flash

http://nlbizsolutions.com/dsswey4464/update?email=backoffice@sampension.dk

Status: finished
Submission Time: 08.04.2021 12:02:52
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    383899
  • API (Web) ID:
    669907
  • Analysis Started:
    08.04.2021 12:03:19
  • Analysis Finished:
    08.04.2021 12:07:24
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
64/100

malicious

malicious

malicious

IPs

IP Country Detection
108.179.234.125
United States
13.32.25.98
United States

Domains

Name IP Detection
sampension.dk
13.32.25.98
nlbizsolutions.com
108.179.234.125

URLs

Name Detection
http://nlbizsolutions.com/dsswey4464/update?email=backoffice@sampension.dk
http://www.nytimes.com/
http://nlbizsolutions.com/dsswey4464/update/login_files/img/middle.png
Click to see the 20 hidden entries
http://nlbizsolutions.com/dsswey4464/update/?email=backoffice
http://nlbizsolutions.com/favicon.ico
http://nlbizsolutions.com/dsswey4464/update/login_files/logo.png
http://www.youtube.com/
http://sampension.dk/favicon.ico
http://nlbizsolutions.com/dsswey4464/update/login_files/loginDialog.js
http://nlbizsolutions.com/dsswey4464/update/login_files/generatedDefaults.js
http://nlbizsolutions.com/dsswey4464/update/login_files/is
http://nlbizsolutions.com/dsswey4464/update/login_files/loginBasic.css
http://nlbizsolutions.com/dsswey4464/update/login_files/bottom.png
http://www.wikipedia.com/
http://nlbizsolutions.com/dsswey4464/update/hchgukzwr4viyk41vpqmzxrf.php?client_id=64B141FA6256F0D6E
http://www.amazon.com/
http://www.live.com/
http://nlbizsolutions.com/dsswey4464/update/?email=backoffice@sampension.dk
http://nlbizsolutions.com/dsswey4464/update/login_files/top.png
http://nlbizsolutions.com/dsswey4464/update/login_files/img/background.png
http://www.reddit.com/
http://www.twitter.com/
http://nlbizsolutions.com/dsswey4464/update/login_files/loginAdvanced.css

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\hchgukzwr4viyk41vpqmzxrf[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C2FDE609-9851-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C2FDE60B-9851-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
Click to see the 24 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C2FDE60C-9851-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\is[1]
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo[1].png
PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\update[1].htm
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\background[1].png
JPEG image data, baseline, precision 8, 620x300, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\loginDialog[1].js
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\top[1].png
PNG image data, 304 x 15, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].htm
HTML document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\generatedDefaults[1].js
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\loginAdvanced[1].css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bottom[1].png
PNG image data, 304 x 15, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\loginBasic[1].css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF0A4DF2C8364664C9.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF289FA0CBFC477D32.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFCFAEE97189D83AE6.TMP
data
#