Edit tour
Windows
Analysis Report
https://protect-au.mimecast.com/s/wiw_C4QZ15uqMAJZCBgzYQ?domain=t.sidekickopen04.com%20But%20Netskope%20allows%20original%20URL.%20https://t.sidekickopen04.com/s3t/c/5/f18dQhb0V1-gmb8cpgwvV3gmHf59hl3kW7_k2841CX6NGW36PYCp1Fpg_VMs7zDQVPtlxf197v5Y04?te=W3R5hFj4cm2zwW4mKLS-400597W4cPTz043NBZ6W1JxwY51LvF
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Sample execution stops while process was sleeping (likely an evasion)
Classification
- System is w10x64
- chrome.exe (PID: 1848 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --ena ble-loggin g --v=1 -- start-maxi mized "abo ut:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408) - conhost.exe (PID: 924 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - chrome.exe (PID: 5252 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --enable-l ogging --v =1 --enabl e-logging --v=1 --mo jo-platfor m-channel- handle=186 4 --field- trial-hand le=1876,i, 3445476582 201676818, 1317306671 7147636655 ,131072 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nTargetPre diction /p refetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
- chrome.exe (PID: 3716 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "http s://protec t-au.mimec ast.com/s/ wiw_C4QZ15 uqMAJZCBgz YQ?domain= t.sidekick open04.com %20But%20N etskope%20 allows%20o riginal%20 URL.%20htt ps://t.sid ekickopen0 4.com/s3t/ c/5/f18dQh b0V1-gmb8c pgwvV3gmHf 59hl3kW7_k 2841CX6NGW 36PYCp1Fpg _VMs7zDQVP tlxf197v5Y 04?te=W3R5 hFj4cm2zwW 4mKLS-4005 97W4cPTz04 3NBZ6W1Jxw Y51LvFlxW1 GJTzv3H912 JW43TBLt3z gCMN394l2& si=8000000 023687740& pi=88f1fa5 4-af7f-486 4-98c3-fe5 f601010e6 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | Directory created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |