flash

FAX-MESSAGE201636576736375362.hTMl

Status: finished
Submission Time: 22.02.2021 19:41:52
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    356226
  • API (Web) ID:
    614433
  • Analysis Started:
    22.02.2021 19:41:52
  • Analysis Finished:
    22.02.2021 19:49:07
  • MD5:
    9c0f59a8ec93478511d689bfb7d9a74a
  • SHA1:
    f35fc0edde9dbe0a9887e947fba8b95c2fad719c
  • SHA256:
    59c6ccf88f60e9255e6886bf2865c45795e97a61bf135f2e125537540c7c71b2
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
56/100

IPs

IP Country Detection
204.93.216.87
United States
152.199.23.37
United States
104.16.18.94
United States

Domains

Name IP Detection
cs1100.wpc.omegacdn.net
152.199.23.37
cdnjs.cloudflare.com
104.16.18.94
manmedia.org
204.93.216.87
Click to see the 6 hidden entries
stackpath.bootstrapcdn.com
0.0.0.0
secure.aadcdn.microsoftonline-p.com
0.0.0.0
code.jquery.com
0.0.0.0
aadcdn.msftauth.net
0.0.0.0
assets.onestore.ms
0.0.0.0
ajax.aspnetcdn.com
0.0.0.0

URLs

Name Detection
file:///C:/Users/user/Desktop/FAX-MESSAGE201636576736375362.hTMl
https://aka.ms/useterms
https://aka.ms/redeemrewards
Click to see the 86 hidden entries
https://signin.kissmetrics.com/privacy/#controls
https://login.skype.com/login
https://www.acuityads.com/opt-out/
https://www.skype.com/go/ustax
https://aadcdn.msftauthimg.net/dbd5a2dd-xs-ly6aik51q1xmokwuzg7cgil517bv-ngigbudd-ua/logintenantbrand
https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
https://www.optimizely.com/legal/opt-out/
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
https://www.microsoft.s/Desktop/FAX-MESSAGE201636576736375362.hTMl
https://www.youradchoices.ca/fr
https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201
https://code.jquery.com/jquery-3.3.1.slim.min.js
https://www.adr.org
https://www.xbox.com/en-US/Legal/CodeOfConduct)
http://www.asp.net/ajaxlibrary/CDN.ashx.
https://tuicura.com/offic/next2.php
https://www.xbox.com/en-US/Legal/CodeOfConduct
https://aadcdn.msftauthimg.net/dbd5a2dd-2ivja-xubozxczt8hkuyvxiwoa4vmtaxu-16djdwpc4/logintenantbrand
https://aka.ms/taxservice
https://www.privacyshield.gov/welcome
https://aadcdn.msftauthimg.net/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logintenantbrandi
https://github.com/twbs/bootstrap/graphs/contributors)
https://ondemand.webtrends.com/support/optout.asp
https://www.skype.com/go/legal.broadcast
https://skype.com/go/myaccount
https://www.skype.com
https://www.appsflyer.com/optout
https://privacy.micros
https://www.appnexus.com/
https://aka.ms/redeemrewards).
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logi
http://logo.clearbit.com/
https://privacy.m
http://opensource.org/licenses/MIT).
http://www.mpegla.com
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai7
https://www.youradchoices.ca
https://priv-policy.imrworldwide.com/priv/browser/us/en/optout.html
http://github.com/requirejs/almond/LICENSE
https://www.youronlinechoices.com/
https://manmedia.org/offic/n.page/style.css
https://mixer.com/contact
https://www.here.com/)
https://manmedia.org/offic/n.page/actions.js
https://www.skype.com/go/store.reactivate.credit
https://www.aboutads.info/
https://www.adjust.com/opt-out/
https://www.xbox.com/managedatacollection
https://www.xbox.com/legal/codeofconduct
https://www.xbox.com/xbox-game-studios)
https://developer.yahoo.com/flurry/end-user-opt-out/
https://my.navyfederal.org/NFOAA_Auth/resources/img/css/img-billboard-BG.svg);
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/log
http://fontello.com
http://www.mpegla.com).
https://aka.ms/kinectprivacy/
https://www.skype.com).
https://www.xbox.com
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protectio
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/cdnbundles/converged.v2.login.m
https://www.clicktale.net/disable.html
https://aadcdn.msftauthimg.net/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/logintenantbrand
https://getbootstrap.com/)
https://manmedia.org/offic/n.page/jqueryLib.js
https://aadcdn.msftauthimg.net/dbd5a2dd-pglwtvfgjxd-jsxdxcu-ixstqem6dnqipplqonbe8ro/logintenantbrand
https://www.skype.com/go/allrates
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
https://www.xbox.com/xbox-game-studios
http://fontello.comiconsRegulariconsiconsVersion
https://support.xbox.com/help/family-online-safety/online-safety/manage-online-safety-and-privacy-se
https://aadcdn.msftauthimg.net/dbd5a2dd-uhsmbqxf0i-fc4inz9zgqi96xh-agvghl3xbkxk-y7c/logintenantbrand
https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
https://www.skype.com/go/legal
https://mixer.com/about/tos
https://www.microsoft.
https://github.com/twbs/bootstrap/blob/master/LICENSE)
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-daldttgld72orokijcgtjn9zgk-dhdwrgaphu-0dqka/log
https://tuicura.com/offic/nexxt.php
https://www.xbox.com/
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
https://www.linkedin.com/legal/privacy-policy
https://aka.ms/DPA
https://aadcdn.msftauthimg.net/dbd5a2dd-bo8shd6svfocawg-d1lkuqyily-ch6cw-n5c0rmtwbq/logintenantbrand
https://support.xbox.com/help/friends-social-activity/community/use-safety-settings
https://www.xbox.com/Legal/ThirdPartyDataSharing

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2D14E88B-7589-11EB-90E5-ECF4BB570DC9}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2D14E88D-7589-11EB-90E5-ECF4BB570DC9}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2D14E88E-7589-11EB-90E5-ECF4BB570DC9}.dat
Microsoft Word Document
#
Click to see the 41 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\arrow_px_up[1].gif
GIF image data, version 89a, 7 x 9
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\jquery-1.7.2.min[1].js
HTML document, UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\jqueryLib[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\latest[1].eot
Embedded OpenType (EOT), Segoe UI Light family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\latest[1].woff
Web Open Font Format, TrueType, length 35900, version 0.0
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\mwfmdl2-v3.54[1].woff
Web Open Font Format, TrueType, length 26288, version 0.0
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\print-icon[1].png
PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\servicesagreement[1].htm
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\style[1].css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\RE1Mu3b[1].png
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\bootstrap.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\favicons[1].png
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\icons[1].eot
Embedded OpenType (EOT), icons family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\jquery-1.11.2.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\jquery-3.3.1.slim.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\latest[1].eot
Embedded OpenType (EOT), Segoe UI family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\override[1].css
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\privacystatement[1].htm
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\wcp-consent[1].js
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\17-f90ef1[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\2_bc3d32a696895f78c19df6c717586a5d[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\actions[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\app[1].css
ASCII text, with very long lines, with CRLF, LF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\b5-6bb6f8[1].css
UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\favicon[1].ico
MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\favicon[2].ico
MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\script[1].js
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\shell.min[1].css
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Print[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\jquery-3.3.1.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\jquery.min[1].js
HTML document, UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\latest[1].eot
Embedded OpenType (EOT), Segoe UI Semibold family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\popper.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\script[1].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\script[2].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\style[1].css
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\style[2].css
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\~DF0D97FEC405499157.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF912E71454DA88AEA.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFF1E70D0A41546C24.TMP
data
#