Loading ...

Play interactive tourEdit tour

Analysis Report https://1drv.ms:443/o/s!BPlqEAvSnD9FhF2O8mEJ2egpMWSY?e=fOTayHsLEEiU05h11yffVA&at=9

Overview

General Information

Sample URL:https://1drv.ms:443/o/s!BPlqEAvSnD9FhF2O8mEJ2egpMWSY?e=fOTayHsLEEiU05h11yffVA&at=9
Analysis ID:433011
Infos:

Most interesting Screenshot:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain

Classification

Process Tree

  • System is w10x64
  • iexplore.exe (PID: 5424 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5124 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5424 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 488 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5424 CREDAT:82960 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 1392 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5424 CREDAT:17438 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • dllhost.exe (PID: 3468 cmdline: C:\Windows\system32\DllHost.exe /Processid:{49F171DD-B51A-40D3-9A6C-52D674CC729D} MD5: 2528137C6745C4EADD87817A1909677E)
    • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus detection for URL or domainShow sources
Source: https://onedrive.live.com/redir?resid=453F9CD20B106AF9%21605&authkey=%21Ao7yYQnZ6CkxZJg&page=View&wd=target%28New%20Section%201.one%7C80ad529f-1552-420d-bb5a-d50e6a192b23%2FLen%20Pearson%20%28ID%5C%29%7Cdbbfcf9d-1ae4-48ed-865e-22967eb5e535%2F%29SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 151.101.65.26:443 -> 192.168.2.3:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.65.26:443 -> 192.168.2.3:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49869 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49870 version: TLS 1.2
Source: unknownHTTPS traffic detected: 95.101.18.109:443 -> 192.168.2.3:49872 version: TLS 1.2
Source: unknownHTTPS traffic detected: 95.101.18.109:443 -> 192.168.2.3:49871 version: TLS 1.2
Source: unknownHTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49901 version: TLS 1.2
Source: unknownHTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49900 version: TLS 1.2
Source: Binary string: function wac_la(){this.h1b=-1;this.uTb=[];this.vG=new wac_fa;this.PDb=50}function wac_jaa(){try{if(wac_kaa)return window.performance.now()}catch(a){wac_kaa=!1}return-1} source: OneNote[1].js.3.dr
Source: Binary string: break;case 2:c=646039090;break;case 3:c=1825605114}c?(wac_Wj(c,"",b,8,0),wac_b(39978636,207,50,"Dialog action logged")):wac_b(51500119,207,15,"Dialog action ID not found for DialogButton value: ",a)}},SQb:function(a){if(wac__j()){var b={};b.WacSessionId=wac_.nf;b.ActionName=a;wac_b(35489762,207,50,JSON.stringify(b))}},WJd:function(){if(!wac_bh||!wac_bh.bXa||!wac_Jsa(this))return 16;wac_Ksa||(wac_Jsa(this).pDb("DialogMenuId","1245654357","844297214"),wac_Ksa=!0);var a=wac_hqa(wac_bh?wac_bh.bXa:null); source: OneNote[1].js.3.dr
Source: Binary string: else try{g=new wac_ca(h)}catch(y){}finally{g=null}var x=new wac_ba(l.getTime(),b,a,c,p,d,m,n,g);this.vG.EY(x)}finally{e||this.Lra--}wac_kaa&&(this.h1b+=wac_jaa()-k)}},ioc:function(a,b,c,d,e){if(!c&&1>=this.Lra){this.Lra++;try{this.zxa(a,b,10,1,!0,d,e,null)}finally{this.Lra--}}},fma:function(a,b){return b<=this.PDb},rPb:function(a){this.PDb=a},cpc:function(){this.uTb=[]},Qnc:function(a){this.uTb[a]=!0}};window.Diag.UULS=wac_aa.b9d=function(){}; source: OneNote[1].js.3.dr
Source: microsoft-office[1].htm.20.drString found in binary or memory: <img src="