Click to jump to signature section
| Source: login.html | HTTP Parser: new blob( |
| Source: login.html | HTTP Parser: url.createobjecturl |
| Source: file:///C:/Users/user/Desktop/login.html | HTTP Parser: <input type="password" .../> found but no <form action="... |
| Source: login.html | HTTP Parser: Total embedded background img size: 475993 |
| Source: file:///C:/Users/user/Desktop/login.html | HTTP Parser: Total embedded background img size: 861218 |
| Source: file:///C:/Users/user/Desktop/login.html | HTTP Parser: <input type="password" .../> found |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\GoogleUpdater | Jump to behavior |
| Source: chrome.exe | Memory has grown: Private usage: 1MB later: 50MB |
| Source: Joe Sandbox View | IP Address: 239.255.255.250 239.255.255.250 |
| Source: unknown | DNS traffic detected: queries for: accounts.google.com |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49755 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49752 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49750 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49761 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49761 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49749 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49752 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49750 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49749 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49759 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49759 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49755 -> 443 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic | HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.102Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: login.html | String found in binary or memory: http://underscorejs.org/LICENSE |
| Source: login.html | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
| Source: login.html | String found in binary or memory: http://www.broofa.com |
| Source: login.html | String found in binary or memory: https://angular.io/ |
| Source: login.html | String found in binary or memory: https://angular.io/api/core/Component#animations). |
| Source: login.html | String found in binary or memory: https://angular.io/errors/$ |
| Source: login.html | String found in binary or memory: https://angular.io/license |
| Source: login.html | String found in binary or memory: https://g.co/ng/security#xss) |
| Source: login.html | String found in binary or memory: https://github.com/dcodeIO/bytebuffer.js |
| Source: login.html | String found in binary or memory: https://github.com/dcodeIO/long.js |
| Source: login.html | String found in binary or memory: https://github.com/dcodeIO/protobuf.js |
| Source: login.html | String found in binary or memory: https://jquery.com/ |
| Source: login.html | String found in binary or memory: https://jquery.org/license |
| Source: login.html | String found in binary or memory: https://js.foundation/ |
| Source: login.html | String found in binary or memory: https://lodash.com/ |
| Source: login.html | String found in binary or memory: https://lodash.com/license |
| Source: login.html | String found in binary or memory: https://openjsf.org/ |
| Source: login.html | String found in binary or memory: https://sizzlejs.com/ |
| Source: unknown | HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E |
| Source: Name includes: login.html | Initial sample: login |
| Source: classification engine | Classification label: mal48.phis.winHTML@24/0@6/8 |
| Source: unknown | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\login.html | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1772,i,15227930420298686886,3054010558266752575,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1772,i,15227930420298686886,3054010558266752575,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Program Files\Google\GoogleUpdater | Jump to behavior |
| Source: Window Recorder | Window detected: More than 3 window changes detected |
| Source: login.html | Static file information: File size 5877035 > 1048576 |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\GoogleUpdater | Jump to behavior |
Edit tour
chrome.exe (PID: 6556 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet