Overview - Joe Sandbox

URLs ; https://www.youtube.co, 0%, URL Reputation ; https://about.google/, 0%, Virustotal ; https://about.google/, 0%, URL Reputation ; http://motiva. Resultsfoundfor""× Searchinprogress... BehaviorSectionBehaviorChronologicalDisassemblyUncategorizedGraphYoursearchquerymustbelongerthan3characters Yoursearch--didnotmatchanyresults. Sample(pw=infected)HTMLReportPDFReportExecutiveReportLightReportMAECSTIXMISPOpenIOCXMLIncidentReportNetworkPCAPDroppedBinariesUnpackedPEMemorydumpsYaraSignaturesExecutionGraphScreenshotsDumpedStrings(frommemory)DumpedStrings(fromdroppedbinaries)OverviewOverviewGeneralInformationDetectionConfidenceClassificationMitreAtt&ckMatrixSignatureOverviewMalwareConfigurationBehaviorGraphSimulationsAntivirusandMLDetectionJoeSandboxView/ContextYaraOverviewSigmaOverviewScreenshotsStartupDroppedDomains/IPsStaticNetworkHooksStatsBehaviorBehavioriexplore.exe,pid:4976iexplore.exe,pid:2404DisassemblyDisassemblyLoading...❌Warning! YouareusingMicrosoftInternetExplorer.Thereforethereportmightnotworkproperly. WerecommendusingChromeorFirefoxforthebestexperience. Thisreportrequiresabrowserwindowwithawidthofatleast1024px.Pleasemaximizeyourbrowserwindow,orincreaseyourscreenresolution.PlayinteractivetourEdittourAnalysisReporthttps://www.youtube.com/redirect?q=http%3A%2F%2FMotiva.technemetrolgia.pw%[email protected]&event=video_description&html_redirect=1&v=8uLSDgZMsK4&redir_token=sI73IyYPpK-gk7YiCxgKYra6snp8MTU4ODI1MjU3NEAxNTg4MTY2MTc0OverviewGeneralInformationJoeSandboxVersion:28.0.0LapisLazuliAnalysisID:226653Startdate:30.04.2020Starttime:18:04:17JoeSandboxProduct:CloudBasicOverallanalysisduration:0h5m8sHypervisorbasedInspectionenabled:falseReporttype:fullCookbookfilename:browseurl.jbsSampleURL:https://www.youtube.com/redirect?q=http%3A%2F%2FMotiva.technemetrolgia.pw%[email protected]&event=video_description&html_redirect=1&v=8uLSDgZMsK4&redir_token=sI73IyYPpK-gk7YiCxgKYra6snp8MTU4ODI1MjU3NEAxNTg4MTY2MTc0Analysissystemdescription:Windows1064bit(version1803)withOffice2016,AdobeReaderDC19,Chrome70,Firefox63,Java8.171,Flash30.0.0.113Numberofanalysednewstartedprocessesanalysed:3Numberofnewstarteddriversanalysed:0Numberofexistingprocessesanalysed:0Numberofexistingdriversanalysed:0Numberofinjectedprocessesanalysed:0Technologies:EGAenabledAnalysisMode:defaultAnalysisstopreason:TimeoutDetection:CLEANClassification:clean1.win@3/219@2/23CookbookComments:AdjustboottimeEnableAMSIBrowsinglink:https://www.google.com/chrome/browser/desktop/index.html?brand=NDCM&utm_source=all-pushdown-yt&utm_medium=yt-pushdown&utm_campaign=yt-watchBrowsinglink:https://www.youtube.com/Browsinglink:https://www.youtube.com/uploadBrowsinglink:https://www.youtube.com/supported_browsersBrowsinglink:http://motiva.technemetrolgia.pw/#[email protected]:https://www.youtube.com/watch?v=8uLSDgZMsK4Warnings:ShowAllBehaviorinformationexceedsnormalsizes,reducingtonormal.Reportwillhavemissingbehaviorinformation.Excludeprocessfromanalysis(whitelisted):ielowutil.exeExcludedIPsfromanalysis(whitelisted):92.123.7.209,172.217.168.78,216.58.215.238,172.217.168.14,172.217.168.46,172.217.168.3,172.217.168.45Excludeddomainsfromanalysis(whitelisted):e11290.dspg.akamaiedge.net,gstaticadssl.l.google.com,youtube-ui.l.google.com,go.microsoft.com,accounts.google.com,fonts.gstatic.com,go.microsoft.com.edgekey.netReportsizeexceededmaximumcapacityandmayhavemissingbehaviorinformation.Reportsizegettingtoobig,toomanyNtCreateFilecallsfound.Reportsizegettingtoobig,toomanyNtDeviceIoControlFilecallsfound.Reportsizegettingtoobig,toomanyNtQueryAttributesFilecallsfound.DetectionStrategyScoreRangeReportingWhitelistedDetectionThreshold10-100falseConfidenceStrategyScoreRangeFurtherAnalysisRequired?ConfidenceThreshold50-5false×ClassificationSpiderchartMitreAtt&ckMatrixInitialAccessExecutionPersistencePrivilegeEscalationDefenseEvasionCredentialAccessDiscoveryLateralMovementCollectionExfiltrationCommandandControlNetworkEffectsRemoteServiceEffectsImpactDrive-byCompromise1GraphicalUserInterface2WinlogonHelperDLLProcessInjection1Masquerading1CredentialDumpingFileandDirectoryDiscovery1ApplicationDeploymentSoftwareDatafromLocalSystemDataCompressedStandardNon-ApplicationLayerProtocol1EavesdroponInsecureNetworkCommunicationRemotelyTrackDeviceWithoutAuthorizationModifySystemPartitionReplicationThroughRemovableMediaServiceExecutionPortMonitorsAccessibilityFeaturesProcessInjection1NetworkSniffingApplicationWindowDiscoveryRemoteServicesDatafromRemovableMediaExfiltrationOverOtherNetworkMediumStandardApplicationLayerProtocol1ExploitSS7toRedirectPhoneCalls/SMSRemotelyWipeDataWithoutAuthorizationDeviceLockoutSignatureOverviewClicktojumptosignaturesectionPhishing: FoundiframesShowsourcesSource:https://accounts.google.com/ServiceLogin?hl=en&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fhl%3Den%26next%3D%252Fupload%26feature%3Dredirect_login%26action_handle_signin%3Dtrue%26app%3Ddesktop&passive=true&service=youtube&uilel=3HTTPParser:Iframesrc:https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-2095727691&timestamp=1588295144638 HTMLtitledoesnotmatchURLShowsourcesSource:https://accounts.google.com/ServiceLogin?hl=en&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fhl%3Den%26next%3D%252Fupload%26feature%3Dredirect_login%26action_handle_signin%3Dtrue%26app%3Ddesktop&passive=true&service=youtube&uilel=3HTTPParser:Title:YouTubedoesnotmatchURL UnusuallargeHTMLpageShowsourcesSource:https://accounts.google.com/ServiceLogin?hl=en&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fhl%3Den%26next%3D%252Fupload%26feature%3Dredirect_login%26action_handle_signin%3Dtrue%26app%3Ddesktop&passive=true&service=youtube&uilel=3HTTPParser:Totalsize:1329448 METAauthortagmissingShowsourcesSource:https://accounts.google.com/ServiceLogin?hl=en&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fhl%3Den%26next%3D%252Fupload%26feature%3Dredirect_login%26action_handle_signin%3Dtrue%26app%3Ddesktop&passive=true&service=youtube&uilel=3HTTPParser:Noequalswww.youtube.com(Youtube) Source:chrome[1].htm0.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:"@id":"http:\/\/www.youtube.com\/channel\/UC9OAeZY8zp976DwRvHGjuSA",equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:chrome[1].htm0.2.drStringfoundinbinaryormemory:equalswww.facebook.com(Facebook) Source:chrome[1].htm0.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.facebook.com(Facebook) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.twitter.com(Twitter) Source:chrome[1].htm0.2.drStringfoundinbinaryormemory:"https://www.facebook.com/googlechrome",equalswww.facebook.com(Facebook) Source:chrome[1].htm0.2.drStringfoundinbinaryormemory:"https://www.youtube.com/googlechrome",equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:'ADS_DATA':{"show_afc":false,"afc_vars":{"format":"","language":"","ad_host":"","ad_client":"","tag_for_child_directed_treatment":"","ad_channel":"","loeid":"","targeting":"","eids":[],"pucrd":"","video_doc_id":"","ad_host_tier_id":"","lact":"","ad_type":"","core_dbp":"","ad_block":"","alternate_ad_url":"https:\/\/www.youtube.com\/ad_frame?id=watch-channel-brand-div"},"afv_vars":{"google_alternate_ad_url":"https:\/\/www.youtube.com\/ad_frame?id=watch-channel-brand-div","google_ad_type":"","google_ad_block":"","google_ad_channel":"","google_ad_host":"","google_ad_height":"","google_yt_pt":"","google_ad_client":"","google_video_doc_id":"","google_eids":[],"google_ad_format":"","google_tag_for_child_directed_treatment":"","google_language":"","google_lact":"","google_core_dbp":"","google_loeid":"","google_cust_gender":"","google_pucrd":"","google_scs":"","google_cust_age":"","google_page_url":"","google_targeting":"","google_ad_host_tier_id":""},"gut_vars":{"tag":"\\4061\\ytpwmpu"},"check_status":false,"show_afv":false,"use_gut":true,"show_pyv":false,"show_instream":true},equalswww.youtube.com(Youtube) Source:89SEPS9B.htm.2.drStringfoundinbinaryormemory:Signinequalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:SignintoaddthistoWatchLaterequalswww.youtube.com(Youtube) Source:redirect[1].htm.2.drStringfoundinbinaryormemory:SignintoaddthistoWatchLaterequalswww.youtube.com(Youtube) Source:89SEPS9B.htm.2.drStringfoundinbinaryormemory:SignintoaddthistoWatchLaterequalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:Learnmoreequalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.facebook.com(Facebook) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.twitter.com(Twitter) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:'YPC_SIGNIN_URL':"https:\/\/accounts.google.com\/ServiceLogin?hl=en\u0026service=youtube\u0026continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fhl%3Den%26app%3Ddesktop%26next%3D%252F%26action_handle_signin%3Dtrue\u0026passive=true\u0026uilel=3",equalswww.youtube.com(Youtube) Source:redirect[1].htm.2.drStringfoundinbinaryormemory:'YPC_SIGNIN_URL':"https:\/\/accounts.google.com\/ServiceLogin?service=youtube\u0026hl=en\u0026uilel=3\u0026continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fhl%3Den%26action_handle_signin%3Dtrue%26next%3D%252F%26app%3Ddesktop\u0026passive=true",equalswww.youtube.com(Youtube) Source:89SEPS9B.htm.2.drStringfoundinbinaryormemory:'YPC_SIGNIN_URL':"https:\/\/accounts.google.com\/ServiceLogin?service=youtube\u0026uilel=3\u0026hl=en\u0026passive=true\u0026continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fapp%3Ddesktop%26hl%3Den%26action_handle_signin%3Dtrue%26next%3D%252F",equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:Signinequalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:89SEPS9B.htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.facebook.com(Facebook) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.twitter.com(Twitter) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.facebook.com(Facebook) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.twitter.com(Twitter) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:equalswww.youtube.com(Youtube) Source:watch[1].htm.2.drStringfoundinbinaryormemory:PublishedonOct31,2019"VALEDICTORIAN"availableat:https://smarturl.it/VALEDICTORIAN.DDG

FollowDDG:
https://twitter.com/pontiacmadeddg
https://www.facebook.com/Pontiacmadeddg/