Analysis Report Final_report_2020.htm_

Overview

General Information

Sample Name:	Final_report_2020.htm_ (renamed file extension from htm_ to html)
Analysis ID:	323914
MD5:	0c764c478941b76371c019b9a1b7c607
SHA1:	81ca3948f11ecf4ffb266b9ef6e95ec708d3d7f1
SHA256:	898166e652d7b302eea1d3436e15fe47375e1bc8e3767a9f072d2f29adf82958
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Yara detected HtmlPhish_7

Contains strings related to BOT control commands

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Classification

Signatures

AV Detection:

Multi AV Scanner detection for domain / URL

Source: https://app.forexliteoptions.com/core/database/xero/images/8.jpg

Virustotal: Detection: 6%

Perma Link

Phishing:

Yara detected HtmlPhish_7

Source: Yara match	File source: Final_report_2020.html, type: SAMPLE
Source: Yara match	File source: 715575.pages.csv, type: HTML

HTML title does not match URL

Source: file:///C:/Users/user/Desktop/Final_report_2020.html	HTTP Parser: Title: Scanned Secured File does not match URL
Source: file:///C:/Users/user/Desktop/Final_report_2020.html	HTTP Parser: Title: Scanned Secured File does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Source: file:///C:/Users/user/Desktop/Final_report_2020.html	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/Final_report_2020.html	HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/Final_report_2020.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Final_report_2020.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/Final_report_2020.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Final_report_2020.html	HTTP Parser: No <meta name="copyright".. found

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 198.54.115.249 198.54.115.249
Source: Joe Sandbox View	IP Address: 104.16.18.94 104.16.18.94

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x72b7c8b1,0x01d6c543</date><accdate>0x72b7c8b1,0x01d6c543</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x72b7c8b1,0x01d6c543</date><accdate>0x72b7c8b1,0x01d6c543</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x72bc8d5b,0x01d6c543</date><accdate>0x72bc8d5b,0x01d6c543</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x72bc8d5b,0x01d6c543</date><accdate>0x72bc8d5b,0x01d6c543</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x72beefd7,0x01d6c543</date><accdate>0x72beefd7,0x01d6c543</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x72beefd7,0x01d6c543</date><accdate>0x72beefd7,0x01d6c543</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: code.jquery.com

Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: popper.min[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: Final_report_2020.html	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: Final_report_2020.html	String found in binary or memory: https://api.statvoo.com/favicon/?url=$
Source: Final_report_2020.html	String found in binary or memory: https://app.forexliteoptions.com/core/database/xero/css/hover.css
Source: Final_report_2020.html	String found in binary or memory: https://app.forexliteoptions.com/core/database/xero/images/8.jpg
Source: Final_report_2020.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/md5.js
Source: Final_report_2020.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/core.min.js
Source: Final_report_2020.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: Final_report_2020.html	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: Final_report_2020.html	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: Final_report_2020.html	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: Final_report_2020.html	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHxw.woff)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: hover[1].css.2.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: Final_report_2020.html	String found in binary or memory: https://jf-soure.pt/media/viper/send.php
Source: 585b051251[1].js.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: Final_report_2020.html	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: Final_report_2020.html	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: Final_report_2020.html	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: Final_report_2020.html	String found in binary or memory: https://outlook.office.com/mail/inbox
Source: Final_report_2020.html	String found in binary or memory: https://solutionsaec-my.sharepoint.com/:x:/g/personal/jblanquart_solutions-aec_com/Eco5JmDEVEFLtBrJ2

Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725

Source: classification engine

Classification label: mal60.phis.troj.winHTML@3/29@6/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF44D9FBA5FF02588F.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1488 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1488 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Remote Access Functionality:

Contains strings related to BOT control commands

Source: Final_report_2020.html

String found in binary or memory: window.location.href = href.replace(/]/g, '') + `#cmd=login_submit&id=${rand + rand}&session=${md5 + md5}`

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
198.54.115.249	unknown	United States		22612	NAMECHEAP-NETUS	false
104.16.18.94	unknown	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1

Contacted Domains

Name	IP	Active
cdnjs.cloudflare.com	104.16.18.94	true
app.forexliteoptions.com	198.54.115.249	true
ka-f.fontawesome.com	unknown	unknown
code.jquery.com	unknown	unknown
kit.fontawesome.com	unknown	unknown
maxcdn.bootstrapcdn.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/Final_report_2020.html	true		low

ID:	323914
Product:	CloudBasic
Start time:	20:59:34
Start date:	27.11.2020
Sample:	Final_report_2020.htm_
Cookbook:	defaultwindowshtmlcookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	0c764c478941b76371c019b9a1b7c607
SHA1:	81ca3948f11ecf4ffb266b9ef6e95ec708d3d7f1
SHA256:	898166e652d7b302eea1d3436e15fe47375e1bc8e3767a9f072d2f29adf82958
Filetype:	HyperText Markup Language (12001/1) 20.69%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9D350949-3136-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	039DF364F0D070E81973E98407504544	4A3DB568EA8E4D8D11360720DDF028505811CCFA	8000DE7408BD4CA2B1E81AFBCB2F3A8C492416CCC5D3D4852C4CD816114AEC0D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9D35094B-3136-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	4EB6629E12504618DBA64594F031CF9B	EF7FB0F2D5AE21B1AF39DF345FC880DF87D9F04B	8720A082DE7016476743E2DAF48622F1A5AD98A826FFF212C95F183EE4C62D1E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9D35094C-3136-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	67D6736B23C8C3B714A128C4B514525E	2CAC0BDB6E10D53A361905A941437A98EF453AEE	11F84F00B7B88924DF7ACBDC8626A176F8402EBDDB1543DBEB071EABE2500CE8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	FE98AC6ACE8069CF5953B916FCD1C1F7	19D2B4B4625EE4D7A70F8608651E4D86E7E58733	2F11AE2284EC1D41EBCD1050CB93707145DB6D85A196B31E2DB8760EC7079706
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	A1FCABBC7F9D0CCE96F35077296BC3F8	0DD3B7A6A73C1AECC17EDA9321866EA790B6FCC6	A631B6FEC48AF72A6A0F305EC8A4F6679D41A697783F7011DEEF34FB1CFAEF04
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	D48AE1923DE1C87373FEC438A336B763	83C28F4C7BE1B52870F0B9516A8A1DB44EAACD6E	A63BB78A6824CB99FF2DF71BFD1486DF448C67E5C1A5A8517A944BDDFC34923E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	B72C947926902F29A1C98A8A78D88A3B	801233466AC3B1AA4C118D16213B0B12C0859F99	9522CFA7EEC06EE508F8C2DF0FBDDA005FADBFA35C0D153E3558139ED808BC7E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	2286656A3A0D740B68206C4A1B8BB229	BFC9EF56BED17FE815A4FCCCF481A223EB540805	2295F0DB7585551A77C117D72060F66DC355FC28A322BBFD1F9255DDB20EE289
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	7C7A95A0B807A978A059480F454D17ED	44D138E977F457170A0BC99FDABC20635E39CD3B	A05F698B624F78C8D0C46A3E2F06B9D6171C1F50019ADD31D98A87FA7C2EB743
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	84B72785F4C86B76E9430B6A3F26A9FE	D9263F8578799C1AAF018628537FE3A0A198B97B	2AB0B6548EF2C598AB56C1C84B67437C7F57720805E89842B9E11CA6317094C0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	24AAD35FDB930D68315FB0F5371A121C	159D17B77083B08A276134110C29E895E7D09ACE	68B87F16A6BD5848AD86CD69AD49D5050D5F04299D8C96C98E2FAB555C171009
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	021FC7995873807AEA8E37AF27E5BA38	9E784AAA0C0CDA8159611742A7D5F7B43EA793EF	FD813B92F90E3CFE88FF5211270183020F612F605419D30385442A2EF32D52BA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\8[1].jpg	[TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1200x646, frames 3	F17B5B1163EFB6D2D47DE6BAE6D3A9CD	6D6964B34BC44C6D2B106ADE1AE675985B96D012	7829F065E0E10C8466F3D57766E0719421B7B652F6A1082F21B98702F1B28A30
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-3.1.1.min[1].js	ASCII text, with very long lines	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-3.2.1.slim.min[1].js	ASCII text, with very long lines	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].css	ASCII text, with very long lines	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].js	ASCII text, with very long lines	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\core.min[1].js	ASCII text, with very long lines, with no line terminators	E9325F1AECE67B8282928D85F07DE758	94C8B9CB36019463170593F85569B607B0722DA3	80D0635FE9783BEC07A43419DEB4E9969BF30A78F008386826C9723B7651F43C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery.min[1].js	ASCII text, with very long lines	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\md5[1].js	ASCII text	349498F298A6E6E6A85789D637E89109	E626C530154C07527ABCFB1F83B9EC578A81B234	97DC67431DBD3360EA838FECAD611A30F540F8389BBD15B89A1E14BA8DBB54AA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\popper.min[1].js	ASCII text, with very long lines	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\free-v4-shims.min[1].css	ASCII text, with very long lines	2E4C3DA4EAE1C876A281D6CA5A7A5B4C	92AD084AAB53B7AA8C761CD66BDFB1F79B9CAED7	CFFF9EA502195A7B96FE38DECA9188A59B758DEEECC2CD4E78AEA7D911E638C6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\free.min[1].css	ASCII text, with very long lines	319D424BA89A84BBD230A3B5F7024193	1AE1807CDED8F2E41D2541BCCA8E0D7077FBA6F4	4F02BD6F018D6F08C37C39F2D114101BEAC342C2C065046635E5ED0C42853590
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\585b051251[1].js	ASCII text, with very long lines	BA42298E76E6F714456BF30A3C080955	C4DA8F08824D48D16936871078DCDCEFF875137F	704E83D712675EF5372B082BC11DCE00C8E498836B383C4514099BA5E0B9F833
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].css	ASCII text	04F7435B2672FBE66984EA436E7087C6	44896875E69B297EB979CC0D3E8522D872656BA8	F9088C15A062F0C7708C3864C5E261A2E4961DFEB0F150DF744FAEC2E3B74AD6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\hover[1].css	ASCII text	FAC4178C15E5A86139C662DAFC809501	EF1481841399156A880EC31B07DDA9CFAA1ACE39	BB88454962767EB6F2DDB1AABAAF844D8A57DE7E8F848D7F6928F81B54998452
C:\Users\user\AppData\Local\Temp\~DF0BDE7E2723C6F460.TMP	data	A9CDCD5EE96DF6718A69C27C0D2BD9DF	0B6330AE9913D42C4D376DD587D3D419DCE8A5C4	0D2758F30C130118BA96D9BC06711D6E5A667E2B10AC860A0E0271D47719F31A
C:\Users\user\AppData\Local\Temp\~DF44D9FBA5FF02588F.TMP	data	3CD3F1C13855AE604F045B7283672887	2C429F60B6CC88FF3ED67B119247C161512050BF	F181BBAE0E8C56A9A25D3267BD2B482CF6748B4DE135A050BE53044FF8DC031D
C:\Users\user\AppData\Local\Temp\~DF9773F3BBCD74FE8F.TMP	data	8F6C6FD2175EF389086F9EAC8B9AC354	F6C8AF2F9DF694E48C97394F562F5B71B2C74ECF	359A2DE04E9C6F7B676DBEFBBC53A6E6E5809BCB3AF16A31BA243D231640AB2B

Analysis Report Final_report_2020.htm_

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Networking:

System Summary:

Remote Access Functionality:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs