Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://onelink.shein.com/2/3pzcq5sdnah7 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-08 18:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-08 18:25
Reported
2024-06-08 18:57
Platform
android-x86-arm-20240603-en
Max time kernel
1769s
Max time network
1829s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| N/A | 10.127.0.1:12000 | tcp | |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| US | 172.64.151.183:443 | onelink.shein.com | tcp |
| US | 172.64.151.183:443 | onelink.shein.com | tcp |
| US | 172.64.151.183:443 | onelink.shein.com | tcp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.201.99:443 | update.googleapis.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| GB | 142.250.179.227:80 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 142.250.200.14:443 | tcp |
Files
files/dom-0.html
| MD5 | f6d3cf087bcb075a65c3302ca9216405 |
| SHA1 | cfbbe83c7a4659cc66280516639ad29957cbaed8 |
| SHA256 | 9f2fb14e0962b47ecb4f682378631546eebcd3ec48296762a645228af5a0b0cd |
| SHA512 | 9fd970ae6fc59efe33905d2b324c91e7125bee5a4a8eb1355791ff6c079dce2b6b61b39ee903c86935da15b0b847b62f193892a902a7e027c54188ee8bfebeb0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-08 18:25
Reported
2024-06-08 18:57
Platform
android-x64-20240603-en
Max time kernel
1807s
Max time network
1788s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.106:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| US | 172.64.151.183:443 | onelink.shein.com | tcp |
| US | 172.64.151.183:443 | onelink.shein.com | tcp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 216.58.201.110:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | m.shein.com | udp |
| US | 1.1.1.1:53 | sheinh5.ltwebstatic.com | udp |
| US | 1.1.1.1:53 | img.ltwebstatic.com | udp |
| US | 104.18.41.207:443 | img.ltwebstatic.com | tcp |
| US | 104.18.41.207:443 | img.ltwebstatic.com | tcp |
| US | 104.18.41.207:443 | img.ltwebstatic.com | tcp |
| US | 104.18.41.207:443 | img.ltwebstatic.com | tcp |
| US | 104.18.41.207:443 | img.ltwebstatic.com | tcp |
| US | 104.18.41.207:443 | img.ltwebstatic.com | tcp |
| US | 104.18.41.207:443 | img.ltwebstatic.com | tcp |
| US | 1.1.1.1:53 | imgholder.ltwebstatic.com | udp |
| US | 1.1.1.1:53 | www.srmdata-eur.com | udp |
| DE | 35.207.175.7:443 | www.srmdata-eur.com | tcp |
| DE | 35.207.175.7:443 | www.srmdata-eur.com | tcp |
| DE | 35.207.175.7:443 | www.srmdata-eur.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 142.250.180.14:443 | play.google.com | tcp |
| GB | 142.250.180.14:443 | play.google.com | tcp |
| US | 1.1.1.1:53 | i.ytimg.com | udp |
| US | 1.1.1.1:53 | play-lh.googleusercontent.com | udp |
| US | 1.1.1.1:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | play-lh.googleusercontent.com | tcp |
| GB | 216.58.204.86:443 | play-lh.googleusercontent.com | tcp |
| GB | 216.58.204.86:443 | play-lh.googleusercontent.com | tcp |
| GB | 216.58.204.86:443 | play-lh.googleusercontent.com | tcp |
| GB | 216.58.204.86:443 | play-lh.googleusercontent.com | tcp |
| GB | 216.58.204.86:443 | play-lh.googleusercontent.com | tcp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.200.34:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| US | 1.1.1.1:53 | payments.google.com | udp |
| US | 1.1.1.1:53 | apis.google.com | udp |
| BE | 142.250.110.92:443 | payments.google.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| US | 1.1.1.1:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| BE | 173.194.76.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 142.250.180.14:443 | play.google.com | tcp |
Files
files/dom-0.html
| MD5 | b2cdd7044fb4cb85d5a9b019bfed364b |
| SHA1 | c2bb4341eef60006542501a2c315da34bfda5a85 |
| SHA256 | 746d6d38e3940b0c7edceea9cc67b02be4ccace52d8a9774760fb5401eb0018d |
| SHA512 | a6c018874319aebc7c68455f02432ddd746e65bad356b1ee6b471fd73b4a76bbcd20e1c92aff4f8ea1a51ee05cef81d212359ac7a9512ac10b925d822705c7bf |
files/dom-1.html
| MD5 | 26f8000aa46c7b9fbb036189f70444d8 |
| SHA1 | ed40cb718894e74f6d17e0efa7eacd6f2a00a698 |
| SHA256 | 4255494adb46065c8120319b1dad6e95195ce0e48e07c2713c495591a43784f9 |
| SHA512 | 151172a12298e66f5da87d289dc879874d19808c0938d745f3cf1b39290b37ca006df9483366c857630333d2a2afbba1fbf54566f3730b5ad3051aa1e6e6c413 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-08 18:25
Reported
2024-06-08 18:57
Platform
android-x64-arm64-20240603-en
Max time kernel
1820s
Max time network
1833s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | onelink.shein.com | udp |
| US | 104.18.36.73:443 | onelink.shein.com | tcp |
| US | 104.18.36.73:443 | onelink.shein.com | tcp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | m.shein.com | udp |
| US | 1.1.1.1:53 | sheinh5.ltwebstatic.com | udp |
| US | 172.64.146.49:443 | sheinh5.ltwebstatic.com | tcp |
| US | 172.64.146.49:443 | sheinh5.ltwebstatic.com | tcp |
| US | 172.64.146.49:443 | sheinh5.ltwebstatic.com | tcp |
| US | 172.64.146.49:443 | sheinh5.ltwebstatic.com | tcp |
| US | 172.64.146.49:443 | sheinh5.ltwebstatic.com | tcp |
| US | 172.64.146.49:443 | sheinh5.ltwebstatic.com | tcp |
| US | 1.1.1.1:53 | img.ltwebstatic.com | udp |
| US | 1.1.1.1:53 | www.srmdata-eur.com | udp |
| DE | 35.207.175.7:443 | www.srmdata-eur.com | tcp |
| DE | 35.207.175.7:443 | www.srmdata-eur.com | tcp |
| US | 172.64.146.49:443 | img.ltwebstatic.com | tcp |
| US | 1.1.1.1:53 | imgholder.ltwebstatic.com | udp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | sheinh5.ltwebstatic.com | udp |
| US | 1.1.1.1:53 | m.shein.com | udp |
| US | 1.1.1.1:53 | sheinh5.ltwebstatic.com | udp |
| GB | 142.250.187.194:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| BE | 74.125.133.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 172.217.169.78:443 | tcp |
Files
files/dom-0.html
| MD5 | a5eeb74e74983283819883ed7b5b3e32 |
| SHA1 | b39324644de913ef7a0665f567341f7873e7e436 |
| SHA256 | 9739987df8bc1096524b7332d81bbbf32ae76d8cb701916b111e330c5a85b433 |
| SHA512 | 04e0964773d6ef26eb583e77f85a90f82a6a78ca0f91c08ad9536526272868c848c5840f0228381951a86973da98d3a1d38ba3970eeb2df12c6380d1a1e76943 |