xerox for hycite.htm

Status: finished

Submission Time: 2021-02-22 20:06:33 +01:00

Malicious

Phishing

HTMLPhisher

Comments

Details

Analysis ID:
356247
API (Web) ID:
614476
Analysis Started:

2021-02-22 20:06:34 +01:00
Analysis Finished:

2021-02-22 20:14:12 +01:00
MD5:
158eb35645b71b26b2afd86759768631
SHA1:
c4d06a2c43fd948127d9dfc9880302163cae82ea
SHA256:
5873df6b96a855b79f32aaf44098777bbac335debc6a9ebee8aadcf50fd7077a
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 76	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
92.204.219.148	Germany
239.255.255.250	Reserved
187.33.160.8	Brazil
Click to see the 1 hidden entries
142.250.186.33	United States

Domains

Name	IP	Detection
euro2.safelinks.protection.hycite.mkanet.com.br	187.33.160.8
googlehosted.l.googleusercontent.com	142.250.186.33
curryhut.de	92.204.219.148
Click to see the 3 hidden entries
clients2.googleusercontent.com	0.0.0.0
secure.aadcdn.microsoftonline-p.com	0.0.0.0
www.curryhut.de	0.0.0.0

URLs

Name	Detection
https://www.curryhut.de/vendor/bin/data/common/login
https://www.curryhut.de/vendor/bin/data/common/login2
https://www.curryhut.de/vendor/bin/data/common/loginEnter
Click to see the 26 hidden entries
https://www.curryhut.de/vendor/bin/data/
https://www.curryhut.de/vendor/bin/data/common/login
https://www.curryhut.de/vendor/bin/data?ss=2&ea=66d676172636961406879636974652e636f6d2
https://www.curryhut.de/vendor/bin/data/?ss=2&ea=66d676172636961406879636974652e636f6dg
http://euro2.safelinks.protection.hycite.mkanet.com.br/inbox/66d676172636961406879636974652e636f6d8
http://euro2.safelinks.protection.hycite.mkanet.com.br/inbox/66d676172636961406879636974652e636f6dEn
https://clients2.googleusercontent.com
https://www.curryhut.de/vendor/bin/data/login.php?ss=2&ea=66d676172636961406879636974652e636f6dEnter
http://euro2.safelinks.protection.hycite.mkanet.com.br/inbox/66d676172636961406879636974652e636f6d2
https://www.curryhut.de/vendor/bin/data/
https://www.curryhut.de/vendor/bin/data?ss=2&ea=66d676172636961406879636974652e636f6dd
https://feedback.googleusercontent.com
https://www.curryhut.de/vendor/bin/data/login.php?ss=2&ea=66d676172636961406879636974652e636f6d2
https://www.curryhut.de/vendor/bin/data/?ss=2&ea=66d676172636961406879636974652e636f6d
https://www.curryhut.de/vendor/bin/data/files2/favicon.ico
http://euro2.safelinks.protection.hycite.mkanet.com.br/inbox/66d676172636961406879636974652e636f6d
https://www.curryhut.de/vendor/bin/data/files/enc.js
https://curryhut.de/K
https://www.curryhut.de/
https://www.curryhut.de/vendor/bin/data/login.php?ss=2&ea=66d676172636961406879636974652e636f6d
https://www.curryhut.de/vendor/bin/data?ss=2&ea=66d676172636961406879636974652e636f6d
https://www.curryhut.de/vendor/bin/data/?ss=2&ea=66d676172636961406879636974652e636f6dEnter
https://www.curryhut.de
https://www.curryhut.de/vendor/bin/data/?ss=2&ea=66d676172636961406879636974652e636f6d2
https://www.curryhut.de/vendor/bin/data?ss=2&ea=66d676172636961406879636974652e636f6dEnter
https://dns.google

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fb42f2be-e238-41b0-a7da-3f02fe7fa994.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e025eb74-386b-44ca-9ec7-b862b5c4620f.tmp	ASCII text, with very long lines, with no line terminators	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004	MPEG-4 LOAS	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b0afc06f-4b92-4c3f-bc6d-fee8371e7619.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\695de0af-ffc2-4c28-bc33-7aadafac8e1d.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\81597e5e-51ec-4e46-99d0-380bb257020f.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	ASCII text	#
C:\Users\user\AppData\Local\Temp\2de9e900-f895-4027-b87e-945b099bfde3.tmp	Google Chrome extension, version 3	#
C:\Users\user\AppData\Local\Temp\scoped_dir6436_180364208\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir6436_180364208\CRX_INSTALL\_locales\bn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir6436_180364208\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir6436_180364208\CRX_INSTALL\_locales\ar\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir6436_180364208\CRX_INSTALL\_locales\am\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\scoped_dir6436_180364208\2de9e900-f895-4027-b87e-945b099bfde3.tmp	Google Chrome extension, version 3	#
C:\Users\user\AppData\Local\Temp\74bae696-64fc-437b-bd1d-a05987b597f1.tmp	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\6436_562182264\manifest.fingerprint	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\6436_295851065\manifest.fingerprint	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\6436_178149882\manifest.fingerprint	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\6436_1751050358\manifest.fingerprint	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\6436_163599434\manifest.fingerprint	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	data	#
C:\Users\user\AppData\Local\Temp\18b0406f-e190-436e-b911-ac4b03219b3f.tmp	Google Chrome extension, version 3	#
C:\Users\user\AppData\Local\Temp\13ff4d19-05c1-4fae-8ae1-8e2abb7a6165.tmp	very short file (no magic)	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\fd3d28ad-759d-460c-8dd1-5ac37fa25839.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\d8294c39-7fc6-4c5e-ac47-900c793c31f3.tmp	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\cad3c80c-3c40-4eb3-8118-0c082e9dc960.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\b6e6bfab-0c09-4863-bb69-4f86ce60f77e.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir6436_269622570\Ruleset Data	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\9.19.0\Indexing in Progress	empty	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\9dd8c7ba-7749-4c80-a969-9b6b2a10dcbc.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1aa724cf792052df_0	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\94d628e7-228b-4248-96e6-14065bc38f81.tmp	very short file (no magic)	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\917c4f24-2a5b-4fb1-aa7b-7f28003ed308.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8a241a21-4cf2-458f-b1f8-ca5795f960ff.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\65dc9078-a0e1-4f0c-b4b3-b362348565cc.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6151a037-daac-4c88-b48f-47c7245b2452.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\566188ca-3e3d-4691-84ab-775fc032e1b2.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\49549b0f-c9a5-40d2-8079-c22f7b317658.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\81c27780-15e0-4c46-8f6b-5fb750f8a238.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\7d0999bb-a852-4fef-b148-451c6f32d392.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\7bd0fecb-0671-44ea-b8af-79b2e901fbb1.tmp	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\65097fcd-84d4-4cc2-81d3-102cf113f249.tmp	SysEx File -	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\63850275-7c82-4ea5-8435-7114f72cd700.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\36ca6d31-5e37-4d16-b0b9-cc97ec28b742.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\2c93ef4b-9f0a-4b67-8e4a-4666324f17e6.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\17e693f9-593c-4ad3-9b57-0bf545848475.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\001102a7-c24d-4173-a7bd-785bc1571c33.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 59134 bytes, 1 file	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	#
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG	ASCII text	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal	data	#

xerox for hycite.htm

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

xerox for hycite.htm Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

xerox for hycite.htm