flash

AccountStatements.html

Status: finished
Submission Time: 20.11.2020 11:22:35
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    321119
  • API (Web) ID:
    544048
  • Analysis Started:
    20.11.2020 11:24:35
  • Analysis Finished:
    20.11.2020 11:30:21
  • MD5:
    c7f8f17bcf5d2656dd7f818969736342
  • SHA1:
    4e2bf200592a5803b81eca7416ca514aae86188b
  • SHA256:
    9df63134e160a49558a811b07b551c828dd733be30d970fee5f4656a8e7006ff
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
48/100

IPs

IP Country Detection
185.166.104.3
Iran (ISLAMIC Republic Of)
18.209.113.162
United States

Domains

Name IP Detection
ok4-crtr-tls12-nlb-29367a8e4bb80716.elb.us-east-1.amazonaws.com
18.209.113.162
b5d75f750c811003839a64fb243bafc0.cdn.cafebazaar.cloud
185.166.104.3
s.cafebazaar.ir
0.0.0.0
Click to see the 1 hidden entries
atcocorp.okta.com
0.0.0.0

URLs

Name Detection
file:///C:/Users/user/Desktop/AccountStatements.html
http://typingdna.com
http://www.apache.org/licenses/LICENSE-2.0
Click to see the 23 hidden entries
http://www.nytimes.com/
http://jquery.org/license
http://sizzlejs.com/
https://s.cafebazaar.ir/1/icons/com.adobe.reader_512x512.png
http://www.amazon.com/
http://www.apache.org/licenses/LICENSE-2.0.
http://www.twitter.com/
http://github.com/kriskowal/q/raw/master/LICENSE
https://coco-fleur.net/hell/oracle.php
http://www.opensource.org/licenses/mit-license.html
https://github.com/gabceb/jquery-browser-plugin
https://support.okta.com/help/articles/Knowledge_Article/24532952-Platforms---Browser-and-OS-Support
http://www.youtube.com/
https://github.com/gabceb
https://api.typingdna.com/scripts/typingdna.js
https://atcocorp.okta.com/assets/loginpage/css/okta-login-page.min.0f4b9922bfa70975cc884fea7cbd71fa.
https://typingdna.com/scripts/typingdna.js
http://www.wikipedia.com/
https://atcocorp.okta.com/assets/js/mvc/loginpage/initLoginPage.pack.34c59a55bb3a42c88a91a86c33d95ad
https://github.com/js-cookie/js-cookie
http://www.live.com/
http://www.reddit.com/
http://jquery.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{240BA7A7-2B66-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{240BA7A9-2B66-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{240BA7AA-2B66-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
Click to see the 17 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\initLoginPage.pack.34c59a55bb3a42c88a91a86c33d95ad4[1].js
UTF-8 Unicode text, with very long lines, with LF, NEL line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\okta-login-page.min.0f4b9922bfa70975cc884fea7cbd71fa[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\okticon.fe8b3f5e8c2e13114d5bfb04e4731fb9[1].eot
Embedded OpenType (EOT), okticon family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\checkbox-sign-in-widget.7846b2f8c6d0a7ca69fdd3d3c294e92d[1].png
PNG image data, 50 x 1155, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\com.adobe.reader_512x512[1].png
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Temp\~DF21C372744A71BF0C.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF4287DA41F4BBBE37.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFD3AF8564A5B2005B.TMP
data
#