Analysis Overview
score
7/10
Threat Level: Shows suspicious behavior
The file https://ewasmash.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests cell location
Removes a system notification.
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2023-10-29 18:04
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-29 18:04
Reported
2023-10-30 23:10
Platform
android-x86-arm-20231023-en
Max time kernel
2195369s
Max time network
34s
Command Line
com.android.chrome
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ewasmash.com | udp |
| N/A | 100.79.34.131:443 | ewasmash.com | tcp |
| N/A | 100.79.34.131:443 | ewasmash.com | tcp |
| N/A | 100.79.34.131:443 | ewasmash.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| N/A | 100.91.150.218:443 | safebrowsing.googleapis.com | tcp |
| N/A | 100.65.105.186:80 | clientservices.googleapis.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| N/A | 100.115.56.55:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | bqtfflfaw | udp |
| US | 1.1.1.1:53 | fsjjbsimw | udp |
| US | 1.1.1.1:53 | zjiqhum | udp |
| N/A | 100.80.204.61:80 | fsjjbsimw | tcp |
| N/A | 100.91.240.27:80 | bqtfflfaw | tcp |
| N/A | 100.73.126.255:80 | zjiqhum | tcp |
| NL | 142.251.36.14:443 | tcp | |
| NL | 142.251.36.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| N/A | 100.106.222.77:443 | android.apis.google.com | tcp |
| NL | 142.250.179.170:443 | tcp | |
| N/A | 100.106.222.77:443 | android.apis.google.com | tcp |
Files
N/A