Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
(No subject).eml

Overview

General Information

Sample name:(No subject).eml
Analysis ID:1606873
MD5:e358abbf9aa3919df98e1b9f3ad9179f
SHA1:9fb6381d8fdf8b1b20833344ede8234b31694769
SHA256:6261029a36e6fc20d6c965a2eab692b18e261397370957517dc7de3bfee90975
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Connects to many different domains
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
Form action URLs do not match main URL
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification