Analysis Report https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealq

Overview

General Information

Sample URL: https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealq
Analysis ID: 356834
Infos:

Most interesting Screenshot:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealq SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://dy2ln.csb.app/ SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Compliance:

barindex
Uses new MSVCR Dlls
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Uses secure TLS version for HTTPS connections
Source: unknown HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.7:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.26.114:443 -> 192.168.2.7:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.26.114:443 -> 192.168.2.7:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49743 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: app.box.com
Source: preview[1].js.2.dr String found in binary or memory: http://blog.stevenlevithan.com/archives/parseuri
Source: preview[1].js.2.dr String found in binary or memory: http://jedwatson.github.io/classnames
Source: core.min[1].js.2.dr String found in binary or memory: http://rock.mit-license.org
Source: preview[1].js.2.dr String found in binary or memory: http://www.box.com)
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.c3tf7iumvvg3c3q6e7udjiq7o0yealqRoot
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.cRoot
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.chttps://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealq
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealq
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealqRGuardian
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealqRoot
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/android-chrome-192x192-96i97M.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-114x114-busq-D.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-120x120-K-u4U5.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-144x144-va9pYs.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-152x152-r5tWgh.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-180x180-tV001c.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-57x57-fLlEpj.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-60x60-Uv0qzu.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-72x72-7aVqne.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-76x76-ZVGnRV.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/browserconfig-fdBReK.xml
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-16x16-_kQSW4.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr, imagestore.dat.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-32x32-VwW37b.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-96x96-XU7UE1.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-yz-tj-.ico
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/manifest-rw1AEP.json
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/mstile-144x144-pllCM8.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-16x16-Ou5N87.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-32x32-brwW_W.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-96x96-TOQ9Kg.png
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-EHWWyP.ico
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/safari-pinned-tab-jyt2W4.svg
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/enduser/app.e93a3fd295.css
Source: messagecenter~preview-components~uploads-manager-enduser.a1ab85c9dd[1].css.2.dr String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff)
Source: messagecenter~preview-components~uploads-manager-enduser.a1ab85c9dd[1].css.2.dr String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff2)
Source: messagecenter~preview-components~uploads-manager-enduser.a1ab85c9dd[1].css.2.dr String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff)
Source: messagecenter~preview-components~uploads-manager-enduser.a1ab85c9dd[1].css.2.dr String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff2)
Source: 4c3tf7iumvvg3c3q6e7udjiq7o0yealq[1].htm.2.dr String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-woff.css
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/browserfs12/browserfs.min.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/common-sandbox.71780db40.chunk.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/default~app~embed~sandbox.cc6bf977b.chunk.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/sandbox-startup.788fc841a.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/sandbox.ba8055760.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~app~codemirror-editor~monaco-editor~sandbox.e68dd7bee.chunk
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~app~embed~sandbox-startup.10f5f18b4.chunk.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~app~sandbox.b5f1eee3a.chunk.js
Source: MUI8VD1X.htm.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~sandbox.4c1b5e5ac.chunk.js
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://dy2ln.csb.app/
Source: content[1].pdf.2.dr String found in binary or memory: https://dy2ln.csb.app/)
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://dy2ln.csb.app/3tf7iumvvg3c3q6e7udjiq7o0yealq
Source: {70671299-7640-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://dy2ln.csb.app/4c3tf7iumvvg3c3q6e7udjiq7o0yealq
Source: imagestore.dat.2.dr String found in binary or memory: https://dy2ln.csb.app/favicon.ico
Source: imagestore.dat.2.dr String found in binary or memory: https://dy2ln.csb.app/favicon.ico~
Source: preview[1].js.2.dr String found in binary or memory: https://feross.org
Source: preview[1].js.2.dr String found in binary or memory: https://github.com/derek-watson/jsUri
Source: core.min[1].js.2.dr String found in binary or memory: https://github.com/zloirock/core-js
Source: preview[1].js.2.dr String found in binary or memory: https://support.box.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.7:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.26.114:443 -> 192.168.2.7:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.26.114:443 -> 192.168.2.7:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.7:49743 version: TLS 1.2
Source: classification engine Classification label: mal56.win@3/63@7/5
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{70671297-7640-11EB-90E6-ECF4BB82F7E0}.dat Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user~1\AppData\Local\Temp\~DF06DEECED06AE8102.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:580 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:580 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 356834 URL: https://app.box.com/s/4c3tf... Startdate: 23/02/2021 Architecture: WINDOWS Score: 56 12 cdn01.boxcdn.net 2->12 20 Antivirus detection for URL or domain 2->20 22 Antivirus / Scanner detection for submitted sample 2->22 7 iexplore.exe 6 52 2->7         started        signatures3 process4 process5 9 iexplore.exe 8 95 7->9         started        dnsIp6 14 codesandbox.io 104.18.22.207, 443, 49741, 49742 CLOUDFLARENETUS United States 9->14 16 dy2ln.csb.app 104.18.26.114, 443, 49739, 49740 CLOUDFLARENETUS United States 9->16 18 4 other IPs or domains 9->18
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
185.235.236.200
 unknown Germany
33011 BOXNETUS false
104.18.22.207
 unknown United States
13335 CLOUDFLARENETUS false
185.235.236.197
 unknown Germany
33011 BOXNETUS false
185.235.236.201
 unknown Germany
33011 BOXNETUS false
104.18.26.114
 unknown United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
api.box.com 185.235.236.197 true
public.boxcloud.com 185.235.236.200 true
codesandbox.io 104.18.22.207 true
app.box.com 185.235.236.201 true
dy2ln.csb.app 104.18.26.114 true
cdn01.boxcdn.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://app.box.com/s/4c3tf7iumvvg3c3q6e7udjiq7o0yealq false
    		high
    https://dy2ln.csb.app/ true
    • SlashNext: Fake Login Page type: Phishing & Social Engineering
    		 unknown