Analysis Report https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealq

Overview

General Information

Sample URL: https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealq
Analysis ID: 356834
Infos:

Most interesting Screenshot:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealq SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://dy2ln.csb.app/ SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Compliance:

barindex
Uses new MSVCR Dlls
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Uses secure TLS version for HTTPS connections
Source: unknown HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.7:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.26.114:443 -> 192.168.2.7:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.26.114:443 -> 192.168.2.7:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49743 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: app.box.com
Source: preview[1].js.2.dr String found in binary or memory: http://blog.stevenlevithan.com/archives/parseuri
Source: preview[1].js.2.dr String found in binary or memory: http://jedwatson.github.io/classnames
Source: core.min[1].js.2.dr String found in binary or memory: http://rock.mit-license.org
Source: preview[1].js.2.dr String found in binary or memory: http://www.box.com)
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.c3tf7iumvvg3c3q6e7udjiq7o0yealqRoot
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.cRoot
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.chttps://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealq
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealq
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealqRGuardian
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealqRoot
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/android-chrome-192x192-96i97M.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-114x114-busq-D.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-120x120-K-u4U5.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-144x144-va9pYs.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-152x152-r5tWgh.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-180x180-tV001c.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-57x57-fLlEpj.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-60x60-Uv0qzu.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-72x72-7aVqne.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-76x76-ZVGnRV.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/browserconfig-fdBReK.xml
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-16x16-_kQSW4.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr, imagestore.dat.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-32x32-VwW37b.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-96x96-XU7UE1.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-yz-tj-.ico
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/manifest-rw1AEP.json
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/mstile-144x144-pllCM8.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-16x16-Ou5N87.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-32x32-brwW_W.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-96x96-TOQ9Kg.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-EHWWyP.ico
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/safari-pinned-tab-jyt2W4.svg
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/enduser/app.e93a3fd295.css
Source: messagecenter~preview-components~uploads-manager-enduser.a1ab85c9dd[1].css.2.dr String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff)
Source: messagecenter~preview-components~uploads-manager-enduser.a1ab85c9dd[1].css.2.dr String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff2)
Source: messagecenter~preview-components~uploads-manager-enduser.a1ab85c9dd[1].css.2.dr String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff)
Source: messagecenter~preview-components~uploads-manager-enduser.a1ab85c9dd[1].css.2.dr String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff2)
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-woff.css
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/browserfs12/browserfs.min.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/common-sandbox.71780db40.chunk.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/default~app~embed~sandbox.cc6bf977b.chunk.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/sandbox-startup.788fc841a.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/sandbox.ba8055760.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~app~codemirror-editor~monaco-editor~sandbox.e68dd7bee.chunk
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~app~embed~sandbox-startup.10f5f18b4.chunk.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~app~sandbox.b5f1eee3a.chunk.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~sandbox.4c1b5e5ac.chunk.js
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://dy2ln.csb.app/
Source: content[1].pdf.2.dr String found in binary or memory: https://dy2ln.csb.app/)
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://dy2ln.csb.app/3tf7iumvvg3c3q6e7udjiq7o0yealq
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://dy2ln.csb.app/4c3tf7iumvvg3c3q6e7udjiq7o0yealq
Source: imagestore.dat.2.dr String found in binary or memory: https://dy2ln.csb.app/favicon.ico
Source: imagestore.dat.2.dr String found in binary or memory: https://dy2ln.csb.app/favicon.ico~
Source: preview[1].js.2.dr String found in binary or memory: https://feross.org
Source: preview[1].js.2.dr String found in binary or memory: https://github.com/derek-watson/jsUri
Source: core.min[1].js.2.dr String found in binary or memory: https://github.com/zloirock/core-js
Source: preview[1].js.2.dr String found in binary or memory: https://support.box.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.7:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.26.114:443 -> 192.168.2.7:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.26.114:443 -> 192.168.2.7:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49743 version: TLS 1.2
Source: classification engine Classification label: mal56.win@3/63@7/5
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{70671297-7640-11EB-90E6-ECF4BB82F7E0}.dat Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user~1\AppData\Local\Temp\~DF06DEECED06AE8102.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:580 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:580 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior