Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ACH payment confirmation careersindia@securview.com .HTML

Overview

General Information

Sample Name:ACH payment confirmation careersindia@securview.com .HTML
Analysis ID:1307021
MD5:7868e50fb7f75480cc4880f31434e417
SHA1:c41238567442006ea2b821c569b8c17d2d8a0aab
SHA256:b96949f50cf1cf7e6abe4c3e1d77902e694b1098a57619e68bfe7afb5aa1c19d
Infos:

Detection

HTMLPhisher
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Detected javascript redirector / loader
HTML file submission containing password form
Suspicious Javascript code found in HTML file
HTML document with suspicious title
Phishing site detected (based on logo match)
HTML Script injector detected
HTML document with suspicious name
Phishing site detected (based on image similarity)
None HTTPS page querying sensitive user data (password, username or email)
Stores files to the Windows start menu directory
HTML body contains password input but no form action
HTML body contains low number of good links
HTML title does not match URL
IP address seen in connection with other malware

Classification

  • System is w10x64
  • chrome.exe (PID: 5844 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ACH payment confirmation careersindia@securview.com .HTML MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
    • chrome.exe (PID: 6164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1860,i,10221190459973097732,13979483278592795457,262144 /prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
0.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    No Sigma rule has matched
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: https://kasumbo.com/smarty/xls_v1.6/tail-spin.svgAvira URL Cloud: Label: malware
    Source: kasumbo.comVirustotal: Detection: 6%Perma Link

    Phishing

    barindex
    Source: Yara matchFile source: 0.0.pages.csv, type: HTML
    Source: ACH payment confirmation careersindia@securview.com .HTMLHTTP Parser: Low number of body elements: 0
    Source: ACH payment confirmation careersindia@securview.com .HTMLHTTP Parser: document.write
    Source: file:///C:/Users/user/Desktop/ACH%20payment%20confirmation%20careersindia@securview.com%20.HTMLTab title: Statement.xls - Microsoft Excel
    Source: file:///C:/Users/user/Desktop/ACH%20payment%20confirmation%20careersindia@securview.com%20.HTMLMatcher: Template: microsoft matched
    Source: file:///C:/Users/user/Desktop/ACH%20payment%20confirmation%20careersindia@securview.com%20.HTMLHTTP Parser: New script tag found
    Source: file:///C:/Users/user/Desktop/ACH%20payment%20confirmation%20careersindia@securview.com%20.HTMLMatcher: Found strong image similarity, brand: MICROSOFT
    Source: file:///C:/Users/user/Desktop/ACH%20payment%20confirmation%20careersindia@securview.com%20.HTMLHTTP Parser: Has password / email / username input fields
    Source: file:///C:/Users/user/Desktop/ACH%20payment%20confirmation%20careersindia@securview.com%20.HTMLHTTP Parser: <input type="password" .../> found but no <form action="...
    Source: file:///C:/Users/user/Desktop/ACH%20payment%20confirmation%20careersindia@securview.com%20.HTMLHTTP Parser: Number of links: 0
    Source: file:///C:/Users/user/Desktop/ACH%20payment%20confirmation%20careersindia@securview.com%20.HTMLHTTP Parser: Title: Statement.xls - Microsoft Excel does not match URL
    Source: file:///C:/Users/user/Desktop/ACH%20payment%20confirmation%20careersindia@securview.com%20.HTMLHTTP Parser: <input type="password" .../> found
    Source: file:///C:/Users/user/Desktop/ACH%20payment%20confirmation%20careersindia@securview.com%20.HTMLHTTP Parser: No <meta name="author".. found
    Source: file:///C:/Users/user/Desktop/ACH%20payment%20confirmation%20careersindia@securview.com%20.HTMLHTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1498812047\LICENSE.txtJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_5844_1873454240Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexeJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_aJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_aJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_oJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_oJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\pnacl_public_pnacl_jsonJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_aJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexeJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_aJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\pnacl_public_x86_64_crtend_oJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexeJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\manifest.jsonJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_metadata\Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\_metadata\verified_contents.jsonJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1598255430\manifest.fingerprintJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_5844_885381781Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1498812047Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1498812047\LICENSE.txtJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1498812047\Filtering RulesJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1498812047\manifest.jsonJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1498812047\_metadata\Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1498812047\_metadata\verified_contents.jsonJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5844_1498812047\manifest.fingerprintJump to behavior
    Source: Joe Sandbox ViewIP Address: 174.127.104.94 174.127.104.94
    Source: Joe Sandbox ViewIP Address: 104.17.24.14 104.17.24.14
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: chromecache_256.1.drString found in binary or memory: http://fontawesome.io
    Source: chromecache_256.1.drString found in binary or memory: http://fontawesome.io/license
    Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.drString found in binary or memory: http://llvm.org/):
    Source: chromecache_257.1.drString found in binary or memory: http://www.zend.com
    Source: chromecache_258.1.dr, chromecache_257.1.drString found in binary or memory: http://www.zend.com/images/store/safeguard_optimizer_img.gif
    Source: chromecache_258.1.dr, chromecache_257.1.drString found in binary or memory: http://www.zend.com/products/zend_engine
    Source: chromecache_258.1.dr, chromecache_257.1.drString found in binary or memory: http://www.zend.com/products/zend_guard
    Source: chromecache_258.1.dr, chromecache_257.1.drString found in binary or memory: http://www.zend.com/products/zend_optimizer
    Source: chromecache_258.1.dr, chromecache_257.1.drString found in binary or memory: http://www.zend.com/store/products/zend-safeguard-suite.php
    Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
    Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
    Source: manifest.json.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
    Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
    Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
    Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/.
    Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/compatiblelicenses
    Source: LICENSE.txt.0.drString found in binary or memory: https://easylist.to/)
    Source: LICENSE.txt.0.drString found in binary or memory: https://github.com/easylist)
    Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: AEC=Ad49MVEVy5CxtQLtYrblzXz4DifLm5q80KxkAsZM0tGClBBQswyzDRIjhA; CONSENT=PENDING+494; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDMtMF9SQzIaAmVuIAEaBgiA0dCmBg; __Secure-ENID=14.SE=FEqwE5eimu_CzO8QanixDxMiVRDl1S74wJwxQG4kibYxHFlarNLstM6_FtN3tkTBDN7NI-PM3BH3uafw_juj7Kua5Sxw58UIqMyDvhq3JStE-0GsITWS9X0QrbjvmkA5MVBf-Eb4RLTTefnPk1F_g7MJo2hXw4TzaSRHE_HtskdpjjbT9g
    Source: unknownDNS traffic detected: queries for: www.w3schools.com
    Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-GB&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.171Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /smarty/xls_v1.6/tail-spin.svg HTTP/1.1Host: kasumbo.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /w3css/4/w3.css HTTP/1.1Host: www.w3schools.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /smarty/xls_v1.6/msoxcel_.svg HTTP/1.1Host: kasumbo.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /smarty/xls_v1.6/tail-spin.svg HTTP/1.1Host: kasumbo.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /smarty/xls_v1.6/msoxcel_.svg HTTP/1.1Host: kasumbo.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /smarty/xls_v1.6/tail-spin.svg HTTP/1.1Host: kasumbo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Source: global trafficHTTP traffic detected: GET /smarty/xls_v1.6/msoxcel_.svg HTTP/1.1Host: kasumbo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

    System Summary

    barindex
    Source: Name includes: ACH payment confirmation careersindia@securview.com .HTMLInitial sample: payment
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ACH payment confirmation careersindia@securview.com .HTML
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1860,i,10221190459973097732,13979483278592795457,262144 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown