General Information

  • Date:24.06.2020
  • Duration:0h 0m 57s
  • Sample URL:http://laltraimmagine.ss.it/~genio/a53i2.html
  • Cookbook:browseurl.jbs
  • Icon:No Icon
  • Filetype:unknown

Detection

MALICIOUS
Phisher
    • Found 2 malicious signatures
    • Contacts 4 domains/IPs
    • Launches 2 processes
    • Drops 14 files

Signature Overview

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 241054 URL: http://laltraimmagine.ss.it... Startdate: 24/06/2020 Architecture: WINDOWS Score: 56 18 Multi AV Scanner detection for domain / URL 2->18 20 Yara detected Phisher 2->20 6 iexplore.exe 1 51 2->6         started        process3 process4 8 iexplore.exe 38 6->8         started        dnsIp5 14 d2.dropboxccdn.com 169.239.129.66, 443 unknown Seychelles 8->14 16 laltraimmagine.ss.it 5.79.65.13, 49714, 49715, 80 unknown Netherlands 8->16 12 C:\Users\user\AppData\Local\...\a53i2[1].htm, HTML 8->12 dropped file6
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Contacted Public IPs

    IP Country Flag ASN ASN Name Malicious
    169.239.129.66
    Seychelles
    61138 unknown true
    5.79.65.13
    Netherlands
    60781 unknown false

    Contacted Domains

    Name IP Active
    laltraimmagine.ss.it 5.79.65.13 true
    d2.dropboxccdn.com 169.239.129.66 true

    Contacted URLs

    Name Malicious Antivirus Detection Reputation
    http://laltraimmagine.ss.it/~genio/a53i2.html false
      unknown
      http://laltraimmagine.ss.it/favicon.ico false
      • Avira URL Cloud: safe
      unknown