Analysis Overview
SHA256
7e1c175a3e4709a8bfb2ca99f32e266c237a1b7970898d3dd920cb5a561dc180
Threat Level: Likely benign
The file sample was found to be: Likely benign.
Malicious Activity Summary
Resource Forking
Suspicious use of WriteProcessMemory
Checks CPU information
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Checks memory information
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 06:53
Signatures
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-09 06:53
Reported
2024-06-09 07:35
Platform
macos-20240410-en
Max time kernel
1559s
Max time network
1564s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/sample.html]
/bin/zsh
[/bin/zsh -c /Users/run/sample.html]
/Users/run/sample.html
[/Users/run/sample.html]
/bin/sh
[sh /Users/run/sample.html]
/bin/bash
[sh /Users/run/sample.html]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterB516C108/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountPolicyHelper]
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
[/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.oracle.java.Java-Updater]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.189.173.23:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 104.120.141.107:443 | help.apple.com | tcp |
| GB | 104.120.141.107:443 | help.apple.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| IE | 17.57.146.87:5223 | tcp | |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
| GB | 17.57.146.13:5223 | 25-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-09 06:53
Reported
2024-06-09 07:04
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/sample.html
[/tmp/sample.html]
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-09 06:53
Reported
2024-06-09 07:04
Platform
debian9-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-09 06:53
Reported
2024-06-09 07:05
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Reported
0001-01-01 00:00
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-09 06:53
Reported
2024-06-09 07:35
Platform
android-x64-20240603-en
Max time kernel
434s
Max time network
1789s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.106:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.250.110.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.212.206:443 | tcp | |
| GB | 172.217.16.227:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| BE | 66.102.1.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-09 06:53
Reported
2024-06-09 07:05
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-09 06:53
Reported
2024-06-09 07:30
Platform
win10v2004-20240426-en
Max time kernel
1799s
Max time network
1685s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623900621553598" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ff6ab58,0x7ffe1ff6ab68,0x7ffe1ff6ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1064 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3944 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4244 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4720 --field-trial-handle=1888,i,7353696719547124779,5308621252296518812,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:445 | www.pornhub.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | prvc.io | udp |
| US | 172.67.177.254:443 | prvc.io | tcp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| GB | 64.210.156.18:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.23:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.22:445 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| GB | 64.210.156.23:445 | media.trafficjunky.net | tcp |
| GB | 64.210.156.16:445 | media.trafficjunky.net | tcp |
| GB | 64.210.156.17:445 | media.trafficjunky.net | tcp |
| GB | 64.210.156.18:445 | media.trafficjunky.net | tcp |
| GB | 64.210.156.19:445 | media.trafficjunky.net | tcp |
| GB | 64.210.156.20:445 | media.trafficjunky.net | tcp |
| GB | 64.210.156.21:445 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| GB | 64.210.156.22:139 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| GB | 64.210.156.23:443 | ss.phncdn.com | tcp |
| FR | 142.250.75.238:445 | www.google-analytics.com | tcp |
| GB | 64.210.156.19:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.22:443 | ss.phncdn.com | tcp |
| US | 172.67.177.254:443 | prvc.io | udp |
| GB | 64.210.156.23:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| GB | 64.210.156.23:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.179.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | ads.trafficjunky.net | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| US | 66.254.114.154:443 | ads.trafficjunky.net | tcp |
| FR | 142.250.75.238:139 | www.google-analytics.com | tcp |
| GB | 64.210.156.6:443 | hw-cdn2.adtng.com | tcp |
| GB | 64.210.156.6:443 | hw-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | hw-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | ht-cdn2.trafficjunky.net | udp |
| GB | 64.210.156.5:443 | hw-cdn2.trafficjunky.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| FR | 216.58.215.59:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | ht-cdn.trafficjunky.net | udp |
| GB | 64.210.156.20:443 | ht-cdn.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| GB | 64.210.156.6:443 | hw-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | 20.156.210.64.in-addr.arpa | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | qckload.com | udp |
| US | 8.8.8.8:53 | eg-cdn.trafficjunky.net | udp |
| US | 34.225.210.0:443 | qckload.com | tcp |
| PL | 93.184.223.43:443 | eg-cdn.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | www.securegfm2.com | udp |
| US | 8.8.8.8:53 | dg-videos.b-cdn.net | udp |
| DE | 18.197.208.17:443 | www.securegfm2.com | tcp |
| FR | 143.244.56.51:443 | dg-videos.b-cdn.net | tcp |
| US | 8.8.8.8:53 | 43.223.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.210.225.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.208.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.56.244.143.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3448_BDYDUCPSNGTBRYAF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ef881fa618ce99e593fd0d7b4f52a1f9 |
| SHA1 | 1d8cbb30536467b31183495655e6d180f9e80fb7 |
| SHA256 | 205ab651c4b389040e092763e981d1e0be6abd5aea26cc4792062d55f5463270 |
| SHA512 | 5d31b1b6a63a3d650ad35430419106043d8379502ecaa54243d9d4da4f500d98147c006dce57445e59873166629635eaf8b87003c9bfa1ea1a50f4f6ba01d505 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e23054f977d6ebf5d11cedf59c46d4ed |
| SHA1 | 7b28df8eacb463a65fbd56b7f18704651b71821b |
| SHA256 | f0855651ba50082306b20c812932c54809a2642bfe8f89a3e9acf28e46b6282a |
| SHA512 | da324c20916b40210cd25017fc1d84a3380f9c6c7b1d56cfc86da4ea76b020b9f8604a4805f19be27832cd0083d047d17fa57f530fd8f7c69e46c18d57b73409 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5ba291614572653cf2433fefd69cee28 |
| SHA1 | 353026afa8229000a285489cc2063fec510d0e18 |
| SHA256 | 769982f12ad6a0861509ae755e464ea2865e00647d994e3f1c6950224d87d53c |
| SHA512 | e27c04e206a76f90dcef12cb45cb8b8597633480617db8ebb968a05e6333cf6ddafccecf20767f25f7f950c9a6e2035d5451161e413ba2c839053996379eadac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 756fe68ae42890c587b67d32d8d7e48e |
| SHA1 | e5811c60ed5b68dbd9e78c0555eb31f4e96e8cb9 |
| SHA256 | ee629f92014e24b7ae08493892395a544477a8498232c5a05b3485f444f98538 |
| SHA512 | 14a67ea6497d01f5564d1576e36687ad78d2797624d6ab8c3b9e5fd8f17948eba10a370e45775bb00bee3fe20d20a94c9311d05bd700ea8d9fd321b14db4d593 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 78211606adb53c001588179d465c1eed |
| SHA1 | 9b61a18d0566a511c9962badb3e98e901306c637 |
| SHA256 | 5d73dfdf9213409cae7c3066766056ad4e6682073a6c953adb73c6f5e52c1866 |
| SHA512 | 6e1fab63a66763e23e9c27dae5d7e0140fdd24d365ec5dd2a726c0e1c4d57b14890e2647d75a3dabf6f21d02755da659adb81979fa993e8506762f8a734c1caf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0112313ae746afcbfc9f9fe3a1c848af |
| SHA1 | cc4aef168582b2c40f50ae831865f015bb2df0d3 |
| SHA256 | e2d2646618ad4d467472730b051fad193e5aad30ad5e80274a6fbde9f5eca335 |
| SHA512 | df4678fa0cd80763ccae333b7965aa3dc7f87886cae96e4346f7673f5d19f9e6daac8a159322bc88f6d68e7bf129b1a9bd56ca71cc5545181a1de346dd93a21a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d7f2e60a25904c24e81adaf5d19f7845 |
| SHA1 | 66423bd87486347eaa4559546a91eff902d576ca |
| SHA256 | 80a9550f6a9fa0ed6a80ea532f1bf969c2c08948bd16dbdb30fe291395670fdc |
| SHA512 | bd0635fc940c1bcb0b3a084f08f69ef1cff5e862b26669ea669bec0c2336e0dcb0e7d05b4070894882e1f3eb9090cdd46fd8f08f4b6b45448fc06a70c16df9dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f3c158984b1ec15702aff9cfbdbd9bff |
| SHA1 | 6eaaf769ff2267dfd1940a2e3f02a96fef45b3c6 |
| SHA256 | 8166050083ef29f43254d0467739a88a34bb8862d705b36ec8781e5c10331149 |
| SHA512 | c4d755b2162f9f1aeeea25be38429520d28532041ccdf023986af2817f08c0cb3d114ff005f3785394ae92735aa4c9411865b4135945808321fb4a008b1fa5aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1347127a0b055999c1b80f971462c085 |
| SHA1 | 7382a5a24e7dc3c2fe56197cf448a659df3fdb6f |
| SHA256 | 0ec267def9a842be70a7635f2d8ab896e8590b31115435211dcbaa1d1707bbd9 |
| SHA512 | e29bf440c21307312d085f9aaf578b005057caf5b40802104a0f5a2317f0b4f50213e9431d37d94d87c8271909ebf1f749ad0897d699e84c17c766450acdd06e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 13bdc9de183fde18f818700ab94b62a0 |
| SHA1 | dd89c41ce598736d941811d56c01044c513cfa1d |
| SHA256 | cbf4eb9b930412f5c96d7aa340d3706496306fe01355861a65b8aff40b8466be |
| SHA512 | 8da2a028689b3e32a7dbc178a6e1f13f0b49af3deb6c6323f8d513355d313b58e73f6ca4834482b94bd6a11d7848d343f19fa6c7a7af2ce022ac9b0239e1301e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 50a711a31fe52f018a586355b157b1f9 |
| SHA1 | fc9b8a9fb61e372b751fe46baaad522c61e40e07 |
| SHA256 | 86ae3a131097927879f52eefaa35e496eacc314269e055ecbbdc871946a0b3fb |
| SHA512 | f2c2d607e4a4bc7f81968a837638f1ae4dc1a5a018f1078560ead62ba53819cc2994415d5c7f90161261981cbe2aa5eb94f7c688de3b1e124d5f766884fad447 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1d411fd45a1c17c1fda4e54b7edc840e |
| SHA1 | 12ec37a063b38584233040175b12349682e30c09 |
| SHA256 | b3433d8e96236c90bde98c2da52ffcc1432281bc8deddc0e73b60c7b33dc0287 |
| SHA512 | 2dbf70f0c8a58698464c892bdb35f4b3021db57a83f994092e249e07e659b1bb424acd0ee9a7f96c715499e9947c87178937a962b4afb9145ef69a15646f57c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 81ab8cb0268c9f813cb12fca8c4fb135 |
| SHA1 | 37f9b6fb0a39d7ab9949da68b5e27a616949fe9e |
| SHA256 | 682242ab360ea6ff83bef314a636aeb568a88bb2f1382fd2a2cf6da57492e3eb |
| SHA512 | 54ee9ca86617b865f57ca93c6b60c119338e5345b544c46ed5273986e80c037fc6c79a565845a2a27c18c436d5d2ecc164afb5208f2f963f105959dc99ab6cae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ba7aaab56e43d979d095521d5fc698f3 |
| SHA1 | 03d468c9b5cd69095358ec280faf5ad23c6b9f56 |
| SHA256 | bca3750aa6fd26ede160d760cf13ef3c6eff810e8e0d8ba638f38bc3b52680fd |
| SHA512 | 3343021bab3b9d0ac519c57f303447fb17bdb35a9456a9c939a8735ccfd2f0d1062d48dacc85cd2c24a30d1461d2457f4778f76eebcb6dd8da09173a175b86a1 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-09 06:53
Reported
2024-06-09 07:35
Platform
android-x86-arm-20240603-en
Max time kernel
374s
Max time network
1830s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 216.58.204.74:443 | tcp | |
| GB | 216.58.212.227:80 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| BE | 64.233.167.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 216.58.204.78:443 | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-09 06:53
Reported
2024-06-09 07:35
Platform
android-x64-arm64-20240603-en
Max time kernel
1812s
Max time network
1837s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | tcp | |
| GB | 142.250.200.10:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | static.trafficjunky.com | udp |
| GB | 64.210.156.23:443 | static.trafficjunky.com | tcp |
| US | 1.1.1.1:53 | ei.phncdn.com | udp |
| GB | 64.210.156.23:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| US | 1.1.1.1:53 | prvc.io | udp |
| US | 104.21.56.52:443 | prvc.io | tcp |
| US | 1.1.1.1:53 | cdn1-smallimg.phncdn.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| US | 1.1.1.1:53 | ss.phncdn.com | udp |
| US | 1.1.1.1:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 1.1.1.1:53 | media.trafficjunky.net | udp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.178.14:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | ht-cdn.trafficjunky.net | udp |
| US | 1.1.1.1:53 | qckload.com | udp |
| US | 34.225.210.0:443 | qckload.com | tcp |
| US | 1.1.1.1:53 | www.securegfm2.com | udp |
| DE | 18.197.208.17:443 | www.securegfm2.com | tcp |
| US | 1.1.1.1:53 | dg-videos.b-cdn.net | udp |
| FR | 185.93.2.246:443 | dg-videos.b-cdn.net | tcp |
| US | 1.1.1.1:53 | storage.googleapis.com | udp |
| GB | 172.217.16.251:443 | storage.googleapis.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 1.1.1.1:53 | ht-cdn.trafficjunky.net | udp |
| US | 1.1.1.1:53 | eg-cdn.trafficjunky.net | udp |
| PL | 93.184.223.43:443 | eg-cdn.trafficjunky.net | tcp |
| US | 1.1.1.1:53 | ht-cdn.trafficjunky.net | udp |
| GB | 64.210.156.17:443 | ht-cdn.trafficjunky.net | tcp |
| GB | 64.210.156.17:443 | ht-cdn.trafficjunky.net | tcp |
| GB | 142.250.200.1:443 | tcp | |
| GB | 172.217.16.225:443 | tcp | |
| GB | 216.58.212.194:443 | tcp | |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| PL | 93.184.223.43:443 | eg-cdn.trafficjunky.net | tcp |
| US | 1.1.1.1:53 | ht-cdn.trafficjunky.net | udp |
| GB | 64.210.156.18:443 | ht-cdn.trafficjunky.net | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |