Analysis Overview
Threat Level: Known bad
The file https://interrapidisimo-co.com/ was found to be: Known bad.
Malicious Activity Summary
Drops file in Windows directory
Browser Information Discovery
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks memory information
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Checks CPU information
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Analysis: static1
Detonation Overview
Reported
2024-12-04 22:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-04 22:59
Reported
2024-12-04 23:04
Platform
win11-20241007-en
Max time kernel
300s
Max time network
288s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778267750620931" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://interrapidisimo-co.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xa0,0x108,0x7ffddab9cc40,0x7ffddab9cc4c,0x7ffddab9cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,8857446561684594228,18181828734512599405,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,8857446561684594228,18181828734512599405,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,8857446561684594228,18181828734512599405,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2328 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,8857446561684594228,18181828734512599405,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,8857446561684594228,18181828734512599405,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,8857446561684594228,18181828734512599405,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4580,i,8857446561684594228,18181828734512599405,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3684,i,8857446561684594228,18181828734512599405,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | interrapidisimo-co.com | udp |
| US | 172.67.172.138:443 | interrapidisimo-co.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 138.172.67.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.67.172.138:443 | interrapidisimo-co.com | udp |
| FR | 3.165.136.18:443 | www.herokucdn.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | tcp |
| BE | 35.240.1.200:443 | e2c14.gcp.gvt2.com | tcp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_4484_RMQUSPFHCZUDFVOV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 130b642b9fbdffed6cd9db5aa7923336 |
| SHA1 | f0f9f7fc099a9293c405ebd0857b6b994f3139d7 |
| SHA256 | 77892b5d99284325c21d9dd51713ff0b9577e3fdb7806add0c6c1d4f96554ae7 |
| SHA512 | 8ce9617a9f862a5a98c092c19bd417d92cc9c222c74916f872e65af2059c71ba6f7d9e4a96e95c86b3c611e8d756cad29fd45203e87c84ab2509a7cd42c5ee57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7f4776c0b07fc8e8e60649622db891db |
| SHA1 | e5e0506424df5d384c8d181f586d01e37e627028 |
| SHA256 | e4f433248f8a5be0f46932418208f710b3b63137bece614db5396ca233b768bd |
| SHA512 | d79b40c243aac287a0ea52cb1b08245bfae38fd2ced839db76532beece267b765a6131bac9c102c9a0c50ea1651d271c73c0036fb87a4b073df45379af0a072c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b0973534c02ca2c1ab56a78f32922755 |
| SHA1 | 2f07482c95b8666b1566294e3afbec2d45e1aca7 |
| SHA256 | 31a73aa42565dc0da1bd7902df55ef88febdbd778a594bb9ac19b54ef0c4b7bf |
| SHA512 | 23da07f4c563db3772f74a24dd63178bd5d6ecfbd0fa4268bb04d7bf895d23d9ec3f246718c375ff5cd9c2837800c77aadeea4f4a263a750fc00fa4677c39b66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2c20c283-6e6b-4f08-8977-df7e6266a6b9.tmp
| MD5 | ece82ed23ff102ae2f6b01a6c045f9f7 |
| SHA1 | 475145255b5ef3416979381ef197974f158000b1 |
| SHA256 | 5b9dccaf81319a3d8fca0a5b3ace01298d3de5a51c791aece1666c1d73957ffa |
| SHA512 | 46101fcd86a22b23de12dba5ec0ae2159810fe065c5b19fa2241a2b6b5a73943dd6b486878780f9ff56a40c661e2135a4d140985aa2d413db3e426a8dc54f4f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f2bf237bd891797ebe24229f139899c9 |
| SHA1 | 1cb95301cf6c9356982ef318ec85eba712b9b18a |
| SHA256 | fdce5880dc9cca5150ab6fc00ee1ea75329d7370757e53480025ffa9648aa6d1 |
| SHA512 | 5f6f855483d0390bc8af2dfdcfe71c13e198fdcd7428a63dd302d4d4f846190bf91d1a9b54e6579ae07cf1b43353831bb5953e2572f7546554c0373e6c30a6d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 35de92ee79ee4bac4f344c19613a1761 |
| SHA1 | b58666164d9d459c3ac33cc3d08f0f0306619229 |
| SHA256 | 47668183d84150fbe6833c6204adf7f4adfd33ca650cae8c85700dd45c1bae62 |
| SHA512 | fec0c6e5fceda5f8a46cf46e2c09a4bacf734cd2d5987564eeb457bff94aba42d5e855ff53df0c51b3e8a9e797b8cd7e63f11675ad0f3e6db7f614f6710ab477 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2c82fd071afb1af0eda3736f4513cc11 |
| SHA1 | aec213ffcc7f1607fd47db22fd8b97a586246e15 |
| SHA256 | 2c076980808159fd9e25f12d9f2d7542e66c6e6673bc702d1ee6162e1a2dbbbe |
| SHA512 | f238b9dc8fa2e92834618ce60cec8da990e29878ea7d4bdfe7d3b30676c7f5da0acf9cea4648b9be3e2b72408e1c058026c4c4cf6395172c717dd0a629772d01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2e84a6948a7987851a7b87bf861738a |
| SHA1 | 4b1b1919cd54179d93338dd1724254f9112af25b |
| SHA256 | d6f6bd229f3f4e91f91b51fe51c49e992b480b59e2791f9494288cab1bbf54fa |
| SHA512 | 2f21d44dd2e0275b269cc15f584db7368af5392969fc3b9606512d3da18001a6b9e5b31c450df883d8305af8ca52651bfbad5fe63af2da7520ed5db653942a0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f9ce77bcdc43a3a8230b72d639923b9 |
| SHA1 | 79ab1ec093544bd28e557d6b21fac30386c41b64 |
| SHA256 | 657649eed7030afa7598fd50dc17b30bd92f0230b3ebe48fc7a83b9a9931ca70 |
| SHA512 | ff72e8a9a78ae9b1030244af9050c0c50692d62a3dced8b28d0eed1612fee08cb4d05bc6ac0373ef9f744da86ada97147310ac74fecea66f0ca210b61d8c03dd |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e481e3e0-deea-4fd3-966e-773ccc61692b.tmp
| MD5 | d07e649d6750445b1251ac712aa5efb7 |
| SHA1 | 948932953edfbec5feab92064584ccf7d1cc2c21 |
| SHA256 | b15b0cd30e79574049743b0e2bc8dec7830c7eeb6ec466611b7d53cd0ebc67b8 |
| SHA512 | 6e15a13419515f0267f24f77126ca8f487e2ba73360dbc5abb7ce0d0c0535daae5fa93ef001ebb99b9111d7257192095885ed3b20de52f4bd39db247bb09574b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d0654dee1d06537b045566218ac44d8d |
| SHA1 | 71dd9cb9f10d45ecd50a7b53c6cf63adf4cb96c5 |
| SHA256 | 0929d6d45f3c7f576d05cb4224618a23e5640c86bd5a91664bd0e62581bc9b51 |
| SHA512 | eb8862c339599692cd151b88f5c33232495cc2912d6c09fa81c3503dfe8af9e8ffcdeb48a6f2caf6c69ae5fa344a97f20d95adfae90d3f592941c4894644d156 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 529dfb76604312bbc79a5db83493d72f |
| SHA1 | 80b7bc98d5a44c9a1e3cbe9d8f89d34397dc5c19 |
| SHA256 | 4b61cc59ea72fa2c87d9da75186b89832671b5bae000191781842a61c3f8acfc |
| SHA512 | 97076af767dfad8365e663a66838aa793b3bf589df8ba650ea7bb4f51c8dd27ccad3f3d2c488ea2f4af1d92a5fbdeff4f7c42718ea71263dfcc85d483fb8c2d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f9f5d1f76a557c29956b546ea8520ed9 |
| SHA1 | 1b79568dc81b24e21617cdf6bd70187e4ff156a0 |
| SHA256 | 8c2c0975d09e64526b1aaf529398c942950ca511c8e47d8c89bb26baa2c5c5e8 |
| SHA512 | fb0d3f3b2d42f76f401c6eec2517e269155e018afbc97c11850261cc314ce73d1cbc3bd728098bc8c829ed9f0b4382a0d6ae739d02225c32d96992a0d8a6f70a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c9ae58efaeabfba8b58fa6b2c8980b0a |
| SHA1 | bf9005b7032485a9585a9f8c2d4aaffa40d6d718 |
| SHA256 | 63d20e02caa9c0027bbd6411950b799811701deacd78e0aa6f4bbfe7c431a7cc |
| SHA512 | 5dc4fded1227a22a3bfb3883f40ae988058c8aac5df137039a367a6bd56b3c29cfc98174a5d9a125686bc7686f9bbc5ff292d22b87089dd1a4439c44219776a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 407c537b4769d4da7d418c7a721af4fa |
| SHA1 | fccf0ad0efd898d99089a62ed26c3526f0ba5fb9 |
| SHA256 | 20f2183fa8da2bfe6fb9317c40f582131dde34f013776eb932a355ed721e9e3f |
| SHA512 | 5e6e56063cc40eab8c9fe1517bfac22d18301afc35c0a8eb05d4c97c8753af95948c0e613ebb08295fe00a709fd5cb830593799509ba2df36ffff5c72717ac42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f421146f0b77cbcbeeb11620371d037e |
| SHA1 | 2b095a4e258a0ac64cb55d12b71b05ce4521c7b3 |
| SHA256 | 8ee6104dfc27104796bf7c47794a02a5a7f15f367a84fc72783b930dc1db25d7 |
| SHA512 | 2a5f5e398b8310210030a78178d6f516d2dfcfc148ec0e465b6a0d5a88e0a22d589ee08a8e0a8c2a8f6282ed1751e172271b16364c3cf77558c4e111bbdcfb00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cc41ab9b638f158b4a93d0bf7359f56d |
| SHA1 | 0bfc79db61b33ada6be0c533b7d5eb85099325c4 |
| SHA256 | 1593139d479b80e294fdbbdb33585e4980a99884e79558b894da70bfc25c6d94 |
| SHA512 | 801c47297c326b18df52b3efdc3e55b7bf03e80fda3b0a2bf50ccbcb42327e374decfdc154f86fe082e39a1c9e00472ff8e1ee6178552b66b077cd543453099c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d0a21b47d990f991a25e6772efa63dcf |
| SHA1 | a698657eb4e060db9ada72ee1abde8cf26ba9d8b |
| SHA256 | 55ce20ea6bb89c53daf3dbe8bd6f378f8be530f1a24bfc46c0931a8e40f044df |
| SHA512 | 5c38cce2921fec1f4b79193e7cea9f928b5e229cd0742065c3edaec2652eb5750728ff0f64b8c192c4d791bfb42420274161efd2aeecb907d6c293b6a7d67b85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b64113f3cb7e72207467bf8be3037da1 |
| SHA1 | bbf8941fee8606a0b51a06fc82ccbeddaec771ae |
| SHA256 | 0fc23328050a57ffa007b9ee89aa96555ed6271f6f70e8efaf88501fe1795e49 |
| SHA512 | 4698196302fa58508af09d88787ed2bbcde3f4d920c209e4a97bbbf91e74dd961789c5575c64bd8deb1a9df7503092052f748d14679add36197280a4965b3d0b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-04 22:59
Reported
2024-12-04 23:04
Platform
android-x64-arm64-20240624-en
Max time kernel
244s
Max time network
305s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | interrapidisimo-co.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | interrapidisimo-co.com | udp |
| GB | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 172.67.172.138:443 | interrapidisimo-co.com | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.herokucdn.com | udp |
| GB | 18.245.218.95:443 | www.herokucdn.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | www.heroku.com | udp |
| GB | 108.138.217.50:443 | www.heroku.com | tcp |
| GB | 108.138.217.50:443 | www.heroku.com | tcp |
| US | 1.1.1.1:53 | developer.salesforce.com | udp |
| US | 151.101.1.145:443 | developer.salesforce.com | tcp |
| US | 1.1.1.1:53 | www0.assets.heroku.com | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 172.217.16.238:443 | clients1.google.com | tcp |
| GB | 18.164.68.32:443 | www0.assets.heroku.com | tcp |
| GB | 18.164.68.32:443 | www0.assets.heroku.com | tcp |
| GB | 18.164.68.32:443 | www0.assets.heroku.com | tcp |
| US | 151.101.1.145:443 | developer.salesforce.com | tcp |
| US | 1.1.1.1:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| GB | 18.164.68.32:443 | www0.assets.heroku.com | tcp |
| GB | 18.164.68.32:443 | www0.assets.heroku.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.2:443 | tcp | |
| GB | 142.250.187.227:443 | tcp |
Files
files/dom-0.html
| MD5 | 9c50eab5c448548b797f1a34a6f8cff7 |
| SHA1 | bbf0d53511ddfe67bf8d0ee225482a0123b8650f |
| SHA256 | 9ad10ef1aa4feb9ced6bf0d1da15d387372832ad3c23a5ad545a8bb4f020b05c |
| SHA512 | ed8de02a6ecf5ff32f0b277a2f774c2f87f35bf996d4c92ea6aa15d2bd8b8daef1f1d9185d39040986a521e37eea3e0331105abe6b323782998cb5abc7e6dd77 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-12-04 22:59
Reported
2024-12-04 23:04
Platform
android-33-x64-arm64-20240624-en
Max time kernel
37s
Max time network
304s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 216.58.213.10:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 1.1.1.1:53 | interrapidisimo-co.com | udp |
| US | 104.21.88.45:443 | interrapidisimo-co.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| US | 104.21.88.45:443 | interrapidisimo-co.com | tcp |
| GB | 172.217.169.10:443 | remoteprovisioning.googleapis.com | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | gmscompliance-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.250.110.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.67:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.187.228:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.213.6:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 216.58.212.206:443 | tcp | |
| US | 216.239.32.36:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 216.58.213.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 216.58.204.67:443 | tcp | |
| GB | 216.58.212.202:443 | gmscompliance-pa.googleapis.com | tcp |