flash

https://www.tevf.nl

Status: finished
Submission Time: 11.09.2019 20:48:42
Malicious
Phishing

Comments

Tags

Details

  • Analysis ID:
    173098
  • API (Web) ID:
    240665
  • Analysis Started:
    11.09.2019 20:49:13
  • Analysis Finished:
    11.09.2019 20:59:04
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
52/100

malicious

IPs

IP Country Detection
40.122.32.51
United States
104.41.229.199
United States
152.199.23.37
United States

Domains

Name IP Detection
www.tevf.nl
0.0.0.0
cs1100.wpc.omegacdn.net
152.199.23.37
waws-prod-msftdb3-901.sip.azurewebsites.windows.net
104.41.229.199
Click to see the 6 hidden entries
ssl.wohls.azurewebsites.net
40.122.32.51
secure.aadcdn.microsoftonline-p.com
0.0.0.0
support-db3.scm.azurewebsites.net
0.0.0.0
aadcdn.msftauth.net
0.0.0.0
login.microsoftonline.com
0.0.0.0
ajax.aspnetcdn.com
0.0.0.0

URLs

Name Detection
https://www.tevf.nl/
https://www.tevf.nl/JMicrosoft
https://www.tevf.nl/Root
Click to see the 27 hidden entries
https://www.tevf.nl/J
https://login.microsoftonline.com/
https://login.microsofJ
http://www.nytimes.com/
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.pcore.min_q6j9gbg8znquecf
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&redirect_uri=https%3A%2
http://www.amazon.com/
http://knockoutjs.com/
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~
https://github.com/douglascrockford/JSON-js
https://getbootstrap.com/)
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(
http://www.twitter.com/
https://ajax.aspnetcdn.com/ajax/bootstrap/4.1.1/css/bootstrap.min.css
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_78gr_8do2p
https://github.com/twbs/bootstrap/graphs/contributors)
http://www.opensource.org/licenses/mit-license.php)
https://login.microsof
http://www.youtube.com/
https://login.microsoftonline.com/jsdisabled
https://github.com/twbs/bootstrap/blob/master/LICENSE)
http://www.wikipedia.com/
https://aadcdn.msftauth.net
http://www.live.com/
http://www.reddit.com/
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_mbqre5pw01euigudkiyms

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{71E80E0E-D510-11E9-AADE-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{71E80E10-D510-11E9-AADE-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7882137A-D510-11E9-AADE-44C1B3FB757B}.dat
Microsoft Word Document
#
Click to see the 29 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6o07ku1\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\bannerlogo[1]
PNG image data, 187 x 35, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\bootstrap.min[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\bootstrap.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\info_4883eb1a3cbdddf5a79e28d320cfe5a9[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\jquery-3.2.1.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\generic[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\loc.min[1].js
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\main[1].css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\authorize[1].htm
HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\converged.v2.login.min_mbqre5pw01euigudkiymsa2[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\ux.converged.login.pcore.min_q6j9gbg8znquecfrupl4ra2[1].js
UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\DXCKV5V0.htm
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\favicon[1].ico
MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico
MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
#
C:\Users\user\AppData\Local\Temp\~DF5DF07C874214427B.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF60A22F320E0C447D.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF75676DA93CF54E0B.TMP
data
#