https://mfelvmu.cabanova.com/

Status: finished

Submission Time: 2020-09-16 04:46:54 +02:00

Malicious

Phishing

HTMLPhisher

Comments

Details

Analysis ID:
286115
API (Web) ID:
467395
Analysis Started:

2020-09-16 04:46:55 +02:00
Analysis Finished:

2020-09-16 04:50:29 +02:00
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 56	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
35.186.205.126	United States
94.130.246.164	Germany

Domains

Name	IP	Detection
mfelvmu.cabanova.com	94.130.246.164
sitebuilder.cabanova.com	35.186.205.126

URLs

Name	Detection
http://www.youtube.com/
https://www.google.%/ads/ga-audiences?
http://www.opensource.org/licenses/mit-license.php
Click to see the 32 hidden entries
https://www.formspring.me/share?url=__URL__
https://twitter.com/share?original_referer=__URL__
https://sitebuilder.cabanova.com/
https://stats.g.doubleclick.net/j/collect?
http://www.linkedin.com/shareArticle?mini=true&url=__URL__
http://www.stumbleupon.com/submit?url=__URL__
http://www.blogger.com/blog_this.pyra?t=&u=__URL__?sms_ss=blogger&n=__URL__
https://mfelvmu.cabanova.com/Root
https://www.linkedin.com/shareArticle?mini=true&url=__URL__
https://www.stumbleupon.com/submit?url=__URL__
http://www.wikipedia.com/
http://sitebuilder.cabanova.com/action/topbanner/
http://www.live.com/
http://www.myspace.com/Modules/PostTo/Pages/?u=__URL__
http://www.reddit.com/
https://delicious.com/save?v=5&noui&jump=close&url=__URL__
http://delicious.com/save?v=5&noui&jump=close&url=__URL__
http://www.apache.org/licenses/LICENSE-2.0
http://twitter.com/share?original_referer=__URL__
http://www.nytimes.com/
https://use.typekit.net
https://digg.com/submit?url=__URL__
https://mfelvmu.cabanova.com/
https://sitebuilder.cabanova.com/action/form/html5/f95b468bfdfbb76344df61fd369159d3
http://www.asual.com/swfaddress/
https://www.myspace.com/Modules/PostTo/Pages/?u=__URL__
https://www.blogger.com/blog_this.pyra?t=&u=__URL__?sms_ss=blogger&n=__URL__
http://www.amazon.com/
http://sitebuilder.cabanova.com/action/fallback?d=
http://www.formspring.me/share?url=__URL__
http://www.twitter.com/
http://digg.com/submit?url=__URL__

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\33RJXG9M.htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\topbanner-en[1].js	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\html5[1].css	ASCII text	#
Click to see the 30 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery.min[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\render[1].js	HTML document, UTF-8 Unicode text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\webfont[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ga[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\p8pm-4g1623lr4ah6-wir37[1].jpg	[TIFF image data, big-endian, direntries=5, orientation=upper-left], baseline, precision 8, 1536x752, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\swfaddress[1].js	ASCII text, with very long lines, with CR line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\util[1].js	UTF-8 Unicode text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\f95b468bfdfbb76344df61fd369159d3[1].js	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\publish[1].js	ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\swfobject2[1].js	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\topbanner[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Temp\~DF0704E5DD4D764C97.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFA53E0558757147B7.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFBC80C397E130E4EC.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6C759F71-F812-11EA-90E8-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\site-settings[1].js	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\md5[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\common[1].js	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6C759F74-F812-11EA-90E8-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6C759F73-F812-11EA-90E8-ECF4BBEA1588}.dat	Microsoft Word Document	#

https://mfelvmu.cabanova.com/

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

https://mfelvmu.cabanova.com/ Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

https://mfelvmu.cabanova.com/