Loading ...

Play interactive tourEdit tour

Analysis Report https://zrruqhmedbbghufdta.page.link/Go1D?17735551234

Overview

General Information

Sample URL:https://zrruqhmedbbghufdta.page.link/Go1D?17735551234
Analysis ID:429941
Infos:

Most interesting Screenshot:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain

Classification

Process Tree

  • System is w10x64
  • iexplore.exe (PID: 6752 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6816 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6752 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus detection for URL or domainShow sources
Source: https://chase.connectz02.com/P/LoginSlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 142.250.180.206:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.180.206:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.58.172:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.58.172:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.58.172:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.7.251:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.7.251:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.70.113:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.72.113:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.70.113:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.70.113:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.72.113:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.111.9.35:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.111.9.35:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.70.113:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.70.113:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.70.113:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.70.113:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.70.113:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.70.113:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.204.98.61:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.204.98.61:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.204.98.61:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.216.174.56:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.216.174.56:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.215.192.132:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.215.192.132:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.16.102:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.16.102:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.102.155:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.102.155:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.20.3:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.20.3:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.123.96:443 -> 192.168.2.4:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.123.96:443 -> 192.168.2.4:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.123.96:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.123.96:443 -> 192.168.2.4:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.123.96:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.123.96:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: connecty1.website
Source: 115003011431-Error-522[1].htm.2.drString found in binary or memory: <a title="Connect with us linkedin" class="linkedin" href="https://www.linkedin.com/company/cloudflare-inc-"> equals www.linkedin.com (Linkedin)
Source: 115003011431-Error-522[1].htm.2.drString found in binary or memory: <a title="Like us on facebook" class="facebook" href="https://www.facebook.com/Cloudflare/"> equals www.facebook.com (Facebook)
Source: 115003011431-Error-522[1].htm.2.drString found in binary or memory: <a title="Subscribe our channel on youtube" class="youtube" href="https://www.youtube.com/cloudflare"> equals www.youtube.com (Youtube)
Source: 5xx-error-landing[1].htm.2.drString found in binary or memory: "http://www.facebook.com/cloudflare", equals www.facebook.com (Facebook)
Source: 5xx-error-landing[1].htm.2.drString found in binary or memory: "http://www.twitter.com/cloudflare", equals www.twitter.com (Twitter)
Source: 5xx-error-landing[1].htm.2.drString found in binary or memory: "http://www.youtube.com/user/CloudflareTeam" equals www.youtube.com (Youtube)
Source: 5xx-error-landing[1].htm.2.drString found in binary or memory: "https://www.linkedin.com/company/cloudflare", equals www.linkedin.com (Linkedin)
Source: 115003011431-Error-522[1].htm.2.drString found in binary or memory: <li><a href="https://www.facebook.com/share.php?title=Troubleshooting+Cloudflare+5XX+errors&u=https%3A%2F%2Fsupport.cloudflare.com%2Fhc%2Fen-us%2Farticles%2F115003011431-Troubleshooting-Cloudflare-5XX-errors" class="share-facebook">Facebook</a></li> equals www.facebook.com (Facebook)
Source: 115003011431-Error-522[1].htm.2.drString found in binary or memory: <li><a href="https://www.linkedin.com/shareArticle?mini=true&source=Cloudflare&title=Troubleshooting+Cloudflare+5XX+errors&url=https%3A%2F%2Fsupport.cloudflare.com%2Fhc%2Fen-us%2Farticles%2F115003011431-Troubleshooting-Cloudflare-5XX-errors" class="share-linkedin">LinkedIn</a></li> equals www.linkedin.com (Linkedin)
Source: style[1].css.2.drString found in binary or memory: Follow: https://www.twitter.com/dizianaEngage equals www.twitter.com (Twitter)
Source: script[1].js.2.drString found in binary or memory: Follow: www.twitter.com/dizianaEngage equals www.twitter.com (Twitter)
Source: style[1].css.2.drString found in binary or memory: Like: https://www.facebook.com/diziana.engage equals www.facebook.com (Facebook)
Source: script[1].js.2.drString found in binary or memory: Like: www.facebook.com/Diziana.Engage equals www.facebook.com (Facebook)
Source: ef493f5fc3711bd1e6f7b876f3bfddeccbe99d36[1].js.2.drString found in binary or memory: Follow: https://www.twitter.com/dizianaEngage equals www.twitter.com (Twitter)
Source: ef493f5fc3711bd1e6f7b876f3bfddeccbe99d36[1].js.2.drString found in binary or memory: Like: https://www.facebook.com/diziana.engage equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: zrruqhmedbbghufdta.page.link
Source: chunk-5d677ef1b4eeb74635d3[1].js.2.drString found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: application-79172500fb4dbec2484043d570946543[1].css.2.drString found in binary or memory: http://dbushell.com/
Source: fa-solid-900[1].eot.2.drString found in binary or memory: http://fontello.com
Source: fa-brands-400[1].eot.2.dr, fa-regular-400[1].eot.2.dr, fa-solid-900[1].eot.2.drString found in binary or memory: http://fontello.comFont
Source: chunk-5d67