https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com

Status: finished

Submission Time: 2020-11-27 18:43:43 +01:00

Malicious

Phishing

HTMLPhisher

Comments

Details

Analysis ID:
323890
API (Web) ID:
549558
Analysis Started:

2020-11-27 18:43:43 +01:00
Analysis Finished:

2020-11-27 18:48:19 +01:00
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 76	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
170.10.160.34	United States
104.27.129.197	United States
152.199.21.175	United States

Domains

Name	IP	Detection
goips.net	104.27.129.197
sni1gl.wpc.alphacdn.net	152.199.21.175
ch1.amorozon.fr	170.10.160.34
Click to see the 5 hidden entries
signup.live.com	0.0.0.0
assets.onestore.ms	0.0.0.0
acctcdn.msauth.net	0.0.0.0
ajax.aspnetcdn.com	0.0.0.0
client.hip.live.com	0.0.0.0

URLs

Name	Detection
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail
https://www.xbox.com
Click to see the 72 hidden entries
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/favicon_a_eupayfgghqiai7k9s
https://acctcdn.msauth.net/images/favicon.ico?v=2~(
https://www.clicktale.net/disable.html
https://github.com/douglascrockford/JSON-js
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protectio
https://acctcdn.msauth.net/lightweightsignuppackage_oZIcfFtGMdm_yHyDEji_8w2.js?v=1
http://knockoutjs.com/
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/
https://autodiscover.domain.com/owa/#th=/maRoot
https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/Root
https://signup.live.co
https://autodiscover.domain.com/owa/#th=/mail
http://fontello.com
https://developer.yahoo.com/flurry/end-user-opt-out/
https://acctcdn.msauth.net/images/favicon.ico?v=2~
https://signup.live.com/
https://www.xbox.com/
https://www.xbox.com/Legal/ThirdPartyDataSharing
https://support.xbox.com/help/friends-social-activity/community/use-safety-settings
http://jquery.com/
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.pn
https://www.linkedin.com/legal/privacy-policy
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.png
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://m_post%26redirect_u
https://acctcdn.msauth.net/images/favicon.ico?v=2
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/r/.zz/908da3c8f209ef75ffb734f6652bf849/
https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)
http://fontello.comiconsRegulariconsiconsVersion
https://autodiscover.domain.com/owa/#path=/mail
http://www.opensource.org/licenses/mit-license.php)
https://acctcdn.msauth.net/converged_ux_v2_RfnRCrmapm3W_OFn994CMA2.css?v=1
https://www.youradchoices.ca/fr
https://ondemand.webtrends.com/support/optout.asp
https://login.microsoftonline.com
https://www.privacyshield.gov/welcome
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.sv
http://www.json.org/json2.js
http://opensource.org/licenses/mit-license.php)
https://signup.live.com/error.aspx?errcode=1045&mkt=en-US
http://www.asp.net/ajaxlibrary/CDN.ashx.
https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js?v=1
https://www.appsflyer.com/optout
http://sizzlejs.com/
https://www.optimizely.com/legal/opt-out/
https://acctcdn.msauth.net
https://ch1.amorozon.f
http://jquery.org/license
https://www.acuityads.com/opt-out/
https://login.skype.com/login
https://signin.kissmetrics.com/privacy/#controls
http://github.com/requirejs/almond/LICENSE
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain
https://autodiscover.domain.com/owa/
https://www.xbox.com/managedatacollection
https://www.adjust.com/opt-out/
https://www.aboutads.info/
https://www.here.com/)
https://goips.net/background-redirect/index.php
https://www.youronlinechoices.com/
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
https://priv-policy.imrworldwide.com/priv/browser/us/en/optout.html
https://www.youradchoices.ca
https://autodiscover.domain.com/owa/$
https://ch1.amorozon.fr/.zz/?&78387439&user=jon.parr
https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
https://www.appnexus.com/
https://privacy.micros
https://autodiscover.domain.com/owa/#th=/maode%26client_id%3d51483342-085c-

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\segring[1].htm	HTML document, UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\908da3c8f209ef75ffb734f6652bf849[1].htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\signup[1].htm	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators	#
Click to see the 49 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\16-a6d48e[1].css	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\50-f1e180[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\app[1].css	ASCII text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410[1].svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2[1].svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c[1].svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73[1].svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\oneds_Xr2D7Nex80v7A-8bxF8jgQ2[1].js	ASCII text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\shell.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\converged_ux_v2_RfnRCrmapm3W_OFn994CMA2[1].css	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\icons[1].eot	Embedded OpenType (EOT), icons family	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery.min[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js	ASCII text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\lightweightsignuppackage_oZIcfFtGMdm_yHyDEji_8w2[1].js	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2[1].js	HTML document, UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\print-icon[1].png	PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\~DF4D88143B5EF30894.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF61A1327D3F69D777.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF7977F7404D051671.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\script[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39B7F450-30D8-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\.zz[1].htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\0-small_138bcee624fa04ef9b75e86211a9fe0d[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x28, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Mic_BG[1].jpg	JPEG image data, baseline, precision 8, 1920x1080, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jquery-1.11.2.min[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\override[1].css	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\privacystatement[1].htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sc_login[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{32E83693-30D8-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\style[1].css	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2_vD0yppaJX3jBnfbHF1hqXQ2[1].svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2_vD0yppaJX3jBnfbHF1hqXQ2[2].svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\908da3c8f209ef75ffb734f6652bf849[1].htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RE1Mu3b[1].png	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\css[1].css	assembler source, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\favicon[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\latest[1].eot	Embedded OpenType (EOT), Segoe UI Semibold family	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\latest[2].eot	Embedded OpenType (EOT), Segoe UI family	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\latest[3].eot	Embedded OpenType (EOT), Segoe UI Light family	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svg	SVG Scalable Vector Graphics image	#

https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com