AccountStatements.html

Status: finished

Submission Time: 2020-11-20 11:22:35 +01:00

Malicious

Phishing

HTMLPhisher

Comments

Details

Analysis ID:
321119
API (Web) ID:
544048
Analysis Started:

2020-11-20 11:24:35 +01:00
Analysis Finished:

2020-11-20 11:30:21 +01:00
MD5:
c7f8f17bcf5d2656dd7f818969736342
SHA1:
4e2bf200592a5803b81eca7416ca514aae86188b
SHA256:
9df63134e160a49558a811b07b551c828dd733be30d970fee5f4656a8e7006ff
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 48	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
185.166.104.3	Iran (ISLAMIC Republic Of)
18.209.113.162	United States

Domains

Name	IP	Detection
ok4-crtr-tls12-nlb-29367a8e4bb80716.elb.us-east-1.amazonaws.com	18.209.113.162
b5d75f750c811003839a64fb243bafc0.cdn.cafebazaar.cloud	185.166.104.3
s.cafebazaar.ir	0.0.0.0
Click to see the 1 hidden entries
atcocorp.okta.com	0.0.0.0

URLs

Name	Detection
file:///C:/Users/user/Desktop/AccountStatements.html
https://github.com/gabceb/jquery-browser-plugin
http://jquery.com/
Click to see the 23 hidden entries
http://www.reddit.com/
http://www.live.com/
https://github.com/js-cookie/js-cookie
https://atcocorp.okta.com/assets/js/mvc/loginpage/initLoginPage.pack.34c59a55bb3a42c88a91a86c33d95ad
http://www.wikipedia.com/
https://typingdna.com/scripts/typingdna.js
https://atcocorp.okta.com/assets/loginpage/css/okta-login-page.min.0f4b9922bfa70975cc884fea7cbd71fa.
https://api.typingdna.com/scripts/typingdna.js
https://github.com/gabceb
http://www.youtube.com/
https://support.okta.com/help/articles/Knowledge_Article/24532952-Platforms---Browser-and-OS-Support
http://www.opensource.org/licenses/mit-license.html
https://coco-fleur.net/hell/oracle.php
http://github.com/kriskowal/q/raw/master/LICENSE
http://www.twitter.com/
http://www.apache.org/licenses/LICENSE-2.0.
http://www.amazon.com/
https://s.cafebazaar.ir/1/icons/com.adobe.reader_512x512.png
http://sizzlejs.com/
http://jquery.org/license
http://www.nytimes.com/
http://www.apache.org/licenses/LICENSE-2.0
http://typingdna.com

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DFD3AF8564A5B2005B.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF4287DA41F4BBBE37.TMP	data	#
Click to see the 17 hidden entries
C:\Users\user\AppData\Local\Temp\~DF21C372744A71BF0C.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\com.adobe.reader_512x512[1].png	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\checkbox-sign-in-widget.7846b2f8c6d0a7ca69fdd3d3c294e92d[1].png	PNG image data, 50 x 1155, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\okticon.fe8b3f5e8c2e13114d5bfb04e4731fb9[1].eot	Embedded OpenType (EOT), okticon family	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\okta-login-page.min.0f4b9922bfa70975cc884fea7cbd71fa[1].css	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\initLoginPage.pack.34c59a55bb3a42c88a91a86c33d95ad4[1].js	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{240BA7A7-2B66-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{240BA7AA-2B66-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{240BA7A9-2B66-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#

AccountStatements.html

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

AccountStatements.html Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

AccountStatements.html