Source: Yara match | File source: 035347.pages.csv, type: HTML |
Source: Yara match | File source: 035347.0.links.csv, type: HTML |
Source: Yara match | File source: 035347.pages.csv, type: HTML |
Source: Yara match | File source: 035347.0.links.csv, type: HTML |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | Matcher: Template: outlook matched |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | Sample URL: PII: theodor.niesmann@verbio.de |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | HTTP Parser: Number of links: 0 |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | HTTP Parser: Number of links: 0 |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | HTTP Parser: Title: Signin Outlook WebApp Settings does not match URL |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | HTTP Parser: Title: Signin Outlook WebApp Settings does not match URL |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | HTTP Parser: Form action: https://397750328498584992com2038xyz.xyz/exch/oauth05112021/client_id=56230006/3.php |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | HTTP Parser: Form action: https://397750328498584992com2038xyz.xyz/exch/oauth05112021/client_id=56230006/3.php |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | HTTP Parser: Form action: https://397750328498584992com2038xyz.xyz/exch/oauth05112021/client_id=56230006/3.php azurefd 397750328498584992com2038xyz |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | HTTP Parser: Form action: https://397750328498584992com2038xyz.xyz/exch/oauth05112021/client_id=56230006/3.php azurefd 397750328498584992com2038xyz |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | HTTP Parser: No <meta name="copyright".. found |
Source: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann@verbio.de | HTTP Parser: No <meta name="copyright".. found |
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe | File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll | Jump to behavior |
Source: unknown | HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49746 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49748 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49747 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49749 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49753 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49752 version: TLS 1.2 |
Source: unknown | DNS traffic detected: queries for: mailsolutions-helpdesk.azurefd.net |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49753 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49752 |
Source: unknown | Network traffic detected: HTTP traffic on port 49748 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49749 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49752 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49749 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49748 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown | Network traffic detected: HTTP traffic on port 49753 -> 443 |
Source: global traffic | HTTP traffic detected: GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1Accept: text/css, */*Referer: https://mailsolutions-helpdesk.azurefd.net/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: maxcdn.bootstrapcdn.comConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1Accept: text/css, */*Referer: https://mailsolutions-helpdesk.azurefd.net/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: stackpath.bootstrapcdn.comConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /ajax/libs/popper.js/1.14.0/umd/popper.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://mailsolutions-helpdesk.azurefd.net/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://mailsolutions-helpdesk.azurefd.netAccept-Encoding: gzip, deflateHost: cdnjs.cloudflare.comConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /bootstrap/4.1.0/js/bootstrap.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://mailsolutions-helpdesk.azurefd.net/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://mailsolutions-helpdesk.azurefd.netAccept-Encoding: gzip, deflateHost: stackpath.bootstrapcdn.comConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://mailsolutions-helpdesk.azurefd.net/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://mailsolutions-helpdesk.azurefd.netAccept-Encoding: gzip, deflateHost: maxcdn.bootstrapcdn.comConnection: Keep-Alive |
Source: font-awesome.min[1].css.2.dr | String found in binary or memory: http://fontawesome.io |
Source: font-awesome.min[1].css.2.dr | String found in binary or memory: http://fontawesome.io/license |
Source: bootstrap.min[1].css.2.dr, bootstrap.min[1].js0.2.dr | String found in binary or memory: http://getbootstrap.com) |
Source: popper.min[1].js.2.dr | String found in binary or memory: http://opensource.org/licenses/MIT). |
Source: bootstrap.min[1].js.2.dr | String found in binary or memory: https://getbootstrap.com/) |
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr | String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE) |
Source: bootstrap.min[1].js.2.dr | String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors) |
Source: {B0436150-6CC8-11EC-90E9-ECF4BB862DED}.dat.1.dr | String found in binary or memory: https://mailsolutions-helpdesk.azurefd.net/ |
Source: ~DFAA6D081E965B91E9.TMP.1.dr | String found in binary or memory: https://mailsolutions-helpdesk.azurefd.net/#eodor.niesmann |
Source: {B0436150-6CC8-11EC-90E9-ECF4BB862DED}.dat.1.dr | String found in binary or memory: https://mailsolutions-helpdesk.azurefd.net/#theodor.niesmann |
Source: {B0436150-6CC8-11EC-90E9-ECF4BB862DED}.dat.1.dr | String found in binary or memory: https://mailsolutions-helpdesk.azurefd.net/D |
Source: {B0436150-6CC8-11EC-90E9-ECF4BB862DED}.dat.1.dr | String found in binary or memory: https://mailsolutlpdesk.azurefd.net/ |
Source: unknown | HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49746 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49748 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49747 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49749 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49753 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49752 version: TLS 1.2 |
Source: C:\Program Files\internet explorer\iexplore.exe | File created: C:\Users\user\AppData\Local\Temp\~DF9F76C96F8F638CD7.TMP | Jump to behavior |
Source: classification engine | Classification label: mal56.phis.win@3/14@5/2 |
Source: unknown | Process created: C:\Program Files\internet explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding | |
Source: C:\Program Files\internet explorer\iexplore.exe | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4504 CREDAT:17410 /prefetch:2 | |
Source: C:\Program Files\internet explorer\iexplore.exe | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4504 CREDAT:17410 /prefetch:2 | Jump to behavior |
Source: C:\Program Files\internet explorer\iexplore.exe | File read: C:\Users\desktop.ini | Jump to behavior |
Source: C:\Program Files\internet explorer\iexplore.exe | File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High | Jump to behavior |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe | File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll | Jump to behavior |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.