Automated Malware Analysis Report For

Automated Malware Analysis Report For

ID: 430572 Cookbook: browseurl.jbs Time: 16:38:56 Date: 07/06/2021 Version: 32.0.0 Black Diamond Table of Contents Table of Contents 2 Analysis Report https://www.weebly.com/app/help/us/en/topics/quick-answer-guide 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 4 Thumbnails 4 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 5 Domains 5 URLs 5 Domains and IPs 6 Contacted Domains 6 Contacted URLs 6 URLs from Memory and Binaries 6 Contacted IPs 6 Public 6 General Information 6 Simulations 7 Behavior and APIs 7 Joe Sandbox View / Context 7 IPs 7 Domains 7 ASN 7 JA3 Fingerprints 7 Dropped Files 7 Created / dropped Files 7 Static File Info 17 No static file info 17 Network Behavior 17 Network Port Distribution 17 TCP Packets 17 UDP Packets 17 DNS Queries 17 DNS Answers 17 HTTPS Packets 18 Code Manipulations 20 Statistics 20 Behavior 20 System Behavior 20 Analysis Process: iexplore.exe PID: 3412 Parent PID: 792 20 General 20 File Activities 20 Registry Activities 20 Analysis Process: iexplore.exe PID: 4084 Parent PID: 3412 20 General 20 File Activities 21 Registry Activities 21 Disassembly 21 Copyright Joe Security LLC 2021 Page 2 of 21 Analysis Report https://www.weebly.com/app/help/us/en…/topics/quick-answer-guide Overview General Information Detection Signatures Classification Sample URL: https://www.weebly.c No high impact signatures. om/app/help/us/en/topics/q uick-answer-guide Analysis ID: 430572 Infos: Ransomware Most interesting Screenshot: Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80% Process Tree System is w10x64 iexplore.exe (PID: 3412 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 4084 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3412 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup Malware Configuration No configs have been found Yara Overview No yara matches Sigma Overview No Sigma rule has matched Signature Overview Click to jump to signature section Copyright Joe Security LLC 2021 Page 3 of 21 There are no malicious signatures, click here to show all signatures . Mitre Att&ck Matrix Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups Behavior Graph Hide Legend Behavior Graph Legend: ID: 430572 Process URL: https://www.weebly.com/app/... Signature Startdate: 07/06/2021 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped Is Windows Process Number of created Registry Values www.weebly.com weebly.com started Number of created Files Visual Basic Delphi iexplore.exe Java .Net C# or VB.NET C, C++ or other language 2 84 Is malicious Internet started iexplore.exe 3 49 weebly.com weebly.map.fastly.net 74.115.50.109, 443, 49702, 49703 151.101.1.46, 443, 49711, 49712 3 other IPs or domains WEEBLYUS FASTLYUS United States United States Screenshots Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow. Copyright Joe Security LLC 2021 Page 4 of 21 Antivirus, Machine Learning and Genetic Malware Detection Initial Sample Source Detection Scanner Label Link https://www.weebly.com/app/help/us/en/topics/quick-answer-guide 0% Avira URL Cloud safe Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains No Antivirus matches URLs Copyright Joe Security LLC 2021 Page 5 of 21 Source Detection Scanner Label Link https://raw.githubusercontent.com/jashkenas/underscore/master/LICENSE 0% Avira URL Cloud safe https://orbit.weebly.net/cdn/releases 0% Avira URL Cloud safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe https://openjsf.org/ 0% URL Reputation safe https://openjsf.org/ 0% URL Reputation safe https://openjsf.org/ 0% URL Reputation safe https://webpack.js.org/guides/production/ 0% Avira URL Cloud safe Domains and IPs Contacted Domains Name IP Active Malicious Antivirus Detection Reputation weebly.map.fastly.net 151.101.1.46 true false unknown weebly.com 74.115.50.109 true false high cdn.embedly.com unknown unknown false high www.weebly.com unknown unknown false high cdn2.editmysite.com unknown unknown false high Contacted URLs Name Malicious Antivirus Detection Reputation https://www.weebly.com/app/help/us/en/topics/quick-answer-guide false high URLs from Memory and Binaries Contacted IPs Public IP Domain Country Flag ASN ASN Name Malicious 74.115.50.109 weebly.com United States 27647 WEEBLYUS false 151.101.1.46 weebly.map.fastly.net United States 54113 FASTLYUS false General Information Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 430572 Start date: 07.06.2021 Start time: 16:38:56 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 3m 29s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://www.weebly.com/app/help/us/en/topics/qui ck-answer-guide Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 18 Number of new started drivers analysed: 0 Copyright Joe Security LLC 2021 Page 6 of 21 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/30@4/2 Cookbook Comments: Adjust boot time Enable AMSI Warnings: Show All Simulations Behavior and APIs No simulations Joe Sandbox View / Context IPs No context Domains No context ASN No context JA3 Fingerprints No context Dropped Files No context Created / dropped Files C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\VXQPHS0A\www.weebly[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 13 Entropy (8bit): 2.469670487371862 Encrypted: false SSDEEP: 3:D90aKb:JFKb MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 SHA1: 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966 SHA-256: B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB SHA-512: 6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FE D Copyright Joe Security LLC 2021 Page 7 of 21 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\VXQPHS0A\www.weebly[1].xml Malicious: false Reputation: low Preview: <root></root> C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A3B948A4-C7E9-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30296 Entropy (8bit): 1.856276539099741 Encrypted: false SSDEEP: 96:rsZvZL2UW9rst9ryqf9rN5PrM9rcH59rytb9rZUf9rq5O7X:rsZvZL2UW9ot9Pf95BM989a9Kf9OcX MD5: 9077360F74A221A8E8C8AB33C28584C7 SHA1: 49595D84C435F058E1D3ADA15B5BB8D5591DE4FB SHA-256: 62ECDE01E20072AB6CE90D7A38C6AC2DB3E9EBF4D01E895C422BE2CD2283F49C SHA-512: FD612AE92DFB9714892C70B8B9359FFCBB70399D87D69D3F32093F27FAC243587BAB2AEEE943B0C11D5D2E88CF230DD0487D10C43F3F373B694FF72C4F6B3959 Malicious: false Reputation: low Preview: .............................................................................................................................................................................................................................................................................. ..................................................................................................................................................................................................................................................R.o.o.t.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    21 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us