04E1B6F75D82CC7F00972B066D57FE22A0C0F2CEF392090D9EAF96020349125A4037015216B80D4B8CDCA80EB25F493563C069568C46CDE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 191610206 |
| Entropy (8bit): | 7.9940299949210205 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | DE2BD886093C1561CF269AFE61C0E251 |
| SHA1: | CEA8D88F741E0A5670135A922553AEB72C975FFC |
| SHA-256: | FE4ECAA3823E50A7A4443439982B27737AA636622FF42D7D3E8DB645F64A2766 |
| SHA-512: | AA117968F7B6DE77E04E1B6F75D82CC7F00972B066D57FE22A0C0F2CEF392090D9EAF96020349125A4037015216B80D4B8CDCA80EB25F493563C069568C46CDE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 528128 |
| Entropy (8bit): | 7.99793820227339 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | A3DE29AAFD4269236B3AF012BBDB15FC |
| SHA1: | 3C257C12D4F8A386A4B3CFB732A8D918B7AA868B |
| SHA-256: | 7DA974156BF40CBD5222CE6A20DED9F377F839ED33D785A83F7896F683ED456E |
| SHA-512: | 0571581D32828695196936BAD3196D109736D4045FDEF47848D82428C4B79ACE6CBB71B13021D57C3207FFC708050CED809CC70FCD48B73DEFA13DE0E6C9360C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
⊘No static file info
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node