Analysis Report https://spark.adobe.com/page/ql80qXs9cgl3o/

Overview

General Information

Sample URL:	https://spark.adobe.com/page/ql80qXs9cgl3o/
Analysis ID:	404273
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 65.9.66.89:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.66.89:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.66.89:443 -> 192.168.2.6:49730 version: TLS 1.2

Source: scripts[1].js.2.dr	String found in binary or memory: if ($a.href.startsWith('https://www.facebook.')) { equals www.facebook.com (Facebook)
Source: scripts[1].js.2.dr	String found in binary or memory: if ($a.href.startsWith('https://www.linkedin.com')) { equals www.linkedin.com (Linkedin)
Source: scripts[1].js.2.dr	String found in binary or memory: if ($a.href.startsWith('https://www.youtube.com')) { equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: use.typekit.net

Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000132df
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000132e1
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000132e3
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000176ff
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017701
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017703
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017706
Source: scripts[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: express[1].htm.2.dr	String found in binary or memory: https://adobesparkpost.app.link/jsoIbkwCVeb
Source: express[1].htm.2.dr	String found in binary or memory: https://adobesparkpost.app.link/nfQW2NoCVeb
Source: express[1].htm.2.dr	String found in binary or memory: https://apps.apple.com/us/app/adobe-spark-post-create-stunning/id1051937863
Source: scripts[1].js.2.dr	String found in binary or memory: https://blog.adobespark.com/
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://p.typekit.net/p.gif
Source: {13BDDBCD-AD59-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://spark.adobe.co
Source: scripts[1].js.2.dr	String found in binary or memory: https://twitter.com
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/1da05b/0000000000000000000132df/27/
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/8f4e31/0000000000000000000132e3/27/
Source: scripts[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: scripts[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: scripts[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/d8f71f/0000000000000000000132e1/27/
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/
Source: scripts[1].js.2.dr	String found in binary or memory: https://www.facebook.
Source: scripts[1].js.2.dr	String found in binary or memory: https://www.instagram.com
Source: scripts[1].js.2.dr	String found in binary or memory: https://www.linkedin.com
Source: scripts[1].js.2.dr	String found in binary or memory: https://www.pinterest.
Source: scripts[1].js.2.dr	String found in binary or memory: https://www.youtube.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 65.9.66.89:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.66.89:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.66.89:443 -> 192.168.2.6:49730 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/32@2/1

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13BDDBCB-AD59-11EB-90E5-ECF4BB2D2496}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF88ABC3EC2C072926.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4316 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4316 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
65.9.66.89	spark.adobeprojectm.com	United States		16509	AMAZON-02US	false

Contacted Domains

Name	IP	Active
spark.adobeprojectm.com	65.9.66.89	true
use.typekit.net	unknown	unknown
p.typekit.net	unknown	unknown

ID:	404273
Product:	CloudBasic
Start time:	21:18:34
Start date:	04.05.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\spark.adobe[1].xml	ASCII text, with no line terminators	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IB42RK38\www.adobe[1].xml	ASCII text, with no line terminators	132294CA22370B52822C17DCB5BE3AF6	DD26B82638AD38AD471F7621A9EB79FED448A71C	451ABBE0AEFC000F49967DABF8D42344D146429F03C8C8D4AE5E33FF9963CF77
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13BDDBCB-AD59-11EB-90E5-ECF4BB2D2496}.dat	Microsoft Word Document	F2F8D3A1AF543051613C5A868850489F	49E3F72E929DC9F5E55549CCBB1CF86B2C3B971B	8158736C5054DFB3BBF82A03A292BC0801FF6C837F7FF35C8097C953A29D5B49
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13BDDBCD-AD59-11EB-90E5-ECF4BB2D2496}.dat	Microsoft Word Document	0BB5152DE431059AA0377DF011B2E06C	A73E4859239E9CDF1B08B53968DE81F8DD6671EC	25A7CAD4C4BC9478C9D3BC747BF8559ABA03A5DACA7390D04E30308E6A5A3DB6
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AABAF24-AD59-11EB-90E5-ECF4BB2D2496}.dat	Microsoft Word Document	0415F5E35BBCF76A1927BA505F2BC8E6	3F7309E95CF8CC3D4EFFD104575521386AF1FDA1	1D38B92F17DA55EFDCAE23410E2AC354B3A65933960E0F323DE5345BC77F5CF5
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat	data	D5A3A5AFB62136B46B7935CA55C430BF	FA4A601513B38BB626E4F2795526CC7573C54BB9	C126AA57A97F1FBADF673D3ED50AA3EAD912A2996630CCA183F4B6EE5570E493
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\7O7MVXIS.htm	HTML document, ASCII text	4694F3450C9406D96176366FE5288BCE	598B7D44048C31A32F62F1DD16115636A65CCB10	154C0CA6448DEA5DFBB2025635CD28797BE4A8948184EDA3ACB2CDCC9F70B9F7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\d[1]	Web Open Font Format, CFF, length 67148, version 0.0	227960928668E1D655DBAAAE5FE23C11	128EF93AB71A18BA1DB0855C165D050ED8702037	DFD5B4454E0BEF1EBBE0940DFA3BFB117BEE9E3DF150FA55BE633114816E7179
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\d[2]	Web Open Font Format, CFF, length 66304, version 0.0	9E6E819AE9D8993A2B10353EFF16497D	1410161D0CA8CA3966897CAB50E45A14B721C056	81B4B3BC1EFD4F08F212308D9727BC21A40E38B5464B6B25EBDE1B2E24D13F05
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\favicon[1].ico	MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel	B28BF60DD7E50B6DFFD394EBC0F9057A	9EA7EED87B689757780322989EF426AEFFDC8F7A	BF24C9E4D37F94D4BD2F870228FF421CA54B2949DB3391DBD3818EC0E6DB0F5F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\spark[1].svg	SVG Scalable Vector Graphics image	907B6C4171506C79784218007A40BA44	439E9CAF7CDC5B93A3CA412EC4EDA6338997644A	AC0A282DCE35E91B761D9E69142973C44CD495E468434DCF1AD249F498D00788
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\media_102523b575492841801eee551ccfbc5fca141ecdf[1].png	RIFF (little-endian) data, Web/P image	772490EB047C5C65E7330F3FB6F5667A	0DDB87B9A34F56EA10A21A6380EB41A8D099F29B	31A87540565B694BD962F57353178772EFFD54CE6EFCF8F8E69D1AF8D7D1AA66
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\media_1a3a5d0b4d3b4cdafd28d6e4e2582aa89694802d1[1].png	[none]x[none], YUV color, decoders should clamp	052165C682929705609F7693A800066F	A29DA6BBCA865268645015C4669E6003197578AD	DDCFB48F42BE1B0425CEF45361A5FD64F967484CD7925078A109B8522CA27644
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\media_1edd2ae4453e3478187f2c8b4963eb73bac41e495[1].png	[none]x[none], YUV color, decoders should clamp	1865D8BADE74D4ED8F4FD39F389A9330	829785B4A2D366B45F25AE9FE170B4C29AAF86D5	B560317586E901FC12C86874B1D2F3A08B1B6A4FD620354EF7E86861965E90F0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\p[1].gif	GIF image data, version 89a, 1 x 1	81144D75B3E69E9AA2FA3E9D83A64D03	F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC	9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\scripts[1].js	UTF-8 Unicode text	696D0CC440A9A38E23EE9B7B623060B8	70D6991B1983E3B7D1777429533C060982799FF6	338460BD7A0F7D02FBE0808DBD34F9B6062313EB86A82CE37355829C73BC7B23
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\sparkle[1].jpg	[TIFF image data, little-endian, direntries=1, copyright=prasongtakham - Fotolia], baseline, precision 8, 1048x1220, frames 3	AB8CE04630449D7E879067D69E50866C	BCEFB08C972A510CAFB7CFED4A95DD752A69AEB6	36C2625BEC8642B8109C72C20D2A44285855C47705B6E08A34748D61A6041A70
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\vtg4qoo[1].js	UTF-8 Unicode text, with very long lines	46700293FD68A3707BEAF54E63C4D9A8	5F1130A35AC5C767DF52A13CC14D412B0A1CC0E9	413B5751660E454D49C8430CBD09054C97E7B0560660B14892FF6048E4CDDE46
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\adobe-spark[1].png	PNG image data, 299 x 59, 8-bit/color RGBA, non-interlaced	95FC22E047BCEB4BFA6AEE7064399BBC	11A708485B7942104D06F2FFD0F1B6713F25F941	C91BD804CF36B68D89EAE5FAC4CD8F985563D322273462AF92607AB9927002F1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\d[1]	Web Open Font Format, CFF, length 66740, version 0.0	02BDAC466185E4E1161BBFAB2C066327	5C0C5E8BDB41694C8AD5605D5C1FFF7EB0702EBA	AC44BE8F65384DEF37D9091D668E54A4B79AB6A3156C5D8CFBD3268BEC558971
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\d[2]	Web Open Font Format, CFF, length 66508, version 0.0	49B061D6468547558176037211AA630C	B02FD5987ED77AF837699BB13C7E838018943423	F89C62C68380B4BB548E4E24E284348FE9E98730F54F7E0C8942F6AA3BE9DA37
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\express[1].htm	HTML document, UTF-8 Unicode text, with very long lines	2B51B2A95E670886D5FE8F6BA31D15C0	8D0BF64A9D4F43915E76A51883582716E0B6BB0E	CB03E38789436048C334D1E7A8F63D2490062E70A9B42A81DB82D28EBE001BD4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\sparkle-mobile[1].jpg	[TIFF image data, little-endian, direntries=1, copyright=prasongtakham - Fotolia], baseline, precision 8, 800x853, frames 3	C593E1A3F325847A5323407D0541A6D8	D0C6050C396DEDCAD0C555B36ED9C6F1561B590E	F401189E1BF233A2F84B43B9606182C8924556330A93E26421FAC5BF672071E4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\d[1]	Web Open Font Format, TrueType, length 25284, version 0.0	3A472B1A078B7B653C744CC55FAA5219	E9949514223E35D4A1E0515A312EC3664DEFDF33	8812CEB05FB855A78850BB1907BC621FC487CD6D54760AC8D821D760D3BBB9E3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\d[2]	Web Open Font Format, TrueType, length 24744, version 0.0	A14F6E1E3181DC10FDB66D2A7FB54CA7	605808488DD7FEC481400AA948F80E66189D25B5	A4B8520DF89E973A968FCD3CF78F742E073EA9645D03ACCF360EB4AB5E6E1001
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\d[3]	Web Open Font Format, CFF, length 23416, version 0.0	334521D5C314F6265FCA189A2114006F	F35719EE30117ADF919939AD46A98C9D3C6EEE45	B4D011E6CF7EBE571E4D0C9868CD972592987E13D5BE3DDBB69C67638323A237
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\marvel-error[1].css	ASCII text, with very long lines, with no line terminators	79B47B015C1477CD1BD76054F7714790	F2A370BFAE9826864EE658D08C7096309258674D	19236BBB9A1AD33D606EBBFF8140BB11EAE1B00325BBC79328AA4C84D3A5F8F1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\media_1414f90572f278eae7d49cf2222e9b7d0063180cd[1].png	RIFF (little-endian) data, Web/P image	160AAF0C588420621064BB8B738D0759	93DA63EC7D8E6EBC2DDB8F8552855A9DE0E51435	AA1D8FC359B75F9C0E622A3F74859AA3CC3C77B0F60FBEE5F86C869AD80FE96C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\styles[1].css	ASCII text	C0F349AF62FA2D1E725464B22D31CDCC	645A7814C3FBE9578EBFDEFF1327720E6AA322EF	32BB5493F1B51E6AE09315DB807602AAE9031356D170780D32D272098424FA74
C:\Users\user\AppData\Local\Temp\~DF88ABC3EC2C072926.TMP	data	C203DCBBCCDE77DA4CB1989C5B6218A3	89710CACE5B312CD789157B59DDCA16DD22ED342	75A3D8F80F55AF3E5CC17E2AD1C090541C997D8A283E4AE748213098065209CA
C:\Users\user\AppData\Local\Temp\~DFC7F34313F804349B.TMP	data	6727C74D698FFFCADBAD17FBD4A54C55	3707E1119CF799A9B43C71F55A455C582326AE85	FD8FE2ADCBF44CEA96A5A42AD04666011729B10F2480296802A461E82410FF01
C:\Users\user\AppData\Local\Temp\~DFF3DA1EF1686743C2.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA

Analysis Report https://spark.adobe.com/page/ql80qXs9cgl3o/

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains