Malware Analysis Report

2024-10-10 07:18

Sample ID 240611-ej1k2sthmn
Target https://hybrid-analysis.com/feed?json
Tags
evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

Threat Level: Likely benign

The file https://hybrid-analysis.com/feed?json was found to be: Likely benign.

Malicious Activity Summary

evasion

Resource Forking

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 03:58

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-11 03:58

Reported

2024-06-11 04:04

Platform

android-x64-arm64-20240603-en

Max time kernel

318s

Max time network

308s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
GB 142.250.187.234:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 8.8.8.8:53 google.com udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 8.8.8.8:53 google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 8.8.8.8:53 google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 8.8.8.8:53 google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
GB 142.250.200.42:443 tcp
GB 142.250.180.10:443 tcp
GB 142.250.180.10:443 tcp
GB 172.217.169.42:443 tcp
GB 142.250.178.2:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.187.234:443 tcp

Files

files/dom-0.html

MD5 c0530ff3ff2654b6ecac696d89f51375
SHA1 ef4d1dca176cc0ba68de22734429ca65c210b619
SHA256 b08ec0718d7c5a5e226559dfc1d8f08286b496839cef1bae571cd807d0156b72
SHA512 b085e5132d0b2441070fce516bae741ad9dcfcff10f840305d21ef92643338bfdd3d4e91610bbf6a8d8ee81ab19e105f1e703dd17542ed5602cbb652444363ab

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-11 03:58

Reported

2024-06-11 04:05

Platform

macos-20240410-en

Max time kernel

317s

Max time network

124s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://hybrid-analysis.com/feed?json"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://hybrid-analysis.com/feed?json"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://hybrid-analysis.com/feed?json"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://hybrid-analysis.com/feed?json]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://hybrid-analysis.com/feed?json]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.189.173.2:443 tcp
US 8.8.8.8:53 onedscolprdeus06.eastus.cloudapp.azure.com udp
US 20.42.73.25:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 cds.apple.com udp
US 8.8.8.8:53 help.apple.com udp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 03:58

Reported

2024-06-11 04:05

Platform

win7-20240221-en

Max time kernel

313s

Max time network

320s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://hybrid-analysis.com/feed?json

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F5E8ECC1-27A6-11EF-B1D1-D2EFD46A7D0E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424240217" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000553dd67afcb99440ac6d55384ae7f67900000000020000000000106600000001000020000000dc5d50a75378770d9e17ea468af041d3d3fee80ba8ba1c064aacb00b5292bd82000000000e800000000200002000000021d2009ab4c75cfee77fcf987056b889d79f20a78ddb908bbe992426b1d7299e200000006f6ce733385c4c8b840dd88f1eeda13a021bd75b26227fb867068f85b221052c40000000a3031283793d022d32c279d55f686da3075722d2f15d7e675d2103830bde150099a9475cd2e9b1135fd2bb47c00ae9213cdeb4a440b63ffdd0b949619dca52f5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000553dd67afcb99440ac6d55384ae7f67900000000020000000000106600000001000020000000072dac1f5d1dfbe146797cb05df9d6f79c9c596ed3bc80d0e739d1f94ccc80fd000000000e8000000002000020000000fbbb80f0c65ff6c406b35aa8e510a20ec4afac62e144d8b7becb212d8e1d6a7290000000abf804fcbb6f18c7d6ea2ab6e8da86987f6515592ad326b01f091a3842826a8a492150a434566e24221598605143ae920426172b52c27009b48e1bb77cd7b4bb66038b7929adce0c653f89b50fbcb88bc196403d2d9869fdcb9df3e7253233ff2d83ea3d18701db6136eb2d0f22bed6977a8e7f771e2ab06cfa678e5cc0d62af0ae64ce0cb35c6681ebfa6b2a9d170fd40000000ad77de8f9a67f65bb6b9b8807482ad8f1863fbcb41aa826af05a205026f50d5beedfcaa431a974218ab7e00a8d3277883b6b99bababb2be06fef85ac1e8bcac8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4012abcab3bbda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://hybrid-analysis.com/feed?json

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 hybrid-analysis.com udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 03:58

Reported

2024-06-11 04:06

Platform

android-x86-arm-20240603-en

Max time kernel

420s

Max time network

442s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 8.8.8.8:53 google.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 8.8.8.8:53 google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 8.8.8.8:53 google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.227:80 tcp
GB 142.250.180.4:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.74:443 tcp
GB 142.250.179.226:443 tcp
GB 172.217.169.42:443 tcp
GB 216.58.204.74:443 tcp
GB 216.58.204.74:443 tcp
GB 172.217.169.42:443 tcp
GB 142.250.180.3:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.3:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.3:443 tcp
GB 172.217.169.42:443 tcp
GB 142.250.180.3:443 tcp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 8.8.8.8:53 google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp

Files

files/dom-0.html

MD5 23caef822aa13e3a58fbcacbd036f99f
SHA1 7849e4286a918e2d9e88a5d73b85ad7019cf61c6
SHA256 c969102257498a52a5f335689f5bac255090a924b7d5538429422ddedc4510bf
SHA512 d7c0e3bff2f139556350000f3e4b5eed1c7fccda5c8e36ff4b69612fa879fec67b2f7ed2ffb71b5b3d08ac0dc6bf520ff40ce8ea4648ce280cb0748403f04607

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 03:58

Reported

2024-06-11 04:04

Platform

android-x64-20240603-en

Max time kernel

312s

Max time network

336s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 8.8.8.8:53 google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 8.8.8.8:53 google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 hybrid-analysis.com udp
US 1.1.1.1:53 google.com udp
US 8.8.8.8:53 google.com udp
GB 172.217.169.14:443 tcp
GB 142.250.200.34:443 tcp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.35:443 tcp
GB 142.250.187.202:443 tcp
GB 216.58.201.106:443 tcp
GB 142.250.187.202:443 tcp
GB 142.250.187.202:443 tcp
GB 216.58.201.106:443 tcp
GB 172.217.169.46:443 tcp
GB 216.58.201.106:443 tcp
GB 142.250.200.35:443 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp

Files

files/dom-0.html

MD5 32b3146b81aab83fdaa90b1d89a19e07
SHA1 612d4ab1e70ddbc4e0679b40f0f0f5727245ef59
SHA256 2c96e45706efc1d80c4df552a936453751e3e50016637ce1852a81ba496c54d4
SHA512 413773dec36478a15e6161a44e54cd3ed0aac4fa6db039a798015f01ad1c6738556721dbb3f969c824a46072022652fae9ec955360815171c0ae91a256efb0f4