Play interactive tour

Edit tour

Analysis Report HSBC_Payment_slip_for Outstanding 001005l.htm

Overview

General Information

Sample Name:	HSBC_Payment_slip_for Outstanding 001005l.htm
Analysis ID:	433446
MD5:	4d490578e6d7158c55b22cf08fff6384
SHA1:	427feb280f0642dedbe05b404629be31e2790885
SHA256:	e9eb31e4895d52c5e054b434c87de4ae4d3f0ff716d3b75edcf90dd270b31ee3
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Classification

Process Tree

System is w10x64

iexplore.exe (PID: 1636 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5488 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1636 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
HSBC_Payment_slip_for Outstanding 001005l.htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

Yara detected HtmlPhish10

Show sources

Source: Yara match	File source: HSBC_Payment_slip_for Outstanding 001005l.htm, type: SAMPLE
Source: Yara match	File source: 562258.pages.csv, type: HTML

Phishing site detected (based on logo template match)

Show sources

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm

Matcher: Template: microsoft matched

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Title: does not match URL
Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Title: does not match URL

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Form action: http://woohaa.io/boxx/actions.php
Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Form action: http://woohaa.io/boxx/actions.php

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x24f0cea7,0x01d75f40</date><accdate>0x24f0cea7,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x24f0cea7,0x01d75f40</date><accdate>0x24f0cea7,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: HSBC_Payment_slip_for Outstanding 001005l.htm	String found in binary or memory: http://woohaa.io/boxx/actions.php
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/

Source: classification engine

Classification label: mal52.phis.winHTM@3/15@0/0

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF3A844A3469AC02C7.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1636 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1636 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://woohaa.io/boxx/actions.php	0%	Virustotal		Browse
http://woohaa.io/boxx/actions.php	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	true		low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.wikipedia.com/	msapplication.xml6.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.amazon.com/	msapplication.xml.1.dr	false		high
http://www.nytimes.com/	msapplication.xml3.1.dr	false		high
http://www.live.com/	msapplication.xml2.1.dr	false		high
http://www.reddit.com/	msapplication.xml4.1.dr	false		high
http://www.twitter.com/	msapplication.xml5.1.dr	false		high
http://www.youtube.com/	msapplication.xml7.1.dr	false		high
http://woohaa.io/boxx/actions.php	HSBC_Payment_slip_for Outstanding 001005l.htm	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	433446
Start date:	11.06.2021
Start time:	21:03:57
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	HSBC_Payment_slip_for Outstanding 001005l.htm
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.winHTM@3/15@0/0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .htm
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe Excluded IPs from analysis (whitelisted): 13.88.21.125, 40.88.32.150, 88.221.62.148, 20.50.102.62, 152.199.19.161, 184.30.20.56, 20.54.26.129, 92.122.213.194, 92.122.213.247, 20.82.209.183 Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, ris.api.iris.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4FD93AF7-CB33-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8585928190638847
Encrypted:	false
SSDEEP:	192:rRZWZn2DWSth5fcudsMcFcB3maDfTuecX:rXS26qvZBIWM
MD5:	2E4084F9777D53D130A8A62967E1B0A0
SHA1:	E207BAF3B65A78E1C5B0E19DE0796CA0F305069C
SHA-256:	B52D4F43AB14C67B8D3394F51D319D27F288B7E2BEF73C779AF6AE80F88B87FF
SHA-512:	C606E1355F845771A804CEA71BD48B9A71EE3F258951BEA22BAC5BF35F4B0DDC08E78FB50BC343A5C18F9D93F91EB5BF1BC440742C367ABB7B73BD42B0C6C784
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4FD93AF9-CB33-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	28794
Entropy (8bit):	1.9967629456994673
Encrypted:	false
SSDEEP:	48:IwqGcprnGwpaGG4pQmGrapbSNGQpBOGHHpccTGUp8DGzYpmJ1GopFDSGGCNp+DSy:rOZxQ26oBS3jd2UWZMhrpwOkblpVGgr
MD5:	8816593CC1AC91430BDB740F34C65BF9
SHA1:	CF0887FE7EA80F21B895E232A58740582B5A0B87
SHA-256:	F3440D9D28E2A9024B3F15EBE26595FFC563DE4AB8DF824D4F64C965D5D26890
SHA-512:	F5092C7C2241B5C2327A85F4539A7278CA3163E78ECAF6EE3E059BC0433C97C61A234F387152C5EA5E66DC9608AB2CC41E01B1625B112544055A749D7E5B8866
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4FD93AFA-CB33-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.563752914376253
Encrypted:	false
SSDEEP:	48:IwNGcpr0Gwpa1G4pQpGrapbSsGQpK6G7HpRXTGIpG:rTZMQn6JBSkAVTlA
MD5:	5EBAFB61216CAD2DE4A89216130A4C2F
SHA1:	ABB8F9463B9B346886C9D2BFF5AA89487A0273A3
SHA-256:	BBDCABB44D5BFC7389A2BF4B9B270651ED3FC5691943A555A1BA2FB4BDA3997A
SHA-512:	C0954F2E6764F2190F6230B0AB01528CC366FDD25AB70EFD9B4FDB295FB41A3E52E957FAFC4C8B08A994604CCFADFC1985749CD3E465947EAD372EE9099E571E
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.102656878932249
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEvNXuUNXuWnWimI002EtM3MHdNMNxOEvNXuUNXuWnWimI00ObVbkEty:2d6NxOUNXjNXvSZHKd6NxOUNXjNXvSZ4
MD5:	7203E053DBF06C0B55927F145DD0C0CE
SHA1:	27C6FFAADD7C74B294095CA7D3F5A8561A46341F
SHA-256:	F50F9D0660E97DB242519BD952F78DA652136BF01CA3318B8EAEAFF95C373419
SHA-512:	579100D1B835F6587F7FF2207FD075596E3EB23F22633628F90D9099C87E8F698F495244F0D50858B040A2DCB7ED54883348C80BD0261A3598D0976F3F3AC569
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.090038745764887
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2k/XwXWnWimI002EtM3MHdNMNxe2k/XwXWnWimI00Obkak6EtMb:2d6NxrUSZHKd6NxrUSZ7Aa7b
MD5:	431B18B24D990B342864644F8F873230
SHA1:	FDD5D5A1A1C29F654B8A79204D053EBF7842EAED
SHA-256:	F91866AA690620C890F15083F75D3126E8ADE209480004932E773F5A335F98A8
SHA-512:	D2887CCE6035F943D9B1D2583B6645E12FAE2B78B8E674E8DDB8EF848667E70F984DDE52AF46F9BF0C1AFF619F073F4859B4F5E1F93329533B9446AD51B6CF58
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x24f0cea7,0x01d75f40</date><accdate>0x24f0cea7,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x24f0cea7,0x01d75f40</date><accdate>0x24f0cea7,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.122586120173304
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLvNXuUNXuWnWimI002EtM3MHdNMNxvLvNXuUNXuWnWimI00ObmZEtMb:2d6NxvbNXjNXvSZHKd6NxvbNXjNXvSZM
MD5:	E7C307379B8744770AA5250546121636
SHA1:	6AD96285213E5B0CF072C3AAEFF877D4C2CFBD90
SHA-256:	044D66E80DD6487D5EB33469753F5AD5554AA15F8778632B4D5D9580B20B981C
SHA-512:	5897D181C548E970279D8EFDB2B5A8D3D1029F35688E73C56144119FC55D05CB10EA5AF72E7DE07010BDBFFF1C481BEC79A71C505C6086DEA4B173FB77E7B4BC
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.093905590422499
Encrypted:	false
SSDEEP:	12:TMHdNMNxi/XwXWnWimI002EtM3MHdNMNxi/XUNXuWnWimI00Obd5EtMb:2d6NxqSZHKd6NxbNXvSZ7Jjb
MD5:	FDB4AE0608941DE5BA49F60924AFE8FC
SHA1:	2636AB06378640BA4A00585668B869A19F04347E
SHA-256:	923CD8A7D958BE1605413D34D418B6153CB4373EE67FA56209827BB95DACB71B
SHA-512:	5079ABF5283B5B8C4AFA80063F8A4E13AA0E917A64492585B5A8E2A2B95F387E4C6AB8C66416EF0594773A44E22D9F2FA50E6DACDA7482A9EB05EC1E61F83448
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x24f0cea7,0x01d75f40</date><accdate>0x24f0cea7,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x24f0cea7,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.137419365296072
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwvNXuUNXuWnWimI002EtM3MHdNMNxhGwvNXuUNXuWnWimI00Ob8K0z:2d6NxQYNXjNXvSZHKd6NxQYNXjNXvSZy
MD5:	26E634E05FAC7D272A2A29F3D905BE29
SHA1:	F7F7BE46081EE48705CD52F08DFD7E888B2978C3
SHA-256:	AE11033D2C3D4DA5C84E3F66464FDCCD41289AA3C8607A58BAD1C479EE6A4187
SHA-512:	4906D50064528A33D8EB298622D1E03A91AFFDB0517CFF91CB003F24D13D3B4CEA6B5D40F115C21621441D58E060873E2642B581BC64367F71A43B58AE9A4D1B
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.105865892508733
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nvNXuUNXuWnWimI002EtM3MHdNMNx0nvNXuUNXuWnWimI00ObxEtMb:2d6Nx0vNXjNXvSZHKd6Nx0vNXjNXvSZX
MD5:	BC9D7FE3BDC196724E2536FC1A4A5F1B
SHA1:	B35CEEC670DD8F5E2FE66F0E340C8621E58A7E20
SHA-256:	7EFB140873DE799E48CFDBF7E3893035D12A2B9CE9B8138E3DA32A74D5485836
SHA-512:	65A18B80C7EC002CEB1B744A587E8CB9D25FEFBE8B9D1B505A4E3A3A1D4A92835575CEF1949CF01E94701169ABED543B69781CBFEDCA0F4D948F1DCCB5020CF0
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.143080580202946
Encrypted:	false
SSDEEP:	12:TMHdNMNxxvNXuUNXuWnWimI002EtM3MHdNMNxxvNXuUNXuWnWimI00Ob6Kq5EtMb:2d6NxNNXjNXvSZHKd6NxNNXjNXvSZ7ob
MD5:	0FBD4436C426418654A59334D18B8748
SHA1:	C364C8659F49031B2948BE3BDF63784DFE94B856
SHA-256:	5069D38F3E845948A52B0B39B2B7B3BFAFD4FEEEE13151F8BDD4CD302132D226
SHA-512:	F5EE88AC609C2D9763522CDAA0A116C713F80B6523EFB467A64040411E55AD5F82D919D892C5B88888B58705C4198ADC654E1340298F0E29F03C1EEFB662512F
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x24f7f5c8,0x01d75f40</date><accdate>0x24f7f5c8,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.085588814860242
Encrypted:	false
SSDEEP:	12:TMHdNMNxc/XwXWnWimI002EtM3MHdNMNxc/XwXWnWimI00ObVEtMb:2d6NxcSZHKd6NxcSZ7Db
MD5:	DEA773B484A6F71E4CB7D4A02EE896D6
SHA1:	64F1AA5580A902FFFF889C9ACECC546377EC9D92
SHA-256:	9C4FA562C22E064600742908B6F64B17C8D68493DEAA01EF848980099D7A30A9
SHA-512:	6BBBBA46A4CA8DFF835949966F7ED2404B88E5E365799ABC3E1976050740EE3D2A5B0882B0E3256617113C7F118210C5120E6947A2D46F9A75E3F5C232F84051
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x24f0cea7,0x01d75f40</date><accdate>0x24f0cea7,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x24f0cea7,0x01d75f40</date><accdate>0x24f0cea7,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.06911628554073
Encrypted:	false
SSDEEP:	12:TMHdNMNxfn/XwXWnWimI002EtM3MHdNMNxfn/XwXWnWimI00Obe5EtMb:2d6NxRSZHKd6NxRSZ7ijb
MD5:	337DF0F6B548ECF1B926E8288F2BA77B
SHA1:	C542F081AAD6F88D0A878E6E816FC1897C134D71
SHA-256:	FAFE855D6CCEBBDD6B394768E4AF476309D079FC385628A1D681AAED1ADFAF6C
SHA-512:	92EB0ED77BA487639BF6A81FB4B2183A5B63EDEC9CD5CE9D55E8175BF1B03CC0EDE04A3F2411CC0FE009D158DF21A1879568DE9DC25EA1C8785891B0376EF3AF
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x24f0cea7,0x01d75f40</date><accdate>0x24f0cea7,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x24f0cea7,0x01d75f40</date><accdate>0x24f0cea7,0x01d75f40</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Temp\~DF3A844A3469AC02C7.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.48177422640311635
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lolF9lo/9lWJ0rg0rNrfGe:kBqoIg+J0rg0rNrfGe
MD5:	02548E24827ED13650D929D0ACDEE537
SHA1:	D918FDEBEB4E5657E1FA03DD24C26EF93D892950
SHA-256:	E4CF5EEB9BA6D78113D6EE5AE048DFCD71159BE24251C77120E08749ADC76485
SHA-512:	718FEB5AD2F3831E9D3657CE5890DC6A2F4FFF5D6F6E0B3B4AF1B4CCF038BCD8C14BFB00EFD8DF0D725D6F6DFDF2B601E64775592188D9362210C6D057EE7EE4
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF561EAA1BE82CC488.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	36491
Entropy (8bit):	0.667278031592852
Encrypted:	false
SSDEEP:	48:kBqoxKAuvScS+ouk1JIJHDSHCzb6kZEHeU0:kBqoxKAuvScS+ouk1etukblpV
MD5:	019593787E6D9D67843DAF28CB47117E
SHA1:	DC00ED474B88DE90A0D622BA680DE79A107A9C64
SHA-256:	CCB46B271DCC857CCF33465F512C81B3AB2FA557E8D055973AE174838EDE95E6
SHA-512:	6755A8E765E479BEDCD1BFFD0FC01D8DE7C8EDB5E93B8ACF76E0A31BA34F234C087FA8834DF58CC01BDE9BF9DA5E1A32BC788D3D5C66DAEE9BB16025D245EE91
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFB11B671508FD48C1.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.39404625475846844
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAggl/g7P5qU:kBqoxxJhHWSVSEablobgzuKg1
MD5:	9F3F73AE1B5392E4B1EC364C84A2EAF9
SHA1:	AA2BE403F00C2CBD0D611DB83D6A3715158D956C
SHA-256:	367CF07EAB62DE81D7FCCEB8BDFAD28AC61BE3623374717AC0CCFD5729AD2286
SHA-512:	821C61D4555793FDBF7DD383998DEDD2C325E8BF269E7935C40BEE5308E9C9FD6F56C22A4563453B632F755706100BCF30D26F72AA5DADABBD9BA9D1FC54E1EF
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General
File type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Entropy (8bit):	5.651539764585573
TrID:	HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11001/1) 32.35%
File name:	HSBC_Payment_slip_for Outstanding 001005l.htm
File size:	81070
MD5:	4d490578e6d7158c55b22cf08fff6384
SHA1:	427feb280f0642dedbe05b404629be31e2790885
SHA256:	e9eb31e4895d52c5e054b434c87de4ae4d3f0ff716d3b75edcf90dd270b31ee3
SHA512:	a766f306ea5880677b80d3bded611e307714545db4a31321585f385ce190ad804d1744e51048d702a80cc83507495224b3cba04bbc7f5204ea6f5b25d3290cc6
SSDEEP:	1536:cfyXMdTcpuVh2kXLPEUR41gKIfYnkU6uqsGLQwzoLwnPof:caMypUQgrYk7uELswn2
File Content Preview:	<HTML><HEAD><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">....<STYLE type=text/css>..body, html {.. height: 100%;.. margin: 0;.. font-family: "Segoe UI Webfont",-apple-system,"Helvetica Neue","Lucida Grande","Roboto","Ebrima",

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 11, 2021 21:04:36.192876101 CEST	64938	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:36.244308949 CEST	53	64938	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:37.332775116 CEST	60152	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:37.385747910 CEST	53	60152	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:38.410687923 CEST	57544	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:38.462822914 CEST	53	57544	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:39.819700956 CEST	55984	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:39.870107889 CEST	53	55984	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:40.971920967 CEST	64185	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:41.046946049 CEST	53	64185	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:41.804214001 CEST	65110	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:41.859271049 CEST	53	65110	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:42.502495050 CEST	58361	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:42.563266993 CEST	53	58361	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:43.006275892 CEST	63492	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:43.069669008 CEST	53	63492	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:44.172487974 CEST	60831	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:44.225553036 CEST	53	60831	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:45.369493961 CEST	60100	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:45.422563076 CEST	53	60100	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:46.913917065 CEST	53195	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:46.964262009 CEST	53	53195	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:47.864517927 CEST	50141	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:47.914907932 CEST	53	50141	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:49.136105061 CEST	53023	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:49.198363066 CEST	53	53023	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:49.974858046 CEST	49563	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:50.042192936 CEST	53	49563	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:50.796246052 CEST	51352	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:50.854727983 CEST	53	51352	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:51.690182924 CEST	59349	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:51.740242004 CEST	53	59349	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:52.778934002 CEST	57084	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:52.831341028 CEST	53	57084	8.8.8.8	192.168.2.3
Jun 11, 2021 21:04:53.559503078 CEST	58823	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:04:53.611393929 CEST	53	58823	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:09.963848114 CEST	57568	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:10.030647039 CEST	53	57568	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:12.598510027 CEST	50540	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:12.653198004 CEST	53	50540	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:13.232593060 CEST	54366	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:13.283237934 CEST	53	54366	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:13.604432106 CEST	50540	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:13.668236971 CEST	53	50540	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:14.244784117 CEST	54366	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:14.296494961 CEST	53	54366	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:14.652313948 CEST	50540	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:14.707693100 CEST	53	50540	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:15.265361071 CEST	53034	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:15.291743040 CEST	54366	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:15.350744963 CEST	53	54366	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:15.359690905 CEST	53	53034	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:16.698116064 CEST	50540	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:16.751214027 CEST	53	50540	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:17.338893890 CEST	54366	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:17.398122072 CEST	53	54366	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:20.699017048 CEST	50540	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:20.752372026 CEST	53	50540	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:21.389519930 CEST	54366	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:21.448266983 CEST	53	54366	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:32.618511915 CEST	57762	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:32.688328028 CEST	53	57762	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:48.827621937 CEST	55435	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:48.896542072 CEST	53	55435	8.8.8.8	192.168.2.3
Jun 11, 2021 21:05:52.954297066 CEST	50713	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:05:53.014951944 CEST	53	50713	8.8.8.8	192.168.2.3
Jun 11, 2021 21:06:23.868633032 CEST	56132	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:06:23.935903072 CEST	53	56132	8.8.8.8	192.168.2.3
Jun 11, 2021 21:06:24.875422955 CEST	58987	53	192.168.2.3	8.8.8.8
Jun 11, 2021 21:06:24.945354939 CEST	53	58987	8.8.8.8	192.168.2.3

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 1636 Parent PID: 792

General

Start time:	21:04:41
Start date:	11/06/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7026a0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 5488 Parent PID: 1636

General

Start time:	21:04:42
Start date:	11/06/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1636 CREDAT:17410 /prefetch:2
Imagebase:	0xa80000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report HSBC_Payment_slip_for Outstanding 001005l.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Initial Sample

Sigma Overview

Signature Overview

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Network Behavior

Network Port Distribution

UDP Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 1636 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 5488 Parent PID: 1636

General

Chronological Activities

Disassembly