Analysis Report https://benenergie-dz.com/Adpadpsecurity/adp/

Overview

General Information

Sample URL:	https://benenergie-dz.com/Adpadpsecurity/adp/
Analysis ID:	383605
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://benenergie-dz.com/Adpadpsecurity/adp/

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish10

Source: Yara match

File source: 287400.pages.csv, type: HTML

Found iframes

Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Iframe src: assets/cookieStorage.html
Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Iframe src: assets/cookieStorage.html

HTML body contains low number of good links

Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Number of links: 0
Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Title: ADP does not match URL
Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Title: ADP does not match URL

Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: No <meta name="author".. found
Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: No <meta name="author".. found

Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: No <meta name="copyright".. found
Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 213.186.33.16:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.186.33.16:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.93.123:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.93.123:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.97.153:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.97.153:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.219.157:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.219.157:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49747 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: benenergie-dz.com

Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://bit.ly/2Ig9IgT
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://bit.ly/2jXZ13Y
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://bit.ly/2jXZ13Y.
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://bit.ly/adpdataprivacy
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://preferences-mgr.trustarc.com/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://preferences-mgr.trustarc.com/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://preferences.truste.com/truste/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://preferences.truste.com/truste/.
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://subscribe.adpinfo.com
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://subscribe.adpinfo.com/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://subscribe.adpinfo.com/.
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.adp.com/-/media/adp/privacy/pdf/A2CoBDC.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.adp.com/-/media/adp/privacy/pdf/bcrbc_de.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.allaboutdnt.org
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.allaboutdnt.org/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.allaboutdnt.org/.
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.google.com/policies/privacy/partners
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.google.com/policies/privacy/partners/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.networkadvertising.org
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.networkadvertising.org/consumer/opt_out.asp
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://adobe.ly/2Kn1NL2
Source: ~DFC3C7BA4BEC6C84EB.TMP.1.dr	String found in binary or memory: https://benenergie-dz.com/Adpadpsecurity/adp/
Source: wallet[1].js.2.dr	String found in binary or memory: https://benenergie-dz.com/Adpadpsecurity/adp/Admin/adp_panel
Source: {259BC250-9846-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://benenergie-dz.com/Adpadpsecurity/adp/Root
Source: ~DFC3C7BA4BEC6C84EB.TMP.1.dr	String found in binary or memory: https://benenergie-dz.com/Adpadpsecurity/adp/User
Source: ~DFC3C7BA4BEC6C84EB.TMP.1.dr	String found in binary or memory: https://benenergie-dz.com/Adpadpsecurity/adp/assets/cookieStorage.html
Source: adp_panel[1].htm.2.dr	String found in binary or memory: https://benenergie-dz.com:443/Adpadpsecurity/adp/Admin/adp_panel/?master=1&action=set&link=w
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://br.adp.com/-/media/adpbr/pdfs/privacy/privacy-brochure-portugues-setembro-2020.pdf
Source: adp[1].htm.2.dr	String found in binary or memory: https://html5boilerplate.com/
Source: adp[1].htm.2.dr	String found in binary or memory: https://online.adp.com/api/brand-service/v1/brands/image?productId=run&imageId=background.jpg&qu
Source: imagestore.dat.2.dr, adp[1].htm.2.dr	String found in binary or memory: https://online.adp.com/favicon.ico
Source: sm_o[1].js.2.dr, adp[1].htm.2.dr	String found in binary or memory: https://online.adp.com/signin/v1/?APPID=RUN&productId=80e309c3-70c3-bae1-e053-3505430b5495
Source: {259BC250-9846-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://privacy.adp.co
Source: ~DFC3C7BA4BEC6C84EB.TMP.1.dr, adp[1].htm.2.dr	String found in binary or memory: https://privacy.adp.com/privacy.html?locale=en_US
Source: adp[1].htm.2.dr	String found in binary or memory: https://s3.amazonaws.com/adp-vdl-pattern-library/images/login-background-8.jpg);
Source: cookieStorage[1].htm.2.dr	String found in binary or memory: https://wsv3cdn.audioeye.com/frame/cookieStorage.html?build=prod&pscb=d07065ef20fde9854cfab8d9af1173
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.ADP.com
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.ca/en/about-adp/data-privacy.aspx
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.ca/fr-ca/a-propos-adp/confidentialite-des-donnees.aspx
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/A2CoBDC.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/A2CoBDC2.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/A3CoPC3.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_de.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_en.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_es.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_fr.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_it.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_nl.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_pt.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_zh.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_cs.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_de.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_en.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_es.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_fr.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_fr_ca.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_it.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_nl.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_pl.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_pt.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_ro.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/glossary_de.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/glossary_en.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/who-we-are/pdf/adp-protecting-your-personal-data-globally.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/who-we-are/pdf/privacy-brochure_2019res.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/contact-us/privacy-form.aspx
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/dataprivacy
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/dataprivacy.
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/trust
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/trust.
Source: sm_o[1].js.2.dr	String found in binary or memory: https://www.halifax-online.co.uk/personal/logon/login.jsp
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.networkadvertising.org
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.networkadvertising.org/consumer/opt_out.asp

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 213.186.33.16:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.186.33.16:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.93.123:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.93.123:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.97.153:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.97.153:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.219.157:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.219.157:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49747 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@3/26@6/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF282BBDE131D5ABFA.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4084 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4084 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Run

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
213.186.33.16	benenergie-dz.com	France	16276	OVHFR	false
170.146.93.123	oneline.gslb2.adp.com	United States	14299	ADP1US	false
93.184.219.157	cs890.adn.psicdn.net	European Union	15133	EDGECASTUS	false
52.217.39.78	s3.amazonaws.com	United States	16509	AMAZON-02US	false
170.146.97.153	privacy.adp.com	United States	14299	ADP1US	false

Contacted Domains

Name	IP	Active
benenergie-dz.com	213.186.33.16	true
s3.amazonaws.com	52.217.39.78	true
oneline.gslb2.adp.com	170.146.93.123	true
privacy.adp.com	170.146.97.153	true
cs890.adn.psicdn.net	93.184.219.157	true
www.adp.com	unknown	unknown
online.adp.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://benenergie-dz.com/Adpadpsecurity/adp/	true		unknown

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://benenergie-dz.com/Adpadpsecurity/adp/

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish10

Source: Yara match

File source: 287400.pages.csv, type: HTML

Found iframes

Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Iframe src: assets/cookieStorage.html
Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Iframe src: assets/cookieStorage.html

HTML body contains low number of good links

Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Number of links: 0
Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Title: ADP does not match URL
Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: Title: ADP does not match URL

Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: No <meta name="author".. found
Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: No <meta name="author".. found

Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: No <meta name="copyright".. found
Source: https://benenergie-dz.com/Adpadpsecurity/adp/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 213.186.33.16:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.186.33.16:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.93.123:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.93.123:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.97.153:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.97.153:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.219.157:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.219.157:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49747 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: benenergie-dz.com

Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://bit.ly/2Ig9IgT
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://bit.ly/2jXZ13Y
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://bit.ly/2jXZ13Y.
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://bit.ly/adpdataprivacy
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://preferences-mgr.trustarc.com/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://preferences-mgr.trustarc.com/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://preferences.truste.com/truste/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://preferences.truste.com/truste/.
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://subscribe.adpinfo.com
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://subscribe.adpinfo.com/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://subscribe.adpinfo.com/.
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.adp.com/-/media/adp/privacy/pdf/A2CoBDC.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.adp.com/-/media/adp/privacy/pdf/bcrbc_de.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.allaboutdnt.org
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.allaboutdnt.org/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.allaboutdnt.org/.
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.google.com/policies/privacy/partners
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.google.com/policies/privacy/partners/
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.networkadvertising.org
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: http://www.networkadvertising.org/consumer/opt_out.asp
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://adobe.ly/2Kn1NL2
Source: ~DFC3C7BA4BEC6C84EB.TMP.1.dr	String found in binary or memory: https://benenergie-dz.com/Adpadpsecurity/adp/
Source: wallet[1].js.2.dr	String found in binary or memory: https://benenergie-dz.com/Adpadpsecurity/adp/Admin/adp_panel
Source: {259BC250-9846-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://benenergie-dz.com/Adpadpsecurity/adp/Root
Source: ~DFC3C7BA4BEC6C84EB.TMP.1.dr	String found in binary or memory: https://benenergie-dz.com/Adpadpsecurity/adp/User
Source: ~DFC3C7BA4BEC6C84EB.TMP.1.dr	String found in binary or memory: https://benenergie-dz.com/Adpadpsecurity/adp/assets/cookieStorage.html
Source: adp_panel[1].htm.2.dr	String found in binary or memory: https://benenergie-dz.com:443/Adpadpsecurity/adp/Admin/adp_panel/?master=1&action=set&link=w
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://br.adp.com/-/media/adpbr/pdfs/privacy/privacy-brochure-portugues-setembro-2020.pdf
Source: adp[1].htm.2.dr	String found in binary or memory: https://html5boilerplate.com/
Source: adp[1].htm.2.dr	String found in binary or memory: https://online.adp.com/api/brand-service/v1/brands/image?productId=run&imageId=background.jpg&qu
Source: imagestore.dat.2.dr, adp[1].htm.2.dr	String found in binary or memory: https://online.adp.com/favicon.ico
Source: sm_o[1].js.2.dr, adp[1].htm.2.dr	String found in binary or memory: https://online.adp.com/signin/v1/?APPID=RUN&productId=80e309c3-70c3-bae1-e053-3505430b5495
Source: {259BC250-9846-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://privacy.adp.co
Source: ~DFC3C7BA4BEC6C84EB.TMP.1.dr, adp[1].htm.2.dr	String found in binary or memory: https://privacy.adp.com/privacy.html?locale=en_US
Source: adp[1].htm.2.dr	String found in binary or memory: https://s3.amazonaws.com/adp-vdl-pattern-library/images/login-background-8.jpg);
Source: cookieStorage[1].htm.2.dr	String found in binary or memory: https://wsv3cdn.audioeye.com/frame/cookieStorage.html?build=prod&pscb=d07065ef20fde9854cfab8d9af1173
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.ADP.com
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.ca/en/about-adp/data-privacy.aspx
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.ca/fr-ca/a-propos-adp/confidentialite-des-donnees.aspx
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/A2CoBDC.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/A2CoBDC2.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/A3CoPC3.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_de.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_en.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_es.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_fr.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_it.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_nl.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_pt.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrbc_zh.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_cs.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_de.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_en.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_es.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_fr.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_fr_ca.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_it.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_nl.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_pl.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_pt.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/bcrpc_ro.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/glossary_de.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/adp/privacy/pdf/glossary_en.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/who-we-are/pdf/adp-protecting-your-personal-data-globally.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/-/media/who-we-are/pdf/privacy-brochure_2019res.pdf
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/contact-us/privacy-form.aspx
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/dataprivacy
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/dataprivacy.
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/trust
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.adp.com/trust.
Source: sm_o[1].js.2.dr	String found in binary or memory: https://www.halifax-online.co.uk/personal/logon/login.jsp
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.networkadvertising.org
Source: Intl_Privacy[1].xml.2.dr	String found in binary or memory: https://www.networkadvertising.org/consumer/opt_out.asp

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 213.186.33.16:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.186.33.16:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.93.123:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.93.123:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.97.153:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.146.97.153:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.219.157:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.219.157:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.39.78:443 -> 192.168.2.3:49747 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@3/26@6/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF282BBDE131D5ABFA.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4084 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4084 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Run

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	383605
Product:	CloudBasic
Start time:	01:40:18
Start date:	08.04.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{259BC24E-9846-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	345F5A06D41CF6E828A54BBBA00FC612	71FABD19B7D850D73F55608E2B597CA63EF1ECDD	1E8A46A9B4E80518D292F043E696109D9BE340FAE78492C7611A65D2396FAADE
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{259BC250-9846-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	A2C044C0A413C126A80FEA272E63EB6E	AE2A7BABE9E6F14017353A359426BD21ADDC7C71	57D55811F7F71BB36DC726AFB91D36716A0F759FFF32A2F742BD20BB60913DE7
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{259BC251-9846-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	EE83BE44434971BA5CDA6EB71675C492	41C0F5586C3228BF291794B21FA9E5E3F04550BD	91ED0C871B2498E9A7E509DEA5AF82E8321EA4DEED60CD28EC9139E9A364E6D9
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	BB668A668579D11394A274A177CEBB64	8EDE4D5340D84070DBFD30AA0D5A65A34C495548	138E9FC32800DAAF052D392876F535AE5B40F3C0CEB0342D6634CC853645D71F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Intl_Privacy[1].xml	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	A05F71B68A5CE91B6DAF95B41D7B9C9C	3C425B65EB745FAA5263D417B6A4C1FAC28D3BC3	45DF76B249F17067E9058B2A647ED6EF264485523A67F3E6FBF7654E17964D76
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\adp_panel[1].htm	HTML document, ASCII text, with very long lines	6DC3EADFB62CD24D39F6A1C18A16D1C8	91C70CE851A00E104CB39E29EF874C73844D6CF3	78A561314C791E29B5AE8F384865EBD8602A4A19851CFD3914949F8724D22D19
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ajax-loader[1].gif	GIF image data, version 89a, 100 x 100	F64B6F735C03431A65C7B211F55F5522	4D9A0C9E8D7AA20D6E6E3EA7881A41503028A7DA	325C9ABD3A010D95544F93D94A8AE5B9FAE2A70AFFB4BFA260DD161CBF2E295B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cookieStorage[1].htm	HTML document, ASCII text, with very long lines	5E7B291FB73B3717278F9DC183D16347	7F86A61C391912EBF4B3993121B4C7783C967B2E	9B17BE54691CA60C91EDD0292AE5D817C7A07BD516FB056593F4FB40B70A4718
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\proximanova-black-webfont[1].woff	Web Open Font Format, TrueType, length 27276, version 1.0	8A1F8AE0E66E8B05D20B577F0494B0B1	2E6F0FB2EEF1104532A6739676271707C62F5754	7F554560166B6CC3BFD0B52EB8D4A905C1FC39B12F4C03E50AB1ECC30FFEC598
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\proximanova-extrabold-webfont[1].woff	Web Open Font Format, TrueType, length 28244, version 1.0	59A94B00D15CCB7D294A261861D16736	C7AB19D6971B9C3D5C092B34AD579B239B44DEC4	24915FB6F1E66132E8256A9FB74263C27AF4FE20F36991A012A1A8398BCD27CC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\image[1]	PNG image data, 380 x 70, 8-bit/color RGBA, non-interlaced	CF71F92D0A1EF1FBF8C35DDFA1A8C06C	258F7B5E9D6730523F7BF435582A1C452CCE4A0C	101EAF8B91FBB7D429B648AD9E45ECB4CAC2988CC01031809EE77CC37222FEC6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\privacy[1].htm	HTML document, ASCII text	3BF8C09F5C4048D9F2CF15B099D219F2	DE43BDADD5E8CB89EA912EE0FAF0ABA959B9034A	C845C750ED38077370CA93989405F6292FA96F3C9280D6D7EAEA2C4E5B8AB730
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\proximanova-bold-webfont[1].woff	Web Open Font Format, TrueType, length 28096, version 1.0	85AA269C919F44697510F8CA09A14D8D	66D4545382A0A427D1DA84466F5EDB7F7F86E430	3A928C95AF30E144E6A76EE9B447C199F8740F25F92F1DE4141C668A0A4D704C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\proximanova-regular-webfont[1].woff	Web Open Font Format, TrueType, length 27408, version 1.0	57ACD3677D276AD405BB6838D2B120D5	28DDCB11DB39DECD83F0D5090646BF96CE687A8E	9E0843DBF1DC0D65A75182A82B945A9373557932E61934C27679C357F20C33A9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\wallet[1].js	UTF-8 Unicode text, with CRLF line terminators	8E574104AF51DCA0DAC469FCEF4F7A82	3921F75CDFE52BBD65257E0DE62AE1C086EB9D50	6CFD6329409A7F54DD77AF86A5043D7120B5A40F807FB8295B084A5BDA1E7BAD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\image[1].jpg	PNG image data, 500 x 500, 8-bit/color RGB, non-interlaced	8D311B2F499A363CF0A8BF8B0D4666F9	016087DFF469CC538A5E255FCB8673FD7E8CCAA4	99B3C679C82B305E00F60484F17BB2B214B51EBB711A3DAE216769CDADB3FC26
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\privacy-policy[1].css	ASCII text, with very long lines, with no line terminators	B168B23198FE7E22D68199D60437EB9B	23710045D56EC021F067FA3F0F1D4FD1BD76767C	0EE49AA856117C7C572AD73EA78199825F19C137CCD12943F5FDD8A0948BBB23
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\privacy-policy[1].js	ASCII text, with very long lines, with no line terminators	E2D2D3B997270270B0161A6D19B7F57C	89BAF4251D009AF5F5BBDE3E9F6F07ADD95C7182	B05E47B8804D1289710C1B97F40DFC3704221BE0DE127323C4A83879360D4903
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sm_o[1].js	ASCII text, with very long lines	2D008C300D73CBB2ACC176574817E70B	6AD8822EFB5D284203DABF57A4BDD0ECBCFC742B	1387B88FBCD2F98F4E8A93CDBDE4ECD7AA02D0A40F046D2828CDD01C1A5C4C13
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\adp[1].htm	HTML document, UTF-8 Unicode text, with very long lines	3045AF96056BC00BF3FDE5C37ADD3353	6D5ADCFC74C67539BD5336F4A30926E200557BC8	5095F917815CD9D25834509860EE15FA3415212751A98117FA888D72F5CDA32B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[1].ico	MS Windows icon resource - 2 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel	537748BDCF130E6E489318FD421EEDB1	16F047013933C79C5AF60072D338EBD335C40957	D4C7BDE9E51770F84EEDB2F86EF50DF3FCCE637A916F912208F2F06E2B517902
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\logo-adp-fy19.299df579[1].svg	SVG Scalable Vector Graphics image	299DF579D9D34C79B471C93B1086A126	D1B4CDFDA5531A91B85195645757EF02CD4DDC93	D34EB6787C5B2D7A7AA8337C8F7067FA74C773498B70DD3CB5CBAEA81C3218F1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\proximanova-semibold-webfont[1].woff	Web Open Font Format, TrueType, length 27384, version 1.0	0D8AA0228AFF028A95002E6CB6376DAF	48DF04E9EAF6C4AF81F29D08C3D62D3587F522CE	44EE3C16BDAB414515C263D9BE931D78EABF03507A5FB42E6881FE4D14277398
C:\Users\user\AppData\Local\Temp\~DF282BBDE131D5ABFA.TMP	data	E88A40B17F5FBB50FD991D28F04FC276	9961C5959E016846F92C66F4B23CE3798E5A1342	4FE63B171E58317F41EB29999609433983771E9DE9CF9B2D31E5258DE92FB1F1
C:\Users\user\AppData\Local\Temp\~DF3438F0C932F5036B.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DFC3C7BA4BEC6C84EB.TMP	data	0911B79EFF937807D26B58DD8C6C0EF9	40237FC39DD0B37EB2F4F71A7780835F3E578F25	1D25A8ECF17A716F35F48EF2DDC0B818FA62A77FFDCC9DE6185396A5145D414A

Analysis Report https://benenergie-dz.com/Adpadpsecurity/adp/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs