flash

http://resa.credit-financebank.com/donc/dcn/?email=bWNnaW5udEByZXNhLm5ldA==

Status: finished
Submission Time: 16.10.2020 17:24:59
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    299395
  • API (Web) ID:
    493897
  • Analysis Started:
    16.10.2020 17:25:35
  • Analysis Finished:
    16.10.2020 17:30:06
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
80/100

malicious

malicious

IPs

IP Country Detection
52.97.201.242
United States
162.213.253.54
United States

Domains

Name IP Detection
resa.credit-financebank.com
162.213.253.54
ZRH-efz.ms-acdc.office.com
52.97.201.242
www.office.com
0.0.0.0
Click to see the 3 hidden entries
secure.aadcdn.microsoftonline-p.com
0.0.0.0
r4.res.office365.com
0.0.0.0
outlook.office365.com
0.0.0.0

URLs

Name Detection
http://resa.credit-financebank.com/donc/dcn/J67_9NpbfPeB43EHZIyi1hmlT0csvqLRM5DjzKdaGuxOUXSoQW.php?_0TCmQy24bPvWNUnAGFd8q-OxErilDZsghR59LI3k6VatMYSKprjTAZduNvbSMtYceXlVKmz0pxGoPwHIgqODhas267CkLnFBfR8b1wUIPk2Snqfuo_ARgcL7OpV6vBDtEGWi45Zr80QXFhHl3MmCdbDl19_-5x2VcSiLAjoIJHvMCREug6Td3apsPFQr7kBYheOw4fN&data=bWNnaW5udEByZXNhLm5ldA==#
http://resa.credit-financebank.com/donc/dcn/?email=bWNnaW5udEByZXNhLm5ldA==
http://resa.credit-financebank.com/donc/dcn/J67_9NpbfPeB43EHZIyi1hmlT0csvqLRM5DjzKdaGuxOUXSoQW.php?_0TCmQy24bPvWNUnAGFd8q-OxErilDZsghR59LI3k6VatMYSKprjTAZduNvbSMtYceXlVKmz0pxGoPwHIgqODhas267CkLnFBfR8b1wUIPk2Snqfuo_ARgcL7OpV6vBDtEGWi45Zr80QXFhHl3MmCdbDl19_-5x2VcSiLAjoIJHvMCREug6Td3apsPFQr7kBYheOw4fN&data=bWNnaW5udEByZXNhLm5ldA==#ZvEN-4qpW4EbGy_yOv86eSV13_zGaFkWfWUaFXDQjWfsNCbbr8CvOmqNUNrYmZu5vset3RioD0Sph_xFiS_yx0w4l1oPGGp6yaQ4s2krNxjRepRf1-0RSPxIfWCzX1rJFEeiH2hLu96fAoA2KpylDaF7n9A26leFwFgrB7xXvKVe-gNJPIPiIQCIFC04Vj-01F0h8S2i
Click to see the 39 hidden entries
http://github.com/jquery/globalize
https://blobs.officehome.msocdn.com/bundles/staticscripts-6b9fd104bb.js
http://resa.credit-financebank.com/donc/dcn/images/favicon.ico~(
https://outlook.office365.com/owa/prefetch.aspx
http://resa.credit-financebank.com/donc/dcn/J67_9NpbfPeB43EHZIyi1hmlT0csvqLRM5Djzancebank.com/donc/d
http://resa.credit-financebank.com/donc/dcn/J67_9NpbfPeB43EHZIyi1hmlT0csvqLRM5DjzKdaGuxOUXSoQW.php?_0TCmQy24bPvWNUnAGFd8q-OxErilDZsghR59LI3k6VatMYSKprjTAZduNvbSMtYceXlVKmz0pxGoPwHIgqODhas267CkLnFBfR8b1wUIPk2Snqfuo_ARgcL7OpV6vBDtEGWi45Zr80QXFhHl3MmCdbDl19_-5x2VcSiLAjoIJHvMCREug6Td3apsPFQr7kBYheOw4fN&data=bWNnaW5udEByZXNhLm5ldA==
https://r4.res.office365.com/owa/prem/16.3790.0.2749802/scripts/boot.worldwide.1.mouse.js
http://resa.credit-financebank.com/donc/dcn/images/logn.png
https://r4.res.office365.com/owa/prem/16.3790.0.2749802/resources/styles/fonts/office365icons.svg
https://www.office.com/prefetch/prefetch
http://resa.credit-financebank.com/donc/dcn/images/ellipsis_white.svg
https://r4.res.office365.com/owa/prem/16.3790.0.2749802/resources/images/0/sprite1.mouse.png
https://r4.res.office365.com/owa/prem/16.3790.0.2749802/resources/styles/fonts/office365icons.ttf
https://r4.res.office365.com/owa/prem/16.3790.0.2749802/scripts/boot.worldwide.0.mouse.js
http://resa.credit-financebank.com/donc/dcn/images/bg.svg?asjdkasdads
https://blobs.officehome.msocdn.com/bundles/polyfills-bundle-7e9c6616331eab222d42.js
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/microsoft_logo.svg?x=ee5
http://resa.credit-financebank.com/donc/dcn/css/login.css
http://resa.credit-financebank.com/donc/dcn/images/fstmsg.png
https://r4.res.office365.com/owa/prem/16.3790.0.2749802/scripts/boot.worldwide.3.mouse.js
http://resa.credit-financebank.com/donc/dcn/images/arrow_left.svg
https://r4.res.office365.com/owa/prem/16.3790.0.2749802/resources/styles/fonts/office365icons.eot?#i
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/microsoft_logo.png?x=ed9
https://r4.res.office365.com/owa/prem/16.3790.0.2749802/resources/styles/0/boot.worldwide.mouse.css
https://r4.res.office365.com/owa/prem/16.3790.0.2749802/scripts/boot.worldwide.2.mouse.js
https://blobs.officehome.msocdn.com/bundles/app-bundle-6a480562ae8d300808a4.js
https://blobs.officehome.msocdn.com/bundles/app-bundle-e605af9822fccd81ce18.css
https://blobs.officehome.msocdn.com/images/content/images/fluent-background-sources/header-default-d
http://resa.credit-financebank.com/donc/dcn/images/favicon.ico
http://resa.credit-financebank.com/donc/dcn/images/eps.png
https://r4.res.office365.com/owa/prem/16.3790.0.2749802/resources/images/0/sprite1.mouse.css
http://resa.credit-financebank.com/donc/dcn/images/ellipsis_grey.svg
http://resa.credit-financebank.com/donc/dcn/images/favicon.ico~
https://r4.res.office365.com/owa/prem/16.3790.0.2749802/resources/styles/fonts/office365icons.woff
http://resa.credit-financebank.com/donc/dcn/images/passwrd.png
http://resa.credit-financebank.com/donc/dcn/J67_9NpbfPeB43EHZIyi1hmlT0csvqLRM5DjzKdaGuxOUXSoQW.php?_
http://resa.credit-financebank.com/donc/dcn/images/forgetpass.png
http://resa.credit-fin
https://blobs.officehome.msocdn.com/bundles/sharedscripts-b0a68e18d1.js

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\J67_9NpbfPeB43EHZIyi1hmlT0csvqLRM5DjzKdaGuxOUXSoQW[1].htm
HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F2587535-0FC3-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2587537-0FC3-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
Click to see the 26 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F8E66152-0FC3-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\eps[1].png
PNG image data, 170 x 29, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[3].ico
MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\forgetpass[1].png
PNG image data, 121 x 20, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\fstmsg[1].png
PNG image data, 353 x 41, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\microsoft_logo[2].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\passwrd[1].png
PNG image data, 69 x 34, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bg[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\boot.worldwide.0.mouse[1].js
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ellipsis_white[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\prefetch[1].htm
HTML document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\prefetch[2].htm
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\sprite1.mouse[1].css
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\arrow_left[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\boot.worldwide.1.mouse[1].js
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\boot.worldwide.3.mouse[1].js
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\boot.worldwide.mouse[1].css
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\login[1].css
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\boot.worldwide.2.mouse[1].js
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ellipsis_grey[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\logn[1].png
PNG image data, 110 x 34, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\sprite1.mouse[1].png
PNG image data, 600 x 75, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Temp\~DF34AD48C7C16D0AE5.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF64177069175675B8.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFC9F1090FE0E5B69E.TMP
data
#