Malware Analysis Report

2024-11-15 05:40

Sample ID 240604-b8lawahh64
Target https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-137958b36105&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-4216-447f-bc39-16d7e80cd3c0&cs=825ad42b-2c78-40c6-7539-yluh63018564&cm_type=link&cm_link=0da11854-d710-40c4-1845-bcd92bcc7ee9&cm_destination=//computalityit.com/wp-includes/facebook.com-wkipedia.com/6fob0medp65318/SGVsZW4uQmFkZ2VAYWN1LmVkdS5hdQ==
Tags
discovery evasion collection
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-137958b36105&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-4216-447f-bc39-16d7e80cd3c0&cs=825ad42b-2c78-40c6-7539-yluh63018564&cm_type=link&cm_link=0da11854-d710-40c4-1845-bcd92bcc7ee9&cm_destination=//computalityit.com/wp-includes/facebook.com-wkipedia.com/6fob0medp65318/SGVsZW4uQmFkZ2VAYWN1LmVkdS5hdQ== was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion collection

Checks CPU information

Checks memory information

Reads the content of photos stored on the user's device.

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 01:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 01:48

Reported

2024-06-04 01:51

Platform

win10v2004-20240426-en

Max time kernel

147s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-137958b36105&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-4216-447f-bc39-16d7e80cd3c0&cs=825ad42b-2c78-40c6-7539-yluh63018564&cm_type=link&cm_link=0da11854-d710-40c4-1845-bcd92bcc7ee9&cm_destination=//computalityit.com/wp-includes/facebook.com-wkipedia.com/6fob0medp65318/SGVsZW4uQmFkZ2VAYWN1LmVkdS5hdQ==

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3120 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3120 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-137958b36105&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-4216-447f-bc39-16d7e80cd3c0&cs=825ad42b-2c78-40c6-7539-yluh63018564&cm_type=link&cm_link=0da11854-d710-40c4-1845-bcd92bcc7ee9&cm_destination=//computalityit.com/wp-includes/facebook.com-wkipedia.com/6fob0medp65318/SGVsZW4uQmFkZ2VAYWN1LmVkdS5hdQ==

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 contactmonkey.com udp
US 54.205.214.48:443 contactmonkey.com tcp
US 54.205.214.48:443 contactmonkey.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 computalityit.com udp
US 8.8.8.8:53 48.214.205.54.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 192.185.142.83:443 computalityit.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 ranvilh.com udp
US 192.185.140.17:443 ranvilh.com tcp
US 192.185.140.17:443 ranvilh.com tcp
US 192.185.140.17:443 ranvilh.com tcp
US 8.8.8.8:53 83.142.185.192.in-addr.arpa udp
US 8.8.8.8:53 17.140.185.192.in-addr.arpa udp
US 8.8.8.8:53 i0.wp.com udp
US 192.0.77.2:443 i0.wp.com tcp
US 8.8.8.8:53 bristol-spray-tan.co.uk udp
GB 146.70.23.90:443 bristol-spray-tan.co.uk tcp
GB 146.70.23.90:443 bristol-spray-tan.co.uk tcp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 90.23.70.146.in-addr.arpa udp
US 8.8.8.8:53 cdn.socket.io udp
US 8.8.8.8:53 11cyclesforest.com udp
GB 143.204.194.72:443 cdn.socket.io tcp
GB 143.204.194.72:443 cdn.socket.io tcp
US 8.8.8.8:53 72.194.204.143.in-addr.arpa udp
US 172.67.145.3:443 11cyclesforest.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 3.145.67.172.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 www.w3schools.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 192.229.133.221:443 www.w3schools.com tcp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 221.133.229.192.in-addr.arpa udp
US 8.8.8.8:53 37.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 172.67.145.3:443 11cyclesforest.com tcp
US 172.67.145.3:443 11cyclesforest.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_3120_HEQELQFBWQBYGVEP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ac4b3a52c319eff00f020c5438143270
SHA1 e1f0d3881db871bb1ff0d0a7ea954ea5a44d0ab0
SHA256 770f3b3ce8566c0bb28bc3e9d9a69511076f84364a082a7d73dfbbcd2115d848
SHA512 23de135a3a73b22afb41369ecda725f1159b31aefe89757e68e2e215fc3df01f9b7ed3f85fb3d454be809c67e97b5d7eb5f983e0718513a779b44647d9f2674c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ddb6f35df2b8f5f9b3cc84bba4256e32
SHA1 61e653e9e4d713e85057b30a9f21661b13ecdd53
SHA256 524684175fc433f749da9b3b304e32c352dc7d424a3ac1fee4c5e7e8621547c5
SHA512 104da7fafa2d3e7dbe5b626c6cf29b8bca2174423fed4d9f592cd02721fea3962580733218e90e9ca736283ef6995b350619feaf2309031a6444a2986a268fd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 217f621f9a5c60d3a3078eb18ffbb38b
SHA1 b03b62cfbe4892268afdbfd397775c7d1108402c
SHA256 ababb5ed908976454cbd81ff12fd07654e58eb13a4fb5fd35651aba6a22eee65
SHA512 ccc2fa435b8836aa43ca3fad1b2a6cc3f1234f09c618a02ae201539222006ec6bc8a7b1d9a3c8c298f712a0175f3e413449549ea4bac7d151b93f34c292fc81c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74b63b9e1b84bc405d3b12c2a8c6df12
SHA1 dba519120addf7d2157229bbec92520290f42d48
SHA256 0892d04080a70b21b1c6fc0fecc79f5a98400299b9546dc6791f0cca9642c632
SHA512 084a70417602959a745e2ac439e532b8c641847d6a96ef23a7d79a9656e61cda7b63294f88aa07daff5986ae04996f739f1ad381d72505db375b80fe1ef7a2dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 559cbcf51e586076061cb8785f31bb69
SHA1 f43cb7479d9e745d16d850ac0f4ce67c8585be5c
SHA256 715b7f3c7ede8e84d71f8d7230610dfb1b32574d0aaaf89cdbb37560c4e460f9
SHA512 ea174a5a23359515442ad67a3bedfadd6d2d3ace517bfea9805b54d0d395827ea1ec3ba59f0be7312fb6d4330cd94e20af0577782f75c41880732eb7d4d5f685

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d6e06deacb28bebd6911f389bf0c259b
SHA1 972ae5f68eea3f291bda7abe4b83d2e1a298cc98
SHA256 4d60e698da442b6e2d19cac89abda0496631452cd8dab9dfd764ef5cb54dd53f
SHA512 0fca54fbc420790cb74d5b6ca49fbd5b2a0171c5d9404ee72e11a1486d40c511d7e9dfa3867620ef4b481130fc9208c83c6f072675d71c7d120cf3c0b4dc6ce3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 01:48

Reported

2024-06-04 01:53

Platform

android-x86-arm-20240603-en

Max time kernel

116s

Max time network

160s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 contactmonkey.com udp
US 54.205.214.48:443 contactmonkey.com tcp
US 54.205.214.48:443 contactmonkey.com tcp
US 1.1.1.1:53 computalityit.com udp
US 192.185.142.83:443 computalityit.com tcp
US 1.1.1.1:53 ranvilh.com udp
US 192.185.140.17:443 ranvilh.com tcp
US 192.185.140.17:443 ranvilh.com tcp
US 192.185.140.17:443 ranvilh.com tcp
US 1.1.1.1:53 i0.wp.com udp
US 192.0.77.2:443 i0.wp.com tcp
US 1.1.1.1:53 bristol-spray-tan.co.uk udp
GB 146.70.23.90:443 bristol-spray-tan.co.uk tcp
GB 146.70.23.90:443 bristol-spray-tan.co.uk tcp
US 1.1.1.1:53 cdn.socket.io udp
US 1.1.1.1:53 11cyclesforest.com udp
US 104.21.87.172:443 11cyclesforest.com tcp
US 1.1.1.1:53 cdn.socket.io udp
GB 143.204.194.10:443 cdn.socket.io tcp
US 1.1.1.1:53 www.w3schools.com udp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 192.229.133.221:443 www.w3schools.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 1.1.1.1:53 aadcdn.msauth.net udp
US 1.1.1.1:53 aadcdn.msftauth.net udp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
GB 216.58.212.227:443 update.googleapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

files/dom-0.html

MD5 0beed7937b9be254f91a4590901105df
SHA1 3394ac248af83f547c02b77dd1aac941f99a5844
SHA256 e649853c9a4540dc9c57a766e7f5e66848e102549a555bae28ebfae8792a2140
SHA512 f0d37733d7234a59ce0d6ea1d14d1f5a07b22abfc8200c485d62339ab820f65348a9932f86103741814a031f20337f7e56cbd72d7e521ea805708a41744bf1ca

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-04 01:48

Reported

2024-06-04 01:52

Platform

android-x64-20240603-en

Max time kernel

117s

Max time network

163s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 1.1.1.1:53 contactmonkey.com udp
US 52.71.168.89:443 contactmonkey.com tcp
US 52.71.168.89:443 contactmonkey.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 computalityit.com udp
US 192.185.142.83:443 computalityit.com tcp
US 1.1.1.1:53 ranvilh.com udp
US 192.185.140.17:443 ranvilh.com tcp
US 192.185.140.17:443 ranvilh.com tcp
US 1.1.1.1:53 i0.wp.com udp
US 192.0.77.2:443 i0.wp.com tcp
US 1.1.1.1:53 bristol-spray-tan.co.uk udp
GB 146.70.23.90:443 bristol-spray-tan.co.uk tcp
GB 146.70.23.90:443 bristol-spray-tan.co.uk tcp
US 1.1.1.1:53 google.com udp
GB 172.217.169.14:443 google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.212.227:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp

Files

files/dom-0.html

MD5 ca8334585fb41d626aaff9601c196ed3
SHA1 5f0e68e22fefd660cacfa341caf7e41655f487df
SHA256 038adbf3116ba04e2561b626519d3c8b99a55acb3a9d3cc9415a2c9df75b15b7
SHA512 766bb6d7226208d404e1778c20048ca6f71f3582bb990aa3990162233e3dd57196854485308a3b7684c8a865da6b25c0944dc963af21c53413faf6dea6f06d7f

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-04 01:48

Reported

2024-06-04 01:53

Platform

android-x64-arm64-20240603-en

Max time kernel

167s

Max time network

164s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 contactmonkey.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 contactmonkey.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 54.205.214.48:443 contactmonkey.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 54.205.214.48:443 contactmonkey.com tcp
US 54.205.214.48:443 contactmonkey.com tcp
US 1.1.1.1:53 computalityit.com udp
US 192.185.142.83:443 computalityit.com tcp
US 1.1.1.1:53 ranvilh.com udp
US 192.185.140.17:443 ranvilh.com tcp
US 192.185.140.17:443 ranvilh.com tcp
US 1.1.1.1:53 bristol-spray-tan.co.uk udp
GB 146.70.23.90:443 bristol-spray-tan.co.uk tcp
GB 146.70.23.90:443 bristol-spray-tan.co.uk tcp
US 1.1.1.1:53 google.com udp
GB 142.250.200.46:443 google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.180.3:443 update.googleapis.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.180.3:443 update.googleapis.com tcp
GB 146.70.23.90:443 bristol-spray-tan.co.uk tcp

Files

files/dom-0.html

MD5 ca8334585fb41d626aaff9601c196ed3
SHA1 5f0e68e22fefd660cacfa341caf7e41655f487df
SHA256 038adbf3116ba04e2561b626519d3c8b99a55acb3a9d3cc9415a2c9df75b15b7
SHA512 766bb6d7226208d404e1778c20048ca6f71f3582bb990aa3990162233e3dd57196854485308a3b7684c8a865da6b25c0944dc963af21c53413faf6dea6f06d7f