Analysis Report _VM0_03064853.HtM

Overview

General Information

Sample Name:	_VM0_03064853.HtM
Analysis ID:	432925
MD5:	92e4da33dcd2719acc55db45b697e55a
SHA1:	eea5adf15a8d732ef1d588dd8008db60c234d95d
SHA256:	219829ff681bf8517b43528ebe319cbcd12905d41deae509c8a8c0bc5a613c2a
Infos:
Most interesting Screenshot:

Detection

Captcha Phish HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on shot template match)

Yara detected Captcha Phish

Yara detected HtmlPhish44

Performs DNS queries to domains with low reputation

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Signatures

Phishing:

Phishing site detected (based on shot template match)

Source: https://noname.vvtl-srv.xyz/main/

Matcher: Template: captcha matched

Yara detected Captcha Phish

Source: Yara match

File source: 305090.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match

File source: _VM0_03064853.HtM, type: SAMPLE

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 23.94.52.94:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.94.52.94:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49714 version: TLS 1.2

Networking:

Performs DNS queries to domains with low reputation

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

DNS query: noname.vvtl-srv.xyz

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 104.18.10.207 104.18.10.207

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x23245db3,0x01d75e8b</date><accdate>0x23245db3,0x01d75e8b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x23245db3,0x01d75e8b</date><accdate>0x23245db3,0x01d75e8b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x2358d131,0x01d75e8b</date><accdate>0x2358d131,0x01d75e8b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x2358d131,0x01d75e8b</date><accdate>0x2358d131,0x01d75e8b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x2358d131,0x01d75e8b</date><accdate>0x2358d131,0x01d75e8b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x2358d131,0x01d75e8b</date><accdate>0x2358d131,0x01d75e8b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: noname.vvtl-srv.xyz

Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf.2.dr, KFOmCnqEu92Fr1Mu4mxP[1].ttf.2.dr, KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: bootstrap.min[1].css.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: {4C644D00-CA7E-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://noname.vvtl-srs/Desktop/_VM0_03064853.HtMv.xyz/main/M0_03064853.HtMRoot
Source: ~DF1C90FA8CEB081D8F.TMP.1.dr, main[1].htm.2.dr	String found in binary or memory: https://noname.vvtl-srv.xyz/main/
Source: ~DF1C90FA8CEB081D8F.TMP.1.dr	String found in binary or memory: https://noname.vvtl-srv.xyz/main/Bhttps://noname.vvtl-srv.xyz/main/
Source: ~DF1C90FA8CEB081D8F.TMP.1.dr	String found in binary or memory: https://noname.vvtl-srv.xyz/main/M0_03064853.HtMd
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: main[1].htm0.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: main[1].htm0.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: recaptcha__en[1].js.2.dr, bframe[1].htm.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: ~DF1C90FA8CEB081D8F.TMP.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lcej-kaAAAAAL_Wy-oJMo5FTzZ65UGVugbtvlkh&co=aHR0
Source: ~DF1C90FA8CEB081D8F.TMP.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/bframe?hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&k=6Lcej-kaAAAAAL_Wy-oJ
Source: webworker[1].js.2.dr, bframe[1].htm.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js
Source: bframe[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/styles__ltr.css

Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 23.94.52.94:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.94.52.94:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49714 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.troj.winHTM@3/29@3/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4C644CFE-CA7E-11EB-90E5-ECF4BB570DC9}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFCA112C58FC16D456.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6320 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6320 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.18.10.207	stackpath.bootstrapcdn.com	United States		13335	CLOUDFLARENETUS	false
23.94.52.94	noname.vvtl-srv.xyz	United States		36352	AS-COLOCROSSINGUS	true

Contacted Domains

Name	IP	Active
stackpath.bootstrapcdn.com	104.18.10.207	true
noname.vvtl-srv.xyz	23.94.52.94	true
favicon.ico	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://noname.vvtl-srv.xyz/main/	true		unknown

ID:	432925
Product:	CloudBasic
Start time:	23:28:08
Start date:	10.06.2021
Sample:	_VM0_03064853.HtM
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	92e4da33dcd2719acc55db45b697e55a
SHA1:	eea5adf15a8d732ef1d588dd8008db60c234d95d
SHA256:	219829ff681bf8517b43528ebe319cbcd12905d41deae509c8a8c0bc5a613c2a

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DSW732N5\www.google[1].xml	ASCII text, with no line terminators	0134462F2FF5FD396FAD6793C0FABCE5	C7115689ED98922717B41E6816D8F8CFA916527C	0527626FDA8646338FD63AE823803F916892C905ADE0BC715ED7035FD943DEB1
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4C644CFE-CA7E-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	CADA37829CAC132055FF7DA579D3DB4F	594528F9DD7FC642A86C9048925EAD68B79A8160	F3B24651E5F010646D8906F74C7A16507A7F0A7E40124BC45786ECA89478FED9
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C644D00-CA7E-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	0098E76C1E954AC6C4CC828547717BCE	5DEB74D7080D6B8C08F59345FA9D7E9154619E14	25BCEE210EA7FF87082127C786FA7C334832096D7A34B9C67A2CCF3D08A5CA30
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5269EEE7-CA7E-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	CA2DAAFF7395BDB03D34DC02ADBC865B	E3A99D3C71969945561D2B9F0D5C54EA1A96D3B6	0E45152592518DAE3A4CF50E7CA93960BEAC78C5FCA88DE724D00A07476DD563
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	112CCE55F341110EE28B54CD681AD391	F6688BDD0B2A586C563125E05A25583965BC38B9	960AFADABB5834602CF300A116F61CBB62FF4DB9B11013F21D2A145378A82F8F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	048386CA584B71581BB5909D5E491C0B	0961A44DFBCD34B03AF95C7F7AE353DD48E003E4	93CF1F05795992C9A6CF0F9D7A82201E7284417CBFD7F0116F70F1DB4A26D1F3
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	47F11E1B2F08B28E826F5A1B1D697A15	5C56F73F9273A5A337CC061778B23A8A76EB627F	A22FD3BA6B8A94473D3767BF1BC6DF6597C925CBE897286F60E087B16869DA1E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	969056543B35D0D86B05CD6FBDB4B334	CF6E856F71C1387B0E055258E5859C0A57EEB8A3	02C0A74EE5E5863B25F4882CE1B06CEDFC27A46F4955D418D8A640BEADD38CD8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	80B6B2A39A9417574E7811488DEA83B3	6B862458F99F2DBB8D502AA58CBA6CE54FDEDC1B	3C6667B8758665FC3221163171A350024EBE341B9617898E4D910853D8917EC3
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	69665038865617691872D1621FA1DD88	633620A1CE86C4FB478C02ADEEC19DFBAE50D3BE	9323F5C7229FC25E546AD911F4673048F8584C432DC1021A22E20C8D932486B7
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	5D977747C37DC7FC74D26CCAC5034386	30A1B9F55B37AB1170F754CA105628561F4444ED	816657F5B9A2AC7673E85A9F9331EFC0FEACE48500BDAB033BE79005D4A63B5E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	457EC700FD6E2E2F3289D070B06A3B98	CB9241B1CF0EE6205C1324183A618F66BAC2BAFB	784826FA46B6A6A7EE7375F02706B4D8935AE00A9939C8DEFF61C7D9151D5ACB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	5F789D696F15AAACE8A372449075E171	5C8307435CE4D9FC01A7B09041733B589CD70E98	18353466AE90B1A699F980A964E4C00CE9B17CFD88C2CFE64F9D2782C2F9103F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\api[1].js	ASCII text, with very long lines, with no line terminators	CF53B22306EE06B534812A53D3D05132	A70176BE630BEA42DA4E4C1E5BE4913A14E26510	5E0DD79E80C5C235810A628CCEB4BE0610ACC96A33CF676ABB09AA266719728E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\webworker[1].js	ASCII text, with no line terminators	5DAD08199F07751D5FDFDFDDDA665BCE	A1E4DF09407F5002629A892D6C2409D57BDA6912	5A1B737B86A66360A825DF3C28F91CA2140A49954967A4F56CC3D90502E24897
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla	4D99B85FA964307056C1410F78F51439	F8E30A1A61011F1EE42435D7E18BA7E21D4EE894	01027695832F4A3850663C9E798EB03EADFD1462D0B76E7C5AC6465D2D77DBD0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\anchor[1].htm	HTML document, ASCII text, with very long lines	AE6A1DCD500A071E0FD497433EE22045	E598821187961520E179A13A05AAFAC96874C772	1FE7AC3BD374F31742A6968DF1B99845FD805923A8650DDD88BE4FC4D7D21351
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\bframe[1].htm	HTML document, ASCII text	2E7C50554EEB2F67EED2D45F1572D1C4	C363FD0D1F542EE6F9FD02E2A1C0AFA39AD1639C	82F2DE24DEEB0DA7D0CA8AE560ED60DE1E703F30171115D1AEFCBA102DB0B226
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\main[1].htm	HTML document, ASCII text	E9902A004494A7D6344D9782636A2C84	D7F92A5A3A5C6370B5EE4836AE645D008EAD6CA0	F0779DC815556DDD544CBAB55299C5827705FB302119F430BF84B73DFB4DB031
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\styles__ltr[1].css	ASCII text, with very long lines, with no line terminators	B1207A1EFB3FC87C56B8EEC39EC65B4C	C1F3A3A13E5D0595AC22227B12FEF4949C7C79E0	5FE20047C1CC1BE61A786D56C5C02B96453B9C60656D6C8429A1ADD79017E47F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me	4D88404F733741EAACFDA2E318840A98	49E0F3D32666AC36205F84AC7457030CA0A9D95F	B464107219AF95400AF44C949574D9617DE760E100712D4DEC8F51A76C50DDA1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\KFOmCnqEu92Fr1Mu4mxP[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht	372D0CC3288FE8E97DF49742BAEFCE90	754D9EAA4A009C42E8D6D40C632A1DAD6D44EC21	466989FD178CA6ED13641893B7003E5D6EC36E42C2A816DEE71F87B775EA097F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\recaptcha__en[1].js	ASCII text, with very long lines	28936BBDD08D5295ED2D058552DFB90B	2209BDB7B6CB70DAD606487A1475955663A08C07	734160057D9682A89035825F63793CD0F945523EFA3F8D33B8BEF89BD7BDEF5E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\bootstrap.min[1].css	ASCII text, with very long lines	A15C2AC3234AA8F6064EF9C1F7383C37	6E10354828454898FDA80F55F3DECB347FD9ED21	60B19E5DA6A9234FF9220668A5EC1125C157A268513256188EE80F2D2C8D8D36
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\logo_48[1].png	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\main[1].htm	HTML document, ASCII text, with CRLF line terminators	D54495DE0F404D43DE2F8F47CAEA21A9	0C5E4082F66137732EA34FCCB2D195BAF46E4735	2E5F1BD94E5ED235CFF509BCF219AD8956ADF0B78A50E78908BA8541C74144CE
C:\Users\user\AppData\Local\Temp\~DF1C90FA8CEB081D8F.TMP	data	03F70E4340179A8EF865744EC0329101	4F6E4DF6D9C65AC9EB89BDBDC4C67F777E56FEDA	B9E5AAE3B73F10DCE5283FE885FD3024937549DAF78F5B03DAF6775560237C0A
C:\Users\user\AppData\Local\Temp\~DFCA112C58FC16D456.TMP	data	426C6388F07C8575EE0BE8626E0988AF	8E6B3760BD2870A5778616357740B95860D59383	CDAC0BE097BADFD689AD45745B77289D2A00B99C291A3A3B6882B50D9FA0AC8B
C:\Users\user\AppData\Local\Temp\~DFF7BC578E1495B755.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA

Analysis Report _VM0_03064853.HtM

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs