flash

https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d

Status: finished
Submission Time: 23.02.2021 16:00:42
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    356753
  • API (Web) ID:
    615489
  • Analysis Started:
    23.02.2021 16:01:11
  • Analysis Finished:
    23.02.2021 16:07:09
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
48/100

IPs

IP Country Detection
204.93.216.87
United States
152.199.23.37
United States
52.144.52.222
United States
Click to see the 1 hidden entries
104.16.19.94
United States

Domains

Name IP Detection
cs1100.wpc.omegacdn.net
152.199.23.37
cdnjs.cloudflare.com
104.16.19.94
origin-bms.kaseya.com
52.144.52.222
Click to see the 6 hidden entries
manmedia.org
204.93.216.87
stackpath.bootstrapcdn.com
0.0.0.0
bms.kaseya.com
0.0.0.0
code.jquery.com
0.0.0.0
aadcdn.msftauth.net
0.0.0.0
ajax.aspnetcdn.com
0.0.0.0

URLs

Name Detection
0
https://manmedia.org/offic/n.page/actions.js
https://aadcdn.msftauthimg.net/dbd5a2dd-xs-ly6aik51q1xmokwuzg7cgil517bv-ngigbudd-ua/logintenantbrand
Click to see the 28 hidden entries
https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
https://my.navyfederal.org/NFOAA_Auth/resources/img/css/img-billboard-BG.svg);
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/log
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201
https://code.jquery.com/jquery-3.3.1.slim.min.js
https://bms.kaseya.com/media/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWd
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/cdnbundles/converged.v2.login.m
https://aadcdn.msftauthimg.net/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/logintenantbrand
https://getbootstrap.com/)
https://tuicura.com/offic/next2.php
https://aadcdn.msftauthimg.net/dbd5a2dd-2ivja-xubozxczt8hkuyvxiwoa4vmtaxu-16djdwpc4/logintenantbrand
https://manmedia.org/offic/n.page/jqueryLib.js
https://aadcdn.msftauthimg.net/dbd5a2dd-pglwtvfgjxd-jsxdxcu-ixstqem6dnqipplqonbe8ro/logintenantbrand
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
https://aadcdn.msftauthimg.net/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logintenantbrandi
https://github.com/twbs/bootstrap/graphs/contributors)
https://aadcdn.msftauthimg.net/dbd5a2dd-uhsmbqxf0i-fc4inz9zgqi96xh-agvghl3xbkxk-y7c/logintenantbrand
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logi
http://logo.clearbit.com/
https://github.com/twbs/bootstrap/blob/master/LICENSE)
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-daldttgld72orokijcgtjn9zgk-dhdwrgaphu-0dqka/log
https://tuicura.com/offic/nexxt.php
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
http://opensource.org/licenses/MIT).
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai7
https://aadcdn.msftauthimg.net/dbd5a2dd-bo8shd6svfocawg-d1lkuqyily-ch6cw-n5c0rmtwbq/logintenantbrand
https://manmedia.org/offic/n.page/style.css

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\46f3fddd-165c-4cd8-9412-436cd19deef5[1].html
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partial
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{835A355E-7633-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
#
Click to see the 28 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8DE2B5D7-7633-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{835A3560-7633-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8DE2B5D9-7633-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99A12787-7633-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99A12788-7633-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A0830FD3-7633-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\favicons[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\popper.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\style[1].css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\bootstrap.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\jquery-3.3.1.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\jquery-3.3.1.slim.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\favicons[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\jquery.min[1].js
HTML document, UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\jqueryLib[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\2_bc3d32a696895f78c19df6c717586a5d[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\GetFile[1].htm
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\actions[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF08A6A974461167F6.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF103DA5E400CC909F.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF40225EC25177EE78.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF53DE5289B795A3FC.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF777BD55EE7EDB1EC.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF874DF126B3AAC6A6.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFA5536591CEF1A655.TMP
data
#
C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partial:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html:Zone.Identifier
ASCII text, with no line terminators
#