flash

One Note shergott@vivaldicap.com.html

Status: finished
Submission Time: 22.02.2021 20:18:42
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    356261
  • API (Web) ID:
    614514
  • Analysis Started:
    22.02.2021 20:23:12
  • Analysis Finished:
    22.02.2021 20:29:30
  • MD5:
    6b9c5e9bfcf2518f66e80e941257ad09
  • SHA1:
    85c854dfc0e3ef1a85aaeb17d7a2b5ccd5b8dbaa
  • SHA256:
    ffb4ba9437ffe8c45168b3ab63006d1c7a2e38815f6da1ca37875c5855b6f5e9
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
52/100

IPs

IP Country Detection
104.16.18.94
United States

Domains

Name IP Detection
cdnjs.cloudflare.com
104.16.18.94
stackpath.bootstrapcdn.com
0.0.0.0
code.jquery.com
0.0.0.0
Click to see the 1 hidden entries
maxcdn.bootstrapcdn.com
0.0.0.0

URLs

Name Detection
file:///C:/Users/user/Desktop/One%20Note%20shergott@vivaldicap.com.html
https://login.microsoftonline.com/jsdisabled
https://github.com/twbs/bootstrap/blob/master/LICENSE)
Click to see the 20 hidden entries
https://code.jquery.com/jquery-3.3.1.slim.min.js
http://www.wikipedia.com/
http://www.amazon.com/
http://www.live.com/
http://opensource.org/licenses/MIT).
http://www.reddit.com/
http://www.twitter.com/
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
http://fontawesome.io/license
http://fontawesome.io
http://fontawesome.io/license/
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
http://www.nytimes.com/
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
http://www.youtube.com/
https://code.jquery.com/jquery-3.1.1.min.js
http://getbootstrap.com)

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5371553-758E-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F5371555-758E-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F5371556-758E-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
Click to see the 20 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\font-awesome.min[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fontawesome-webfont[1].eot
Embedded OpenType (EOT), FontAwesome family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fontawesome-webfont[2].eot
Embedded OpenType (EOT), FontAwesome family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-3.1.1.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\font-awesome[1].css
troff or preprocessor input, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\popper.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Temp\~DF21DEBDFF8AE13ED9.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF3DB5A53056DE5405.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF973A53439F94DBC8.TMP
data
#