DOCSLIB.ORG

Automated Malware Analysis Report For

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Malware Analysis Report For ID: 321922 Cookbook: browseurl.jbs Time: 01:33:52 Date: 24/11/2020 Version: 31.0.0 Red Diamond Table of Contents Table of Contents 2 Analysis Report https://pub.lucidpress.com/b893a5d3-a841-4b5d-b94d- 9eaf6a6d31f7/ 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 8 Contacted Domains 8 Contacted URLs 8 URLs from Memory and Binaries 8 Contacted IPs 9 Public 10 General Information 10 Simulations 11 Behavior and APIs 11 Joe Sandbox View / Context 11 IPs 11 Domains 11 ASN 11 JA3 Fingerprints 11 Dropped Files 12 Created / dropped Files 12 Static File Info 20 No static file info 20 Network Behavior 20 Network Port Distribution 20 TCP Packets 20 UDP Packets 22 DNS Queries 23 DNS Answers 24 HTTPS Packets 25 Code Manipulations 29 Statistics 29 Behavior 29 System Behavior 29 Analysis Process: iexplore.exe PID: 2168 Parent PID: 792 29 General 29 Copyright null 2020 Page 2 of 31 File Activities 30 Registry Activities 30 Analysis Process: iexplore.exe PID: 4188 Parent PID: 2168 30 General 30 File Activities 30 Registry Activities 30 Disassembly 30 Copyright null 2020 Page 3 of 31 Analysis Report https://pub.lucidpress.com/b893a5d3-a8…41-4b5d-b94d-9eaf6a6d31f7/ Overview General Information Detection Signatures Classification Sample URL: https://pub.lucidpres No high impact signatures. s.com/b893a5d3-a841-4b5 d-b94d-9eaf6a6d31f7/ Analysis ID: 321922 Most interesting Screenshot: Ransomware Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80% Startup System is w10x64 iexplore.exe (PID: 2168 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 4188 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2168 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup Malware Configuration No configs have been found Yara Overview No yara matches Sigma Overview No Sigma rule has matched Signature Overview Copyright null 2020 Page 4 of 31 • Networking • System Summary Click to jump to signature section There are no malicious signatures, click here to show all signatures . Mitre Att&ck Matrix Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups Behavior Graph Copyright null 2020 Page 5 of 31 Hide Legend Behavior Graph Legend: ID: 321922 Process URL: https://pub.lucidpress.com/... Signature Startdate: 24/11/2020 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped Is Windows Process Number of created Registry Values www.lucidpress.com app.lucidpress.com started Number of created Files Visual Basic Delphi iexplore.exe Java .Net C# or VB.NET C, C++ or other language 2 84 Is malicious Internet started iexplore.exe 2 49 stats.l.doubleclick.net www.google.co.uk 108.177.15.157, 443, 49729, 49730 172.217.21.195, 443, 49733, 49734 5 other IPs or domains GOOGLEUS GOOGLEUS United States United States Screenshots Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow. Copyright null 2020 Page 6 of 31 Antivirus, Machine Learning and Genetic Malware Detection Initial Sample Source Detection Scanner Label Link https://pub.lucidpress.com/b893a5d3-a841-4b5d-b94d-9eaf6a6d31f7/ 0% Virustotal Browse https://pub.lucidpress.com/b893a5d3-a841-4b5d-b94d-9eaf6a6d31f7/ 0% Avira URL Cloud safe Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link www.google.co.uk 0% Virustotal Browse URLs Source Detection Scanner Label Link https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe Copyright null 2020 Page 7 of 31 Source Detection Scanner Label Link https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe https://analytics.lucid.app 0% Virustotal Browse https://analytics.lucid.app 0% Avira URL Cloud safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe hammerjs.github.io/ 0% Virustotal Browse hammerjs.github.io/ 0% Avira URL Cloud safe brandon.aaron.sh) 0% Avira URL Cloud safe https://www.preprodchart.com 0% Avira URL Cloud safe https://analytics.app.preprodchart.com 0% Avira URL Cloud safe https://analytics.app.preprodpress.com 0% Avira URL Cloud safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe https://analytics.lucidchart.eu 0% Avira URL Cloud safe Domains and IPs Contacted Domains Name IP Active Malicious Antivirus Detection Reputation www.lucidpress.com 99.86.159.70 true false high app.lucidpress.com 54.85.236.27 true false high stats.l.doubleclick.net 108.177.15.157 true false high www.google.co.uk 172.217.21.195 true false 0%, Virustotal, Browse unknown d2pjrbs8oo6puz.cloudfront.net 13.226.169.4 true false high pub.lucidpress.com unknown unknown false high stats.g.doubleclick.net unknown unknown false high Contacted URLs Name Malicious Antivirus Detection Reputation https://pub.lucidpress.com/b893a5d3-a841-4b5d-b94d-9eaf6a6d31f7/ false high URLs from Memory and Binaries Name Source Malicious Antivirus Detection Reputation https://player.vimeo.com/api/player.js viewer[1].js.2.dr false high https://www.lucidpress.com viewer[1].js.2.dr false high viewer[1].js.2.dr false high https://my.atlassian.com/addon/new/com.lucidchart.onprem.co nfluence.plugins.lucid-onprem-confluence https://player.vimeo.com/video/ viewer[1].js.2.dr false high https://lucidpress.zendesk.com/hc viewer[1].js.2.dr false high viewer[1].js.2.dr false high https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v 3.2 https://www.youtube.com/embed/ viewer[1].js.2.dr false high www.amazon.com/ msapplication.xml.1.dr false high g.co/ng/security#xss viewer[1].js.2.dr false high https://js.hsleadflows.net/leadflows.js viewer[1].js.2.dr false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe https://www.lucidpress.com/favicon.ico?v=3 imagestore.dat.2.dr, b893a5d3-a841- false high 4b5d-b94d-9eaf6a6d31f7[1].htm.2.dr https://analytics.lucid.app viewer[1].js.2.dr false 0%, Virustotal, Browse unknown Avira URL Cloud: safe momentjs.com/guides/#/warnings/add-inverted-param/ viewer[1].js.2.dr false high www.twitter.com/ msapplication.xml5.1.dr false high Copyright null 2020 Page 8 of 31 Name Source Malicious Antivirus Detection Reputation https://pub.lucidpress.com/b893a5d3-a841-4b5d-b94d- {449ADF69-2E38-11EB-90E4-ECF4B false high 9eaf6a6d31f7/f12-Bridges-Rd-Melville-Sales-and-Ma B862DED}.dat.1.dr support.lucidpress.com viewer[1].js.2.dr false high https://d2pjrbs8oo6puz.cloudfront.net/b893a5d3-a841- b893a5d3-a841-4b5d-b94d-9eaf6a false high 4b5d-b94d-9eaf6a6d31f7/thumb-0.png 6d31f7[1].htm.2.dr https://pub.lucidpress.com/b893a5d3-a841-4b5d-b94d- {449ADF69-2E38-11EB-90E4-ECF4B false high 9eaf6a6d31f7/Root B862DED}.dat.1.dr https://www.google.%/ads/ga-audiences? ga[1].js.2.dr false URL Reputation: safe low URL Reputation: safe URL Reputation: safe URL Reputation: safe www.opensource.org/licenses/mit-license.php viewerDeps[1].js.2.dr false high momentjs.com/guides/#/warnings/js-date/ viewer[1].js.2.dr false high https://github.com/jquery/jquery/issues/2267 viewerDeps[1].js.2.dr false high https://lucidco.zendesk.com/hc viewer[1].js.2.dr false high https://www.lucidpress.com/business/pricing/index.html viewer[1].js.2.dr false high www.reddit.com/ msapplication.xml4.1.dr false high https://salesforce-api.lucidchart.com/ viewer[1].js.2.dr false high www.apache.org/licenses/LICENSE-2.0 viewer[1].js.2.dr, viewerDeps[1].js.2.dr false high www.linkedin.com/shareArticle?mini=true&title= viewer[1].js.2.dr false high momentjs.com/guides/#/warnings/zone/
Load more

Recommended publications
  • Field Guide to Software for Nonprofit Immigration Advocates, Organizers, and Service Providers
    THE FIELD GUIDE TO SOFTWARE FOR NONPROFIT IMMIGRATION ADVOCATES, ORGANIZERS, AND SERVICE PROVIDERS By the Immigration Advocates Network and Idealware THE FIELD GUIDE TO SOFTWARE FOR NONPROFIT IMMIGRATION ADVOCATES, ORGANIZERS, AND SERVICE PROVIDERS By the Immigration Advocates Network and Idealware THE FIELD GUIDE TO SOFTWARE FOREWORD Welcome, The Field Guide to Software is a joint effort between the Immigration Advocates Network and Idealware. Through straightforward overviews, it helps pinpoint the types of software that might be useful for the needs of nonprofit immigration advocates, organizers, and service providers and provides user- friendly summaries to demystify the possible options. It covers tried-and-true and emerging tools and technolgies, and best practices and specific aspects of nonprofit software. There’s also a section to guide you through the sometimes daunting process of choosing and implementing software. We know you have your hands full and don’t always have time to keep up with the latest information about the software that can help your organization. That’s where this guide can help. Thank you for all you do to make the world a better place. We hope this Field Guide will help you do it all just a little more easily. Matthew Burnett Karen Graham Director, Executive Director, Immigration Advocates Network Idealware iii THE FIELD GUIDE TO SOFTWARE TABLE OF CONTENTS TABLE 1. Introduction 7 • Understanding What You Need 8 • Every Organization Needs 10 2. Case Studies: Putting Tools to Use 13 • Using Technology to Expand Legal Services: Ayuda Delaware 14 • A Holistic Approach to Serving Immigrants: Benevolent Charities of Oklahoma 17 • Giving Voice to Immigrants: Idaho Coalition for Immigrants and Refugees 20 3.
    [Show full text]
  • Download File from Lucidpress Lucidpress
    download file from lucidpress Lucidpress. Lucidpress Alternative – So many alternatives app to Lucidpress that available on the web out there. And, looking for an ideal application was not easy job. Lucky you, on this article you can find the best replacement app for Lucidpress. So what you are waiting for, get the latest Lucidpress alternative app for Windows 10 from this page. Lucidpress Alternatives & Reviews. Today Lucid Software was develop Photos & Graphics app for Windows 10 (Web). And now, this app updated to the latest version. Before you read the Lucidpress Similar software reviews, please feel free to get an attention of this application details information. App Name Lucidpress Version Latest Rating 2.2 (8 people) Category Photos & Graphics Developer Lucid Software Update 3/23/2020 Requirement Web. Reviews. Lucidpress is a web-based design and layout application that enables anyone to create beautiful print and digital documents.PERFECT FOR PRINT: We've eliminated the frustration of traditional layout tools — easily create flyers, brochures, newsletters, magazines, and photobooks. DYNAMIC FOR DIGITAL: Quickly create digital documents for viewing on a computer, tablet, or smartphone. Free yourself from the bounds of the printed page with scrolling areas, and enchant your audience with videos, galleries, and interactivity. More Info »MANY TEMPLATES FOR DIGITAL & PRINT: – Newsletters – Brochures – Flyers – Reports – Posters – Presentations POWERFUL & EASY TO USE: – Drag and drop text, images, image galleries, and video – Access
    [Show full text]
  • OSINT Handbook September 2020
    OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 Aleksandra Bielska Noa Rebecca Kurz, Yves Baumgartner, Vytenis Benetis 2 Foreword I am delighted to share with you the 2020 edition of the OSINT Tools and Resources Handbook. Once again, the Handbook has been revised and updated to reflect the evolution of this discipline, and the many strategic, operational and technical challenges OSINT practitioners have to grapple with. Given the speed of change on the web, some might question the wisdom of pulling together such a resource. What’s wrong with the Top 10 tools, or the Top 100? There are only so many resources one can bookmark after all. Such arguments are not without merit. My fear, however, is that they are also shortsighted. I offer four reasons why. To begin, a shortlist betrays the widening spectrum of OSINT practice. Whereas OSINT was once the preserve of analysts working in national security, it now embraces a growing class of professionals in fields as diverse as journalism, cybersecurity, investment research, crisis management and human rights. A limited toolkit can never satisfy all of these constituencies. Second, a good OSINT practitioner is someone who is comfortable working with different tools, sources and collection strategies. The temptation toward narrow specialisation in OSINT is one that has to be resisted. Why? Because no research task is ever as tidy as the customer’s requirements are likely to suggest. Third, is the inevitable realisation that good tool awareness is equivalent to good source awareness. Indeed, the right tool can determine whether you harvest the right information.
    [Show full text]
  • 276 FL SW Lucidpress 52
    FIRST LOOKS software Impaginare con il Web Lucidpress porta il Dtp oltre la scrivania del computer: questo servizio basato sul Web offre potenti tool per creare pubblicazioni sia cartacee sia digitali. Anteprima di Dario Orlandi a crescita dei motori JavaScript, Tutti gli elementi di un progetto (stili, paragrafi, pagine e intere pubblicazioni) possono delle funzioni dei browser e della essere salvati come modelli, per poi essere riutilizzati in un secondo momento. L potenza dei computer hanno get- tato le basi per una nuova generazione di applicazioni, implementate come Oltre a offrire i tradizionali strumenti di impostata solo a livello di riquadro di servizi Web ma capaci di soddisfare impaginazione supporta quindi anche testo, e non di singole parole. Un altro le esigenze di moltissimi utenti. Ne è contenuti interattivi, zone scorrevoli, piccolo limite riguarda i capilettera: una dimostrazione Lucidpress (www. animazioni e oggetti dinamici integrati. non sono supportati direttamente, ma lucidpress.com), una soluzione completa L’interfaccia di editing è molto ricca si può ovviare al problema inserendo e gratuita di desktop publishing realiz- e ricorda da vicino quella di un’ap- box di testo separati. zata con tecnologie Ajax e Html5. plicazione tradizionale. Più simile a Sono molto ricche anche le funzioni Lucidpress è molto ricco di funzioni e una pagina Web è invece il browser dedicate alla gestione delle immagini: offre un’interfaccia utente di qualità: dei contenuti, che organizza i progetti permettono di regolarne la trasparenza, dopo qualche ora di pratica, ci si dimen- in cartelle e permette di accedere a un sovrapporle in più livelli, aggiungere tica di lavorare all’interno del browser.
    [Show full text]
  • Required Materials
    REQUIRED MATERIALS 3D Modeling 4 Access: Office Fundamentals Series 4 Advertising and Sales Promotion 4 Agriscience 2: Sustaining Human Life 5 Allied Health Assistant 1a: Introduction 5 Allied Health Assistant 1b: Skills and Specialties 5 American Sign Language 1a: Introduction 6 American Sign Language 1b: Learning to Sign 6 American Sign Language 2a: Communicating 6 American Sign Language 2b:Advancing Communication Skills 6 American Sign Language 3a: Community & Culture 7 Anatomy and Physiology 1a: Introduction 7 Anatomy and Physiology 1b: Discovering Form and Function 7 Animation 1a: Inroduction 8 Animation 1b: Animating Your Creativity 8 Applied Engineering 1a: Introduction 8 Applied Engineering 1b: Solving Problems Together 8 Business Communications 1a: Introduction 9 Business Information Management 1a: Introduction 9 Business Information Management 1b: Data Essentials 9 Business Law 1a: Introduction 9 Business Law 1b: Legal Aspects of Business 10 Careers in Criminal Justice 1a: Introduction 10 Careers in Criminal Justice 1b: Finding Your Specialty 10 Coding 1a: Introduction to Programming 11 Coding 1b: Programming 11 Cosmetology 2: The Business of Skin and Nails 11 Cosmetology 2: The Business of Skin and Nails 12 Cosmetology 3a: Introduction to Hair Skills 13 Cosmetology 3b: Waving, Coloring & Advancing Hair Skills 13 Culinary Arts 1a: Introduction 13 Culinary Arts 1b: Exploring Careers in Culinary Arts 14 Culinary Arts 2: Baking, Pastry, and More! 14 Cybersecurity 1a: Foundations 15 Cybersecurity 1b: Defense Against Threats 15 Dental
    [Show full text]
  • Digital Teaching and Learning Grant Application
    Digital Teaching and Learning Grant Application I. Readiness Assessment We completed the Future Ready Assessment; it is an electronic attachment to this application (I.1). Daggett School District achieved an Overall readiness score of 4.4 with a low of 3.0 in Use of Space and Time and a high of 7.0 in Personalized Professional Learning. II. Current Technology Resources Inventory Part A: Hardware and software Inventories The complete Utah School Technology Inventory is an electronic attachment to this application (document IIA1). “An articulation of the commitment to continue to engage in existing inventory efforts.” Every year, Daggett School District conducts an internal inventory of all technology assets. This inventory is included in the annual business audit. Daggett School Districts affirms its intention to participate in future external audits conducted by UETN or other State authorized entities. Software in use at Daggett School District 1. Elementary schools a. Included with computers i. Pages ii. Numbers iii. Keynote b. Paid subscriptions i. Accelerated Reader ii. Mathseeds iii. Starfall iv. IXL Math, ELA v. Sumdog vi. iReady vii. MobyMax viii. MasteryConnect ix. ABCYa x. SuperTeacher.com xi. Essential Skills xii. Vocabulary Spelling City c. Free software i. Prezi ii. Office365 iii. School Improvement Network iv. Illustrative Mathemematics v. KidZone vi. Typing.com vii. BigBrownBear viii. Dance Mat Typing ix. Prodigy x. Storyline xi. McGenius xii. GoNoodle xiii. Scholastic 2. High school a. Included software i. Pages/Numbers/Keynote b. Purchased or subscription software i. Edgenuity ii. MS Office (Word/Excel/Powerpoint/Access iii. Office365 (Online email, plus online versions of MS Office) iv.
    [Show full text]
  • Glossary of Tools and Terms
    REPRODUCIBLE Glossary of Tools and Terms This author team has carefully curated this appendix of all the digital tools and resources mentioned in this book along with other favorites that we could not fit in the text. We provide URLs for these web- sites and a short description about each tool’s purpose or use. Visit go.SolutionTree.com/technology to access live links to these sites. As you are reading the book, you can use the active hyperlinks to explore the digital resources we provided for you. Feel free to share this reproducible with colleagues who are interested in teaching and learning with technology. Academic Kids (http://academickids.com): A free online encyclopedia for students Adobe Spark (https://spark.adobe.com): A free website for designing graphics, images, videos, and webpages, with templates that make it easy for teachers and students to create projects Animoto (https://animoto.com): A video-creation website and app with limited free features and options for educator accounts (see https://animoto.com/education/classroom) Audacity (www.audacityteam.org): Free software for a Mac or Windows computer that makes editing complex audio clips possible AutoRap (www.smule.com/apps): A free iPad- and iPhone-only app, available to download from the App Store that allows users to generate rap songs Bitly (https://bitly.com): A tool for shortening URLs to make it easier for people to reach specific webpages Blackboard (www.blackboard.com): A learning management system that is fee based and often used at the higher education level
    [Show full text]
  • Automated Malware Analysis Report For
    ID: 431516 Cookbook: browseurl.jbs Time: 20:48:54 Date: 08/06/2021 Version: 32.0.0 Black Diamond Table of Contents Table of Contents 2 Analysis Report https://pub.lucidpress.com/1f6d8117-547a-408d-a63c-31977cec8524/ 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 4 Thumbnails 4 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 5 Domains 5 URLs 5 Domains and IPs 6 Contacted Domains 6 Contacted URLs 6 URLs from Memory and Binaries 6 Contacted IPs 6 Public 6 General Information 7 Simulations 7 Behavior and APIs 7 Joe Sandbox View / Context 7 IPs 7 Domains 7 ASN 7 JA3 Fingerprints 7 Dropped Files 7 Created / dropped Files 8 Static File Info 15 No static file info 15 Network Behavior 15 Network Port Distribution 15 TCP Packets 15 UDP Packets 16 DNS Queries 16 DNS Answers 16 HTTPS Packets 17 Code Manipulations 22 Statistics 23 Behavior 23 System Behavior 23 Analysis Process: iexplore.exe PID: 5220 Parent PID: 792 23 General 23 File Activities 23 Registry Activities 23 Analysis Process: iexplore.exe PID: 5352 Parent PID: 5220 23 General 23 File Activities 23 Registry Activities 23 Disassembly 23 Copyright Joe Security LLC 2021 Page 2 of 24 Analysis Report https://pub.lucidpress.com/1f6d8117-54…7a-408d-a63c-31977cec8524/ Overview General Information Detection Signatures Classification Sample URL: https://pub.lucidpres No high impact signatures.
    [Show full text]
  • Automated Malware Analysis Report For
    ID: 351331 Cookbook: browseurl.jbs Time: 15:08:12 Date: 10/02/2021 Version: 31.0.0 Emerald Table of Contents Table of Contents 2 Analysis Report https://pub.lucidpress.com/0b597a37-4b38-4f16-a698- 8076bb6f34d1/ 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 AV Detection: 5 Compliance: 5 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 8 Contacted Domains 8 Contacted URLs 8 URLs from Memory and Binaries 8 Contacted IPs 9 Public 10 General Information 10 Simulations 11 Behavior and APIs 11 Joe Sandbox View / Context 11 IPs 11 Domains 11 ASN 11 JA3 Fingerprints 11 Dropped Files 11 Created / dropped Files 12 Static File Info 20 No static file info 20 Network Behavior 20 Network Port Distribution 20 TCP Packets 20 UDP Packets 22 DNS Queries 23 DNS Answers 23 HTTPS Packets 24 Code Manipulations 29 Statistics 29 Behavior 29 System Behavior 29 Copyright null 2021 Page 2 of 30 Analysis Process: iexplore.exe PID: 5580 Parent PID: 792 29 General 29 File Activities 30 Registry Activities 30 Analysis Process: iexplore.exe PID: 664 Parent PID: 5580 30 General 30 File Activities 30 Registry Activities 30 Disassembly 30 Copyright null 2021 Page 3 of 30 Analysis Report https://pub.lucidpress.com/0b597a37-4…b38-4f16-a698-8076bb6f34d1/ Overview General Information Detection Signatures
    [Show full text]
  • My Pages Documents Disappeared on Ipad
    My Pages Documents Disappeared On Ipad Overbusy Fritz link very terrestrially while Hazel remains inhibiting and paripinnate. Denunciatory and araceous Tracie hoses her epidiorite ignoring surreptitiously or drugged immanently, is Arvind one-track? Uriel procreants unpalatably? Why do things or a few moments to dissimilar hardware related Ready for this was no pages the word have disappeared from the my background. My memory card got corrupted and I recovered the images and videos with your free data recovery software but after recovery my videos are not playing. Word disappeared is a particular installation can happen to disappear anyway, you leave a better app, they are gone as they might be multiple students answers. How do spaceships compensate for the Doppler shift from their communication frequency? It might spin only spin then I had to shut about the computer to manifest it did stop. Please provide an email address to comment. It will do happen whether you like six images and from movie, too. Chrome support for this feature can be disabled in Chrome settings. Once and pages documents have the ipad is completely dependent on. It will absolutely work. If you choose not easily store charge card locally, you catch be prompted for your CVV code or device authentication each time that use a card. Press the problem in music with those that i feel a team members of luck and easily work on ipad and may change the. Want all of the new tutorials in your inbox? Recover deleted, lost or formatted files in Windows PC and USB drives.
    [Show full text]
  • Cloud Applications Supported by Cloudsoc
    Cloud Applications Supported by CloudSOC Cloud Applications Supported by CloudSOC Table of Contents Cloud Applications Supported by CloudSOC.................................................................................. 3 Securlets........................................................................................................................................................................... 3 Gatelets............................................................................................................................................................................. 3 2 Cloud Applications Supported by CloudSOC Cloud Applications Supported by CloudSOC The following lists of Securlets and Gatelets are current as of September 2020. Securlets CloudSOC offers Securlets for the following cloud applications: • Amazon Web Services • Box • Google G Suite • Microsoft Azure NOTE Microsoft Azure does not support malware scanning. • Microsoft Office 365 • Salesforce • ServiceNow • Slack Gatelets CloudSOC offers Gatelets for the cloud applications listed in alphabetic order in the following table. Gatelets denoted as having generic support have limited activity monitoring; usually only upload, download, login, and logout. We monitor activities for these services, and support them in Gatelet-based Protect policies, on a best-effort basis. Gatelets denoted as having full support have more granular support for application activities. The content inspection column indicates that content of the file is inspected for content violating DLP
    [Show full text]
  • 10 Tech Tools to Boost Your School Counseling Beat
    Jeff Ream - MSCA 2016 Technology. Love it when it works - hate it when it doesn’t. Jeff Ream - MSCA 2016 Jeff Ream - MSCA 2016 The Game Plan. Jeff Ream - MSCA 2016 Our Tech Discography For each tech tool we will: 1. Discuss it. 2. Demo it. 3. Connect it. All in just 5 to 7 minutes each. This will be a “get your feet wet” approach. Each tool has TONS of resources to help you learn more about it online. Jeff Ream - MSCA 2016 Twitter Jeff Ream - MSCA 2016 Discuss: Twitter ➔ Social networking site that users interact using “Tweets” which are 140 character long pieces of information. Started in 2006. ➔ The definition of twitter is “a short burst of inconsequential information” and “a series of chirps from birds”. ➔ So how did Twitter get its name? Supposedly, the name was inspired by the photo-sharing site, Flickr, and other considerations were FriendStalker and Dodgeball. ➔ School counselors are very active on Twitter. We connect using #scchat. ◆ A “#” (hashtag) is a sorting and searching tool in Twitter (and other social media sites). ◆ Adding a hashtag allows tweets to be searched for (we can ignore Kim K’s tweets this way). Jeff Ream - MSCA 2016 Demo: Twitter Stop! Demo Time. Jeff Ream - MSCA 2016 Connect: Twitter ➔ Professional Development ◆ This is my #1 pro-d tool. I turn to Twitter first when I have a question. ◆ Monthly organized real-time chat (#scchat) about various topics related to school counseling. ◆ Constantly learn about new tools, issues in school counseling, connect with colleagues and more. ➔ Stakeholder Communication ◆ Always check your district policies, but I suggest starting a Twitter account for your school counseling department.
    [Show full text]