Analysis Report https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/index.html

Overview

General Information

Sample URL:	https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/index.html
Analysis ID:	433166
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish7

Yara signature match

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/index.html

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on favicon image match)

Source: https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/index.html

Matcher: Template: onedrive matched with high similarity

Yara detected HtmlPhish7

Source: Yara match

File source: 088753.pages.csv, type: HTML

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.7:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.7:49713 version: TLS 1.2

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xdfdd8672,0x01d75ef4</date><accdate>0xdfdd8672,0x01d75ef4</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xdfdd8672,0x01d75ef4</date><accdate>0xdfdd8672,0x01d75ef4</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xdfe4ad77,0x01d75ef4</date><accdate>0xdfe4ad77,0x01d75ef4</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xdfe4ad77,0x01d75ef4</date><accdate>0xdfe4ad77,0x01d75ef4</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xdfe4ad77,0x01d75ef4</date><accdate>0xdfe4ad77,0x01d75ef4</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xdfe4ad77,0x01d75ef4</date><accdate>0xdfe4ad77,0x01d75ef4</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud

Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Source: ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://financialanalyst.org/Wealth%20Management%20Treatise.pdf
Source: style[1].css.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN8rsOUuhv.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN_r8OUuhv.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: {10CA994A-CAE8-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://jaquel988.s3.e
Source: ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/index.html
Source: {10CA994A-CAE8-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/index.htmlRoot
Source: ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/index.htmlWdtRWdtR
Source: ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/ndex.html
Source: ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/ndex.htmljaquel988.s3.e
Source: imagestore.dat.3.dr, ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://p.sfx.ms/images/favicon.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://p.sfx.ms/images/favicon.ico~
Source: ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/onedrive24/css/style.css
Source: ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/onedrive24/images/logo.png
Source: ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/onedrive24/images/mail.png
Source: ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/onedrive24/images/office.png
Source: ~DF817BDD5B6435F8E1.TMP.1.dr	String found in binary or memory: https://smtpro101.com/email-list/onedrive24/images/other.png

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.7:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.129:443 -> 192.168.2.7:49713 version: TLS 1.2

System Summary:

Yara signature match

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\index[1].htm, type: DROPPED

Matched rule: SUSP_Base64_Encoded_Hex_Encoded_Code date = 2019-04-29, author = Florian Roth, description = Detects hex encoded code that has been base64 encoded, score = https://www.nextron-systems.com/2019/04/29/spotlight-threat-hunting-yara-rule-example/

Source: classification engine

Classification label: mal64.phis.win@3/39@4/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{10CA9948-CAE8-11EB-90E6-ECF4BB82F7E0}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user~1\AppData\Local\Temp\~DF8FCD22B476545039.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2884 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2884 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
158.177.118.97	s3.eu-de.cloud-object-storage.appdomain.cloud	United States		36351	SOFTLAYERUS	false
172.67.194.129	smtpro101.com	United States		13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
smtpro101.com	172.67.194.129	true
s3.eu-de.cloud-object-storage.appdomain.cloud	158.177.118.97	true
jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud	unknown	unknown
p.sfx.ms	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/index.html	true		unknown
https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/	true		unknown

ID:	433166
Product:	CloudBasic
Start time:	12:05:13
Start date:	11.06.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{10CA9948-CAE8-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	964E7848B64D64FD01A596FB10117548	CEEBC3C8BE60FBC0948F9B1339EC6C15E62C441D	C3692F4FF078EE2784CF8210022BEC91B4E37BD06FDD329B2CB26126BEE2E68C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{10CA994A-CAE8-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	02316940FEF2E99BDAD25F92AD05F35F	FD83A9E950AEF0EEB19A0EA0C9A05A868F896ED0	5E4CDD4040F34AD99B0DCC0B921EFEAE60AD92914423103663D5CDA24E6F4DCA
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{10CA994B-CAE8-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	6E62D547275E1B71726FE4DF2F6260E3	A3CE9155F90949F5E3E53C9EDD1CEA74C6D66659	859F5063EE5C82EFC81E5B1A5573DC95E34C4B6B229813C32A7E8ADB4F0D4D58
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	B87899750FC46C9EA8A584A9AEC1EF08	DC6AC172314F8A5D2F4A8583B2F6928B4F0AB863	1ED879034549FBCE83BE57B31157F42DAC9156B17551DBAE57AB7BB2C1BB2D2A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	3A5F445129596A77CB4C3B241D14B7CD	82066F2688315431A3D316A58CC29A1282348EC7	BF8DB4B41C3679900FC06336086AA6B66AB5841C72A5748BA1C8ACF67914FC10
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	AB117BDC05399032ACB00BA5E0D893B8	6675EF025083C103E356ECB88BFD54EDDE288A65	431F477A7027224C8B273BA7B6F4843A112BEFDF82535D8819C08646F58F149B
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	0BD9F63B4D5E716BBB0A402C5653CFF1	323ACEE4493CDFE9DB19FCDD4B58E14FAE2B1968	D6F0C832F992966F06BE3208889A595D51C76A95F2660330FDA288A4F79C7FAE
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	015AD94F7331EDD9387811703B46F881	DCBF5895EE92BA3D0EAA65835FEB13F6D3113AEF	2704E384582FF8CEECFCDCBC3D27D6048973ADEFE9F03EBB22B7819BD4ED61CF
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	CE17CBB739269224ACDBBA0A29E45069	D9308297BD6BFA60FE4F2A17186C8ABB2240EA72	C9B21784223C34E4F1880CD7592A9699F3C4CD0379862870222A9AA91CFAF17D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	801F68E610BFE48BCF32CBF2CF99BA94	D72FBFFBE541D4B56995FE92B8B55FDD075C9701	D420746D031118F1DB5388270CAA86049E6CC778ED133AC92A7D63499FD35498
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	D4F4F159B362CFEC99044303A8BFE361	DD1846A7CFDE7E436F90720B0AF9430DF0D00964	E1458BDAA970B1D39931C9CD424E52339F0E593FC376F62A885D2554F2DB5869
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	EF471CD375294C5E9EB668611CE27A34	F443BB969FCBC3C9D2E2D48C1D625539AEE4E5A0	B0B53FB35D09DE5B8A27F9B128814B0CB9C24255E2E990896381B970670638C3
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\po60zt0\imagestore.dat	data	3FADD78460071B61C1657FDA90FF6CAD	71FFC69867AAC5440DF050317684397C94159E3B	26FBD6F501A4DC5D698CB70D686F0646C2CAAC1C7E4AABC813775F12AB5691A8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	C4F558C4C8B56858F15C09037CD6625A	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	9234071287E637F85D721463C488704C	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	F65C729DC2D457B7A1093813F1253192	5006C9B50108CF582BE308411B157574E5A893FC	B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\logo[1].png	PNG image data, 614 x 99, 8-bit/color RGBA, non-interlaced	B9E0CB858FDE5DD52A24A778117CDE17	37201F5E24101086FE31723682D7D272239AF68A	CEEBEBB8EC47C3DF4D5BE124172A7A5A8B7C36FE06C763DFE83DCF4AAE8F196E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\mem5YaGs126MiZpBA-UN8rsOUuhv[1].woff	Web Open Font Format, TrueType, length 19160, version 1.1	ADC0530936D8C9AA4279699007BBBEDB	A25B788600D5F280B0B79A93BC1116A667BAC7D6	012A20DD3CC6D96015C9D5896EEA6DA97D841E940ABA5F13BC0C43AB6F9D0FB0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\other[1].png	PNG image data, 58 x 57, 8-bit/color RGBA, non-interlaced	19CD5323D5A865556D1B376B138943CA	51F8A684C0A81F39A7CDCEB9AB571779E22249D4	047EA480D8211A17ABC7A38796B9256B2A4EDB71359E08A27AFB7A8FFD62E9B8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	F4FE1CB77E758E1BA56B8A8EC20417C5	F4EDA06901EDB98633A686B11D02F4925F827BF0	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	20F0110ED5E4E0D5384A496E4880139B	51F5FC61D8BF19100DF0F8AADAA57FCD9C086255	1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	5565250FCC163AA3A79F0B746416CE69	B97CC66471FCDEE07D0EE36C7FB03F342C231F8F	51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\mail[1].png	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced	E9A5FDDD238F477B593BB8DAB9E57B8D	71529D809FEF04E915AC2E612B1D68A603519952	441BF5881CFC7981120F5A580A3B589AC3C0EE1EB34969BA7E5EB244848B6618
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\office[1].png	PNG image data, 59 x 57, 8-bit/color RGBA, non-interlaced	042162A5CA4A1DF68C62300EEE6DEBE5	DA350F13A9E6DD54360B5ED37448F45008D56AAB	9B2E23A6E42034739DD17783B32353F686A39B41FC35B8FAD0512AE1B8187773
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\style[1].css	ASCII text	4759A07FB3E87A006F4FA5964D43E007	296E8E858C7EC4C6D02DD5015CDE4BB6698BFA64	B889F7E8F7D699FFF5C88282460F396FA9879C9989ABFE4152203E63BDCE1F00
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\css[1].css	ASCII text	6CCD7A6481FE05ABBE2E9C65885F3D0F	B5BEB16913D689DFC6C41263A7E6D7D6981DB7CF	24EA56A70DEEC323D7B7172B626D84816B5168CE97B3B32199AA76BA2ED2BD21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\index[1].htm	HTML document, ASCII text, with very long lines, with no line terminators	59A11FA3D43BBBB119EC098BB22374D6	A82EEB22B4533294CFBD5626BDA10DC67523D5B0	78A2AFF146A65E8704D3EE6DBC3BFD763E92E28B021E12122784501B7C0AEFB6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\mem5YaGs126MiZpBA-UN7rgOUuhv[1].woff	Web Open Font Format, TrueType, length 19008, version 1.1	396C9555F9EADB66270C25FC3157743F	D834DA7E230D9798071F8FABD0DB49ECD0A24BCC	463DA44840BB99F312F92DBA6F39D259DD2669C9A2E45EB8086037B60EF31DED
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\mem5YaGs126MiZpBA-UN_r8OUuhv[1].woff	Web Open Font Format, TrueType, length 18744, version 1.1	2A6051095E2330FB1A45B836E3BA038E	1DA733C279AA12C3D8857AED80CD910C2B209EAE	C98B647124C63DEA93B52BCF6A97A76A6944B9894DC0377B70F8C3B47D91382A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\mem5YaGs126MiZpBA-UNirkOUuhv[1].woff	Web Open Font Format, TrueType, length 18784, version 1.1	CA0CC58FE4C481D2486F836E8B7ACD98	B9988071248F824BA2D5FA88CB16DA1971AA0945	B332B402229655660F0DDC7D916618F44ACA71D0ECAA68A1DF7B5AD5A5F1D6F9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\mem8YaGs126MiZpBA-UFVZ0d[1].woff	Web Open Font Format, TrueType, length 18160, version 1.1	20890DE1FB4E49EA0B36F058BCA1B7E7	023D6720D92A54A3BB0AB219818D2E6E6AAD24A7	C71180612EA84F5F9882D35DF024707E5B5E1BB18EFB2C8123FA5BDD30D3E079
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\bg[1].jpg	[TIFF image data, big-endian, direntries=4], baseline, precision 8, 1344x593, frames 3	69140B2DF170AB8F02BCA5A590429892	DF1BAB1FD894A3A3CF3C674CDD0BDA2137400CAD	DD0FA126F7E5F741EBE61874EBE37CEAD946357B1C1F2AFF0233F7BC0478D597
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	26F971D87CA00E23BD2D064524AEF838	7440BEFF2F4F8FABC9315608A13BF26CABAD27D9	1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	D65EC06F21C379C87040B83CC1ABAC6B	208D0A0BB775661758394BE7E4AFB18357E46C8B	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\favicon[1].ico	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	604ADFB53677B5CA4F910FFB131B3E7C	5F1A0FB4E4AD3707E591CE16352158263488ED70	24638331466A52BB66F912090E7A9CC9E3DF2236E39C187C9409104526B472B0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\jquery.min[1].js	ASCII text, with very long lines	A09E13EE94D51C524B7E2A728C7D4039	0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE	160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
C:\Users\user\AppData\Local\Temp\~DF0AAE2CFCCAAE8258.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DF817BDD5B6435F8E1.TMP	data	E00F5431FD2CA0F8303C86AE7649A66A	AC8D5DD5041764C4D19B9A37E5073548EBCA52EC	623B5E6D001E3DF6177053F6D9517B27FDFFAC03E73FFD63BFEBADE9031FF06E
C:\Users\user\AppData\Local\Temp\~DF8FCD22B476545039.TMP	data	F878F39F233B8ACE9249A4422D4D0319	DF829E624D968F1AF3BB68DEE348237F7E80FF22	346902A28282B37C2B4893963E002CB692FC2EAEE5C976FE7078101439B6CDBB

Analysis Report https://jaquel988.s3.eu-de.cloud-object-storage.appdomain.cloud/holistically/index.html

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs