Source: Yara match |
File source: 506407.0.links.csv, type: HTML |
Source: Yara match |
File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\wap[1].htm, type: DROPPED |
Source: https://itmddn.com/QUICKENFILE/micro.svg |
Matcher: Found strong image similarity, brand: Microsoft |
Jump to dropped file |
Source: https://itmddn.com/QUICKENFILE/wap.php?wap=4UY432 |
Matcher: Template: microsoft matched |
Source: https://itmddn.com/QUICKENFILE/wap.php?wap=4UY432 |
HTTP Parser: Number of links: 0 |
Source: https://itmddn.com/QUICKENFILE/wap.php?wap=4UY432 |
HTTP Parser: Number of links: 0 |
Source: https://itmddn.com/QUICKENFILE/wap.php?wap=4UY432 |
HTTP Parser: Title: 0auth does not match URL |
Source: https://itmddn.com/QUICKENFILE/wap.php?wap=4UY432 |
HTTP Parser: Title: 0auth does not match URL |
Source: https://itmddn.com/QUICKENFILE/wap.php?wap=4UY432 |
HTTP Parser: No <meta name="author".. found |
Source: https://itmddn.com/QUICKENFILE/wap.php?wap=4UY432 |
HTTP Parser: No <meta name="author".. found |
Source: https://itmddn.com/QUICKENFILE/wap.php?wap=4UY432 |
HTTP Parser: No <meta name="copyright".. found |
Source: https://itmddn.com/QUICKENFILE/wap.php?wap=4UY432 |
HTTP Parser: No <meta name="copyright".. found |
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll |
Jump to behavior |
Source: unknown |
HTTPS traffic detected: 52.58.148.216:443 -> 192.168.2.5:49720 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.58.148.216:443 -> 192.168.2.5:49719 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 103.205.64.138:443 -> 192.168.2.5:49722 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 103.205.64.138:443 -> 192.168.2.5:49721 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 103.205.64.138:443 -> 192.168.2.5:49728 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 103.205.64.138:443 -> 192.168.2.5:49730 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 103.205.64.138:443 -> 192.168.2.5:49729 version: TLS 1.2 |
Source: favicon[1].htm.3.dr |
String found in binary or memory: <li class="top_bar_contact_item"><a href="https://www.facebook.com/ITMddn" target="_blank" class="tooltip-bottom"> <i class="fa fa-facebook"></i></a></li> <li class="top_bar_contact_item"><a href="https://www.youtube.com/channel/UC0udGRFOTR-QX1c9ezgB6HQ" target="_blank" class="tooltip-bottom" ><i class="fa fa-youtube"></i></a></li> equals www.facebook.com (Facebook) |
Source: favicon[1].htm.3.dr |
String found in binary or memory: <li class="top_bar_contact_item"><a href="https://www.facebook.com/ITMddn" target="_blank" class="tooltip-bottom"> <i class="fa fa-facebook"></i></a></li> <li class="top_bar_contact_item"><a href="https://www.youtube.com/channel/UC0udGRFOTR-QX1c9ezgB6HQ" target="_blank" class="tooltip-bottom" ><i class="fa fa-youtube"></i></a></li> equals www.youtube.com (Youtube) |
Source: favicon[1].htm.3.dr |
String found in binary or memory: <p class="pb-10 pr-30 res-575-pr-0" align="justify"><iframe allow="autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share" allowfullscreen="true" frameborder="0" height="300" scrolling="no" src="https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FITMddn&tabs=timeline&width=340&height=300&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId" style="border:none;overflow:hidden" width="100%"></iframe> equals www.facebook.com (Facebook) |
Source: favicon[1].htm.3.dr |
String found in binary or memory: <a href="https://www.facebook.com/" target="_blank" ><i class="fa fa-facebook"></i> </a> <i class="fa fa-angle-double-up scroll-top"></i> equals www.facebook.com (Facebook) |
Source: unknown |
DNS traffic detected: queries for: linkprotect.cudasvc.com |
Source: favicon[1].htm.3.dr |
String found in binary or memory: http://cm.uk.gov.in/ |
Source: favicon[1].htm.3.dr |
String found in binary or memory: http://hitwebcounter.com/counter/counter.php?page=7055334&style=0007&nbdigits=9&type=ip&initCount=10 |
Source: favicon[1].htm.3.dr |
String found in binary or memory: http://itmddn.com/itm-prospectus-2021-final.pdf |
Source: favicon[1].htm.3.dr |
String found in binary or memory: http://mail.ptcul.org/ |
Source: favicon[1].htm.3.dr |
String found in binary or memory: http://uktenders.gov.in/nicgep/app |
Source: favicon[1].htm.3.dr |
String found in binary or memory: http://webline.co.in/itm/document/application-form-itm.pdf |
Source: favicon[1].htm.3.dr |
String found in binary or memory: http://www.governoruk.gov.in/ |
Source: favicon[1].htm.3.dr |
String found in binary or memory: http://www.hitwebcounter.com |
Source: favicon[1].htm.3.dr |
String found in binary or memory: http://www.ptcul.org. |
Source: favicon[1].htm.3.dr |
String found in binary or memory: http://www.ptcul.org/noc/ |
Source: favicon[1].htm.3.dr |
String found in binary or memory: https://code.jquery.com/ui/1.12.1/jquery-ui.js |
Source: QUICKENLOANPayoffST[1].htm.3.dr |
String found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTvJ9LhHlll4c4Y8v0G3PBpvTXnyhiRdLTsXT7Jtk3ZR7YL |
Source: favicon[1].htm.3.dr |
String found in binary or memory: https://forms.eduqfix.com/insttechmgt/add |
Source: {F25EFFC2-CB0F-11EB-90E5-ECF4BB570DC9}.dat.2.dr |
String found in binary or memory: https://itmddn.com/QUI |
Source: QUICKENLOANPayoffST[1].htm.3.dr |
String found in binary or memory: https://itmddn.com/QUICKENFILE/wap.php?wap=4UY432 |
Source: {F25EFFC2-CB0F-11EB-90E5-ECF4BB570DC9}.dat.2.dr |
String found in binary or memory: https://itmddn.com/QUIQUICKENLOANPayoffST.htmlCKENFILE/wap.php?wap=4UY432Root |
Source: favicon[1].htm.3.dr |
String found in binary or memory: https://noc.uksldc.in/ |
Source: data[1].js.3.dr |
String found in binary or memory: https://outlook.live.com/owa/ |
Source: favicon[1].htm.3.dr |
String found in binary or memory: https://webline.in/ |
Source: favicon[1].htm.3.dr |
String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-127582903-1 |
Source: favicon[1].htm.3.dr |
String found in binary or memory: https://www.itmddn.com/itm-prospectus-2020-final.pdf |
Source: favicon[1].htm.3.dr |
String found in binary or memory: https://www.itmddn.online |
Source: {F25EFFC2-CB0F-11EB-90E5-ECF4BB570DC9}.dat.2.dr, ~DF74B79FAF2663A557.TMP.2.dr |
String found in binary or memory: https://www.ptcul.org/QUICKENLOANPayoffST.html |
Source: {F25EFFC2-CB0F-11EB-90E5-ECF4BB570DC9}.dat.2.dr |
String found in binary or memory: https://www.ptcul.org/QUICKENLOANPayoffST.html.Quicken |
Source: {F25EFFC2-CB0F-11EB-90E5-ECF4BB570DC9}.dat.2.dr |
String found in binary or memory: https://www.ptcul.org/QUICKENLOANPayoffST.htmlRoot |
Source: ~DF74B79FAF2663A557.TMP.2.dr |
String found in binary or memory: https://www.ptcul.org/QUICKENLOANPayoffST.html~ |
Source: favicon[1].htm.3.dr |
String found in binary or memory: https://www.tenderwizard.com/ROOTAPP/PTCUL.jsp?enc%3DkphSKaWwsq080wYCvjz4XVKhb65%2B2glBBqQTdlDr%2BwA |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49722 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49721 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49731 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49731 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49729 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49728 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49721 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49719 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49722 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49719 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49729 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49728 |
Source: unknown |
HTTPS traffic detected: 52.58.148.216:443 -> 192.168.2.5:49720 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.58.148.216:443 -> 192.168.2.5:49719 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 103.205.64.138:443 -> 192.168.2.5:49722 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 103.205.64.138:443 -> 192.168.2.5:49721 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 103.205.64.138:443 -> 192.168.2.5:49728 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 103.205.64.138:443 -> 192.168.2.5:49730 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 103.205.64.138:443 -> 192.168.2.5:49729 version: TLS 1.2 |
Source: classification engine |
Classification label: mal56.phis.win@3/14@4/2 |
Source: C:\Program Files\internet explorer\iexplore.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F25EFFC0-CB0F-11EB-90E5-ECF4BB570DC9}.dat |
Jump to behavior |
Source: C:\Program Files\internet explorer\iexplore.exe |
File created: C:\Users\user\AppData\Local\Temp\~DF25C900E5007E33CB.TMP |
Jump to behavior |
Source: C:\Program Files\internet explorer\iexplore.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: unknown |
Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding |
|
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5784 CREDAT:17410 /prefetch:2 |
|
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5784 CREDAT:17410 /prefetch:2 |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll |
Jump to behavior |
Source: {F25EFFC2-CB0F-11EB-90E5-ECF4BB570DC9}.dat.2.dr |
Binary or memory string: 1vv9apFA3TyTspd+VZIqEmUlPOUXEVmiNn9WsRkRDqbyXyWMFIRjrnyCIG6pMXbSLa0U1FF6ow86 |
Source: {F25EFFC2-CB0F-11EB-90E5-ECF4BB570DC9}.dat.2.dr |
Binary or memory string: VMohuekjNZ9GBlrdhCpr0hIFes3+pllsRaI5IlXqeMUZqPX1UuLc8ok8TR6JsAjnlXI2L9YX0TYQ |
Source: {F25EFFC2-CB0F-11EB-90E5-ECF4BB570DC9}.dat.2.dr |
Binary or memory string: /5NSUs3Zob/IovMCijIQWknCwq500z4BsK8+DnxH+7pk/enZQZJCwJdh5VC6d3iod8lRWhdl3yNK |