Click to jump to signature section
| Source: login.html | HTTP Parser: new blob( |
| Source: login.html | HTTP Parser: url.createobjecturl |
| Source: file:///C:/Users/user/Desktop/login.html | HTTP Parser: <input type="password" .../> found but no <form action="... |
| Source: login.html | HTTP Parser: Total embedded background img size: 297023 |
| Source: file:///C:/Users/user/Desktop/login.html | HTTP Parser: Total embedded background img size: 593192 |
| Source: file:///C:/Users/user/Desktop/login.html | HTTP Parser: <input type="password" .../> found |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\GoogleUpdater | Jump to behavior |
| Source: chrome.exe | Memory has grown: Private usage: 1MB later: 43MB |
| Source: Joe Sandbox View | IP Address: 239.255.255.250 239.255.255.250 |
| Source: unknown | DNS traffic detected: queries for: accounts.google.com |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49852 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49863 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49862 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49863 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49850 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49862 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49859 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49852 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49855 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49850 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49859 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49855 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic | HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=108.0.5359.125&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-108.0.5359.125Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: login.html | String found in binary or memory: http://underscorejs.org/LICENSE |
| Source: login.html | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
| Source: login.html | String found in binary or memory: http://www.broofa.com |
| Source: login.html | String found in binary or memory: https://angular.io/ |
| Source: login.html | String found in binary or memory: https://angular.io/api/core/Component#animations). |
| Source: login.html | String found in binary or memory: https://angular.io/errors/$ |
| Source: login.html | String found in binary or memory: https://angular.io/license |
| Source: login.html | String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_animated_properties) |
| Source: login.html | String found in binary or memory: https://g.co/ng/security#xss) |
| Source: login.html | String found in binary or memory: https://github.com/dcodeIO/bytebuffer.js |
| Source: login.html | String found in binary or memory: https://github.com/dcodeIO/long.js |
| Source: login.html | String found in binary or memory: https://github.com/dcodeIO/protobuf.js |
| Source: login.html | String found in binary or memory: https://jquery.com/ |
| Source: login.html | String found in binary or memory: https://jquery.org/license |
| Source: login.html | String found in binary or memory: https://js.foundation/ |
| Source: login.html | String found in binary or memory: https://lodash.com/ |
| Source: login.html | String found in binary or memory: https://lodash.com/license |
| Source: login.html | String found in binary or memory: https://openjsf.org/ |
| Source: login.html | String found in binary or memory: https://sizzlejs.com/ |
| Source: unknown | HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=YES+srp.gws-20210525-0-RC1.de+FX+704 |
| Source: Name includes: login.html | Initial sample: login |
| Source: classification engine | Classification label: mal48.phis.winHTML@23/0@5/6 |
| Source: unknown | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\login.html | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=2104,i,15377410011852329966,8301881256533976150,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=2104,i,15377410011852329966,8301881256533976150,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Program Files\Google\GoogleUpdater | Jump to behavior |
| Source: Window Recorder | Window detected: More than 3 window changes detected |
| Source: login.html | Static file information: File size 3755553 > 1048576 |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\GoogleUpdater | Jump to behavior |
Edit tour
chrome.exe (PID: 4916 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet