http://sjfklsjfkldfjklsdfjdlksjfdsljk.foo./index.jsp
This report is generated from a file or URL submitted to this webservice on January 4th 2023 21:24:41 (UTC) and action script Default browser analysis
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v9.5.3 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 1 domain. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Informative 8
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/90 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\IsoScope_ef8_IESQMMUTEX_0_519"
"Local\InternetShortcutMutex"
"IsoScope_ef8_IESQMMUTEX_0_331"
"{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"
"Local\URLBLOCK_HASHFILESWITCH_MUTEX"
"IsoScope_ef8_IESQMMUTEX_0_519"
"Local\!BrowserEmulation!SharedMemory!Mutex"
"Local\VERMGMTBlockListFileMutex"
"{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"
"IsoScope_ef8_IESQMMUTEX_0_303"
"Local\URLBLOCK_DOWNLOAD_MUTEX"
"Local\ZonesCacheCounterMutex"
"IsoScope_ef8_IE_EarlyTabStart_0xc78_Mutex"
"UpdatingNewTabPageData"
"Local\URLBLOCK_FILEMAPSWITCH_MUTEX_3832"
"Local\ZonesLockedCacheCounterMutex"
"IsoScope_ef8_ConnHashTable<3832>_HashTable_Mutex"
"\Sessions\1\BaseNamedObjects\IsoScope_ef8_IESQMMUTEX_0_303"
"\Sessions\1\BaseNamedObjects\IsoScope_ef8_IESQMMUTEX_0_331"
"\Sessions\1\BaseNamedObjects\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")
- source
- Binary File
- relevance
- 10/10
-
Queries DNS server
- details
- "sjfklsjfkldfjklsdfjdlksjfdsljk.foo"
- source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.004 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
-
Installation/Persistence
-
Dropped files
- details
-
"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]
"~DF7477C14CAB53F2C3.TMP" has type "data"- Location: [%TEMP%\~DF7477C14CAB53F2C3.TMP]- [targetUID: 00000000-00003832]
"_1B3D8063-8C6E-11ED-832F-080027C7CBBE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]
"search_2_.json" has type "JSON data"- [targetUID: N/A]
"~DFA52D575B358FDBC3.TMP" has type "data"- Location: [%TEMP%\~DFA52D575B358FDBC3.TMP]- [targetUID: 00000000-00003832]
"search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]
"RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]
"httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]
"errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]
"NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]
"en-US.4" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.4]- [targetUID: 00000000-00003832]
"favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]
"2U5A99GZ.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\2U5A99GZ.txt]- [targetUID: 00000000-00003832]
"~DF7056A2491F62C3A1.TMP" has type "data"- Location: [%TEMP%\~DF7056A2491F62C3A1.TMP]- [targetUID: 00000000-00003832]
"RecoveryStore._1B3D8061-8C6E-11ED-832F-080027C7CBBE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]
"~DFD5E078DEDE91A567.TMP" has type "data"- Location: [%TEMP%\~DFD5E078DEDE91A567.TMP]- [targetUID: 00000000-00003832]
"2G63B2S3.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\2G63B2S3.txt]- [targetUID: 00000000-00003832]
"favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]
"dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]
"_231037B0-8C6E-11ED-832F-080027C7CBBE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A] - source
- Binary File
- relevance
- 3/10
- ATT&CK ID
- T1105 (Show technique in the MITRE ATT&CK™ matrix)
-
Dropped files
-
Network Related
-
Contacts Random Domain Names
- details
- "sjfklsjfkldfjklsdfjdlksjfdsljk.foo" seems to be random
- source
- Network Traffic
- relevance
- 5/10
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://sjfklsjfkldfjklsdfjdlksjfdsljk.foo./index.jsp"
Pattern match: "http://sjfklsjfkldfjklsdfjdlksjfdsljk.foo" - source
- File/Memory
- relevance
- 10/10
-
Contacts Random Domain Names
-
Unusual Characteristics
-
Drops files inside appdata directory
- details
-
Dropped file: "2U5A99GZ.txt" - Location: [%APPDATA%\Microsoft\Windows\Cookies\2U5A99GZ.txt]- [targetUID: 00000000-00003832]
Dropped file: "2G63B2S3.txt" - Location: [%APPDATA%\Microsoft\Windows\Cookies\2G63B2S3.txt]- [targetUID: 00000000-00003832]
Dropped file: "HWIHFR72.txt" - Location: [%APPDATA%\Microsoft\Windows\Cookies\HWIHFR72.txt]- [targetUID: 00000000-00003832] - source
- Binary File
- relevance
- 3/10
-
Drops files inside appdata directory
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 3 processes in total.
-
rundll32.exe
"%WINDIR%\System32\ieframe.dll",OpenURL C:\4a466ae2d3679a863e7c8e4e58df871b3452c37ecb7c4c42e2a29b2844efc37a.url
(PID: 3072)
-
iexplore.exe
http://sjfklsjfkldfjklsdfjdlksjfdsljk.foo./index.jsp
(PID: 3832)
- iexplore.exe SCODEF:3832 CREDAT:275457 /prefetch:2 (PID: 2376)
-
iexplore.exe
http://sjfklsjfkldfjklsdfjdlksjfdsljk.foo./index.jsp
(PID: 3832)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
sjfklsjfkldfjklsdfjdlksjfdsljk.foo | - | - | - |
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Clean 1
-
-
urlblockindex_1_.bin
- Size
- 16B (16 bytes)
- Type
- data
- AV Scan Result
- 0/84
- MD5
- fa518e3dfae8ca3a0e495460fd60c791
- SHA1
- e4f30e49120657d37267c0162fd4a08934800c69
- SHA256
- 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
-
-
Informative Selection 2
-
-
favicon_3_.ico
- Size
- 4.2KiB (4286 bytes)
- Type
- unknown
- Description
- MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
- MD5
- da597791be3b6e732f0bc8b20e38ee62
- SHA1
- 1125c45d285c360542027d7554a5c442288974de
- SHA256
- 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
-
favicon_2_.ico
- Size
- 4.2KiB (4286 bytes)
- Type
- unknown
- Description
- MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
- MD5
- da597791be3b6e732f0bc8b20e38ee62
- SHA1
- 1125c45d285c360542027d7554a5c442288974de
- SHA256
- 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
-
-
Informative 18
-
-
2G63B2S3.txt
- Size
- 601B (601 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3832)
- MD5
- 66d446c5791293563d70a64dbdda605d
- SHA1
- 25cdbe19400b611f216ab1e983086a3086238fde
- SHA256
- 884324274e32dcc3ea918db9d60fd6851206faef359c12adc1832a4dd048cfc3
-
2U5A99GZ.txt
- Size
- 80B (80 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3832)
- MD5
- b55a7e63d8088808ed8524a3d3293664
- SHA1
- 5bc9092e646379bf2114d6e0eff1d4d703692ee9
- SHA256
- ab879c89f1308b48a11c9fe7a7a2e303bed9e01ddced55b91529f0bd095a1504
-
HWIHFR72.txt
- Size
- 107B (107 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3832)
- MD5
- be76fd4d0b1f57d1bad67837f09d81c4
- SHA1
- 8f253b36e0351f03d59b80733310dc50d8bc0969
- SHA256
- 03c971676a1f0151f3ca1012a55c17908b9cf5b76dbb05cd3b5431f6173ad7a7
-
en-US.4
- Size
- 18KiB (18176 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3832)
- MD5
- 5a34cb996293fde2cb7a4ac89587393a
- SHA1
- 3c96c993500690d1a77873cd62bc639b3a10653f
- SHA256
- c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
-
~DF7056A2491F62C3A1.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3832)
- MD5
- e5a3b18980d2c165c14fa2bf5a3a11f9
- SHA1
- 0abc3890f041141d6b6cdcf3b5810df79fbecd55
- SHA256
- 03bdd434ba796f189e126c44dfb32360265d2d5f60b29f841cc29707c6477873
-
~DF7477C14CAB53F2C3.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3832)
- MD5
- 70dae3b36b3a3b782291bb5bec461879
- SHA1
- 20459907d6af110a2390fabc2afe86fbb7dc6eb9
- SHA256
- 554b4a42e27d3c8ed286fac59c1df18cae81a2c4106c7e5e43b8f6b0c4f6d61f
-
~DFA52D575B358FDBC3.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3832)
- MD5
- 0629d9c621e733da1a6904cbad823b5b
- SHA1
- af6b0951a1ef117dee1c295b8d389ed9765e33eb
- SHA256
- c141f4c81ff4254367bf022b9bb2eb5a71575e318f077120dfca0d57732ecca5
-
~DFD5E078DEDE91A567.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3832)
- MD5
- bceb3b78078666bb10b580a70e60e6a8
- SHA1
- c6516ec1b4b49093db47421b99eee2c45441fa8c
- SHA256
- 8b5ab98ebea805bb2766b89111481f63de5d565036d7068c44df34a5668650ed
-
_1B3D8063-8C6E-11ED-832F-080027C7CBBE_.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- 2161d42b1131f6ae022cbeabf1394125
- SHA1
- 3e6e9113106f02d809f46cb671cfb72f2a241dba
- SHA256
- 80d7a1b6be0182738260d401f886282600361d4805ba8e7b32aa60769b19e50e
-
search_2_.json
- Size
- 281B (281 bytes)
- Type
- data
- Description
- JSON data
- MD5
- 449f61c84cd2f7342f95403c908c0603
- SHA1
- 08afdc36927b6c4e03c3088e5c9c812cc4215ede
- SHA256
- 19170bd75edc0b5183a2f9fcc3001d9d222deff61e5915ad1127b65ab581a2a1
-
search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico
- Size
- 4.2KiB (4286 bytes)
- Type
- unknown
- Description
- MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
- MD5
- da597791be3b6e732f0bc8b20e38ee62
- SHA1
- 1125c45d285c360542027d7554a5c442288974de
- SHA256
- 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
-
RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat
- Size
- 17KiB (17408 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- 42e4a4c99741fb3c1f2d25a74034f726
- SHA1
- d6a096ef0eb04ed8472868255c2a409e5def7e71
- SHA256
- 502efcd54280f95707bf2f5805c668d41d6c93649efaa954f735efc6bcd7659f
-
httpErrorPagesScripts_1_
- Size
- 8.5KiB (8714 bytes)
- Type
- text
- Description
- UTF-8 Unicode (with BOM) text, with CRLF line terminators
- MD5
- 3f57b781cb3ef114dd0b665151571b7b
- SHA1
- ce6a63f996df3a1cccb81720e21204b825e0238c
- SHA256
- 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
-
errorPageStrings_1_
- Size
- 3.4KiB (3470 bytes)
- Type
- text
- Description
- UTF-8 Unicode (with BOM) text, with CRLF line terminators
- MD5
- 6b26ecfa58e37d4b5ec861fcdd3f04fa
- SHA1
- b69cd71f68fe35a9ce0d7ea17b5f1b2bad9ea8fa
- SHA256
- 7f7d1069ca8a852c1c8eb36e1d988fe6a9c17ecb8eff1f66fc5ebfeb5418723a
-
NewErrorPageTemplate_1_
- Size
- 1.3KiB (1310 bytes)
- Type
- text
- Description
- UTF-8 Unicode (with BOM) text, with CRLF line terminators
- MD5
- cdf81e591d9cbfb47a7f97a2bcdb70b9
- SHA1
- 8f12010dfaacdecad77b70a3e781c707cf328496
- SHA256
- 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd
-
RecoveryStore._1B3D8061-8C6E-11ED-832F-080027C7CBBE_.dat
- Size
- 5.5KiB (5632 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- 08994a17cc7d37a62cbbefd1ecf7e93c
- SHA1
- 3f0785517d20293525866a70f5781df336f8e43b
- SHA256
- 19ba8e1daac77a5cf9b1acdf304e96d3f6988f1ce984cab1b6dd284eeeb07eaa
-
dnserror_1_
- Size
- 1.8KiB (1857 bytes)
- Type
- html
- Description
- HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
- MD5
- 73c70b34b5f8f158d38a94b9d7766515
- SHA1
- e9eaa065bd6585a1b176e13615fd7e6ef96230a9
- SHA256
- 3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4
-
_231037B0-8C6E-11ED-832F-080027C7CBBE_.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- 8af5f1c0a8c48252310872098286cd63
- SHA1
- 733895c31a9154facc53c134d336cd095183e53b
- SHA256
- 8c1f6839f8f3337fa35644ffaf22f77e8837584cae7054fae70a85cdd09c43fd
-
Notifications
-
Runtime
- Not all Falcon MalQuery lookups completed in time
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data