Automated Malware Analysis Report For

ID: 436545 Cookbook: browseurl.jbs Time: 08:42:17 Date: 18/06/2021 Version: 32.0.0 Black Diamond Table of Contents Table of Contents 2 Windows Analysis Report http://snap.licdn.com 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 5 Domains 6 URLs 6 Domains and IPs 6 Contacted Domains 6 Contacted URLs 6 URLs from Memory and Binaries 6 Contacted IPs 6 Public 6 General Information 6 Simulations 7 Behavior and APIs 7 Joe Sandbox View / Context 7 IPs 7 Domains 7 ASN 7 JA3 Fingerprints 7 Dropped Files 7 Created / dropped Files 7 Static File Info 34 No static file info 34 Network Behavior 34 Network Port Distribution 34 TCP Packets 34 UDP Packets 34 DNS Queries 34 DNS Answers 35 HTTP Request Dependency Graph 35 HTTP Packets 35 HTTPS Packets 36 Code Manipulations 36 Statistics 36 Behavior 36 System Behavior 36 Analysis Process: iexplore.exe PID: 2832 Parent PID: 800 36 General 36 File Activities 37 Registry Activities 37 Analysis Process: iexplore.exe PID: 4744 Parent PID: 2832 37 General 37 File Activities 37 Registry Activities 37 Disassembly 37 Copyright Joe Security LLC 2021 Page 2 of 37 Windows Analysis Report http://snap.licdn.com Overview General Information Detection Signatures Classification Sample URL: snap.licdn.com No high impact signatures. Analysis ID: 436545 Infos: Most interesting Screenshot: Ransomware Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80% Process Tree System is w10x64 iexplore.exe (PID: 2832 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 4744 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2832 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup Malware Configuration No configs have been found Yara Overview No yara matches Sigma Overview No Sigma rule has matched Signature Overview Click to jump to signature section Copyright Joe Security LLC 2021 Page 3 of 37 There are no malicious signatures, click here to show all signatures . Mitre Att&ck Matrix Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 2 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 3 Location Cloud Data Drive Backups Local At (Windows) Logon Script Logon Binary Padding NTDS System Distributed Input Scheduled Ingress SIM Card Carrier Accounts (Mac) Script Network Component Capture Transfer Tool Swap Billing (Mac) Configuration Object Model Transfer 1 Fraud Discovery Behavior Graph Hide Legend Behavior Graph Legend: ID: 436545 Process URL: http://snap.licdn.com Signature Startdate: 18/06/2021 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped Is Windows Process Number of created Registry Values static-exp1.licdn.com snap.licdn.com started Number of created Files Visual Basic Delphi iexplore.exe Java .Net C# or VB.NET C, C++ or other language 2 79 Is malicious Internet started iexplore.exe 3 109 linkedin.custhelp.com 130.35.96.16, 443, 49732, 49733 www.linkedin.com 3 other IPs or domains ORACLE-BMC-31898US United States Copyright Joe Security LLC 2021 Page 4 of 37 TShcumrebennaislshots This section contains all screenshots as thumbnails, including those not shown in the slideshow. Antivirus, Machine Learning and Genetic Malware Detection Initial Sample Source Detection Scanner Label Link snap.licdn.com 0% Avira URL Cloud safe Dropped Files No Antivirus matches Unpacked PE Files Copyright Joe Security LLC 2021 Page 5 of 37 No Antivirus matches Domains No Antivirus matches URLs Source Detection Scanner Label Link linkedin.github.io/dustjs/ 0% Avira URL Cloud safe Domains and IPs Contacted Domains Name IP Active Malicious Antivirus Detection Reputation linkedin.custhelp.com 130.35.96.16 true false high static.licdn.com unknown unknown false high snap.licdn.com unknown unknown false high www.linkedin.com unknown unknown false high static-exp1.licdn.com unknown unknown false high help.linkedin.com unknown unknown false high Contacted URLs Name Malicious Antivirus Detection Reputation https://www.linkedin.com/jobs false high https://www.linkedin.com/help/linkedin?lang=en false high https://www.linkedin.com/error_pages/unsupported-browser.html false high linkedin.custhelp.com/ false high URLs from Memory and Binaries Contacted IPs Public IP Domain Country Flag ASN ASN Name Malicious 130.35.96.16 linkedin.custhelp.com United States 31898 ORACLE-BMC-31898US false General Information Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 436545 Start date: 18.06.2021 Start time: 08:42:17 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 5m 26s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: snap.licdn.com Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes 7 analysed: Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Copyright Joe Security LLC 2021 Page 6 of 37 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/81@7/1 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: http://www.linkedin.com/home Browsing link: http://linkedin.custhelp.com/ Browsing link: http://www.linkedin.com/search Browsing link: http://www.linkedin.com/jobs Browsing link: http://www.linkedin.com/answers Browsing link: http://www.linkedin.com/companies Browsing link: https://www.linkedin.com/secure/settings Browsing link: http://www.linkedin.com/profile Browsing link: http://www.linkedin.com/connections Browsing link: http://www.linkedin.com/inBox Browsing link: http://www.linkedin.com/static?key=tools Warnings: Show All Simulations Behavior and APIs No simulations Joe Sandbox View / Context IPs No context Domains No context ASN No context JA3 Fingerprints No context Dropped Files No context Created / dropped Files C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\www.linkedin[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 13 Copyright Joe Security LLC 2021 Page 7 of 37 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\www.linkedin[1].xml Entropy (8bit): 2.469670487371862 Encrypted: false SSDEEP: 3:D90aKb:JFKb MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 SHA1: 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966 SHA-256: B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB SHA-512: 6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FE D Malicious: false Reputation: low Preview: <root></root> C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{70E70FAF-D000-11EB-90EB-ECF4BBEA1588}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30296 Entropy (8bit): 1.8387167036476981 Encrypted: false SSDEEP: 192:r8ZzZ62elWx/txBifxWOczMxsUBxLaDxZsfxSROhjX:r8V5ZTEVLqux MD5: B2AFFA2951324BBAB7F0D560F2F9A9D2 SHA1: B884AE8EF23263FB5E7FC22F2753863CE26D348F SHA-256: E0742444A8AE457FA8E3D4241111537062519CB937EC8DEB83B21B95FCD4AABE SHA-512: 9FB59B6C88D5AA368008BBDE40DAB112E866A1BD4C0AF34E74CFECCA49FE9CFD16A05A48B4B8BF03BE40653DBDC2CA93F512A1B3563E747C25829A18F3EB8 082 Malicious: false Reputation: low Preview: .............................................................................................................................................................................................................................................................................. ..................................................................................................................................................................................................................................................R.o.o.t.

Automated Malware Analysis Report For

Details

Download

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

Support