top title background image
flash

https://momshi.gq/secure/MailUpdateFresh

Status: finished
Submission Time: 2022-05-27 15:56:48 +02:00
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    635153
  • API (Web) ID:
    1002657
  • Analysis Started:
    2022-05-27 15:56:49 +02:00
  • Analysis Finished:
    2022-05-27 15:59:57 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 48
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
142.250.185.99
United States
104.17.24.14
United States
142.250.74.202
United States
Click to see the 9 hidden entries
142.250.185.67
United States
216.58.212.142
United States
142.250.186.174
United States
104.16.89.20
United States
74.125.111.134
United States
239.255.255.250
Reserved
142.250.185.141
United States
91.209.70.20
Russian Federation
142.251.36.99
United States

Domains

Name IP Detection
accounts.google.com
142.250.185.141
cdnjs.cloudflare.com
104.17.24.14
clients.l.google.com
142.250.186.174
Click to see the 3 hidden entries
momshi.gq
91.209.70.20
clients2.google.com
0.0.0.0
cdn.jsdelivr.net
0.0.0.0

URLs

Name Detection
https://momshi.gq/secure/MailUpdateFresh/?err=S58O5UVNPFJAHMCEGTQ&dispatch=C08&id=AC3ba2a62B47C134a9BA25C10B239b

Dropped files

Name File Type Hashes Detection
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\it\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\de\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\el\messages.json
ASCII text, with very long lines
#
Click to see the 51 hidden entries
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\en\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\es\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\es_419\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\et\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\fi\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\fr\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\hi\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\hr\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\hu\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\id\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\da\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\ja\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\ko\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\lt\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\manifest.json
ASCII text
#
C:\Users\alfredo\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Little-endian UTF-16 Unicode text, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\d4c91a90-595d-4694-9ca3-e3917ed623f9.tmp
very short file (no magic)
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\8e446481-1d29-4d86-aa4c-e060d4206052.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\26ae99c0-286c-4659-9e39-ad53e5547473.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\2844603e-1a2e-48b5-b0bd-ac93faddd724.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)
MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
zlib compressed data
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\ca2e76b2-f365-47c4-ab59-ec5a361ff8c6.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\d06c6795-bff5-4def-a070-df6cccdf5158.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\d15fca5d-08b6-4733-958e-936bb0e66765.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\4a599cc1-953b-4a36-ac02-943d11ed66b9.tmp
data
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\daa6b740-7dbd-4c49-b1ae-91bf6291846a.tmp
MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp
ASCII text
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Browser
data
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
#
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\ef939728-6214-4ae2-b16a-6af67c15b51d.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Temp\4a26d9d8-492c-499b-a158-bb369318870c.tmp
Google Chrome extension, version 3
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\bg\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\ca\messages.json
ASCII text, with very long lines
#
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\cs\messages.json
ASCII text, with very long lines
#