Analysis Report https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us

Overview

General Information

Sample URL: https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us
Analysis ID: 356081

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Yara detected HtmlPhish_10
HTML body contains low number of good links
No HTML title found
URL contains potential PII (phishing indication)

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Source: https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us UrlScan: detection malicious, Label: phishing brand: generic email Perma Link
Antivirus detection for URL or domain
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us UrlScan: Label: phishing brand: generic email Perma Link
Multi AV Scanner detection for domain / URL
Source: nliwierfrf.gb.net Virustotal: Detection: 6% Perma Link
Source: www.politikesgeuseis.gr Virustotal: Detection: 7% Perma Link

Phishing:

barindex
Yara detected HtmlPhish_10
Source: Yara match File source: 618321.pages.csv, type: HTML
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm, type: DROPPED
HTML body contains low number of good links
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us HTTP Parser: Number of links: 0
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us HTTP Parser: Number of links: 0
No HTML title found
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us HTTP Parser: HTML title missing
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us HTTP Parser: HTML title missing
URL contains potential PII (phishing indication)
Source: https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us Sample URL: PII: gladhjef@wcps.k12.md.us
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us HTTP Parser: No <meta name="author".. found
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us HTTP Parser: No <meta name="author".. found
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us HTTP Parser: No <meta name="copyright".. found
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us HTTP Parser: No <meta name="copyright".. found

Compliance:

barindex
Uses new MSVCR Dlls
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Uses secure TLS version for HTTPS connections
Source: unknown HTTPS traffic detected: 104.129.25.9:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.129.25.9:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.214.201.112:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.214.201.112:443 -> 192.168.2.7:49746 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: nliwierfrf.gb.net
Source: font-awesome.min[1].css.2.dr String found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.2.dr String found in binary or memory: http://fontawesome.io/license
Source: bootstrap.min[1].css.2.dr String found in binary or memory: http://getbootstrap.com)
Source: popper.min[1].js.2.dr String found in binary or memory: http://opensource.org/licenses/MIT).
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://biffyeager.ru/bschbvdskchbeds3feb/next.php
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/bootstrap.min.css?alt=media&to
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/font-awesome.min.css?alt=media
Source: free.min[1].css.2.dr, free-fa-solid-900[1].eot.2.dr String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.2.dr String found in binary or memory: https://fontawesome.com/license/free
Source: free-fa-solid-900[1].eot.2.dr, free-fa-regular-400[1].eot.2.dr String found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: bootstrap.min[1].js.2.dr String found in binary or memory: https://getbootstrap.com)
Source: bootstrap.min[2].js.2.dr String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: 585b051251[1].js.2.dr String found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[1].js.2.dr String found in binary or memory: https://kit.fontawesome.com
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: ~DF2961C22C6FC71983.TMP.1.dr String found in binary or memory: https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr
Source: {8A4D8B89-755E-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef
Source: ~DF005E3F5BF1EF3E95.TMP.1.dr String found in binary or memory: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2c
Source: ~DF005E3F5BF1EF3E95.TMP.1.dr, QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm.2.dr String found in binary or memory: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d8
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://www.google.com/s2/favicons?domain=
Source: imagestore.dat.2.dr, QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr String found in binary or memory: https://www.google.com/s2/favicons?domain=dell.com?v=BUILD_HASH
Source: ~DF005E3F5BF1EF3E95.TMP.1.dr String found in binary or memory: https://www.politikesgeuseis.gr/cricl/oauth/site/service/demp.php?email=info
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 104.129.25.9:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.129.25.9:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.214.201.112:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.214.201.112:443 -> 192.168.2.7:49746 version: TLS 1.2
Source: classification engine Classification label: mal72.phis.win@3/31@9/3
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8A4D8B87-755E-11EB-90E6-ECF4BB82F7E0}.dat Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user~1\AppData\Local\Temp\~DFD481E1B3B9292EBF.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4340 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4340 CREDAT:17410 /prefetch:2 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 356081 URL: https://nliwierfrf.gb.net/x... Startdate: 22/02/2021 Architecture: WINDOWS Score: 72 20 Multi AV Scanner detection for domain / URL 2->20 22 Antivirus detection for URL or domain 2->22 24 Antivirus / Scanner detection for submitted sample 2->24 26 Yara detected HtmlPhish_10 2->26 6 iexplore.exe 1 51 2->6         started        process3 process4 8 iexplore.exe 2 60 6->8         started        dnsIp5 14 nliwierfrf.gb.net 104.129.25.9, 443, 49709, 49710 ASN-QUADRANET-GLOBALUS United States 8->14 16 www.politikesgeuseis.gr 35.214.201.112, 443, 49745, 49746 GOOGLE-2US United States 8->16 18 6 other IPs or domains 8->18 12 QXNpYQ==22-02-2021...sQA76eqgdF9Y[1].htm, HTML 8->12 dropped file6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.129.25.9
unknown United States
8100 ASN-QUADRANET-GLOBALUS true
35.214.201.112
unknown United States
19527 GOOGLE-2US false
104.16.18.94
unknown United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
nliwierfrf.gb.net 104.129.25.9 true
www.politikesgeuseis.gr 35.214.201.112 true
cdnjs.cloudflare.com 104.16.18.94 true
stackpath.bootstrapcdn.com unknown unknown
ka-f.fontawesome.com unknown unknown
code.jquery.com unknown unknown
kit.fontawesome.com unknown unknown
maxcdn.bootstrapcdn.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us true unknown
https://www.politikesgeuseis.gr/cricl/oauth/site/service/demp.php?email=info@dell.com# true
    unknown