Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://soilanalysis.co.in/protectedmessage.html

Overview

General Information

Sample URL:https://soilanalysis.co.in/protectedmessage.html
Analysis ID:756211

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
Yara detected HtmlPhish51
Phishing site detected (based on image similarity)
Yara signature match
No HTML title found

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 6928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://soilanalysis.co.in/protectedmessage.html MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
    • chrome.exe (PID: 1620 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1780,i,15225381768110615076,5547559303936029693,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
  • cleanup
SourceRuleDescriptionAuthorStrings
22653.0.pages.csvSUSP_obfuscated_JS_obfuscatorioDetects JS obfuscation done by the js obfuscator (often malicious)@imp0rtp3
  • 0x32c1:$c8: while(!![])
  • 0x32df:$d1: parseInt(_0x6e6ac0(0x123))/0x1+-parseInt(_0x6e6ac0(0x12e))/0x2*(-parseInt(_0x6e6ac0(0x135))/0x3)+parseInt(_0x6e6ac0(0x124))/0x4+-parseInt(_0x6e6ac0(0x111))/0x5*(parseInt(_0x6e6ac0(0x12b))/0x6)+
  • 0x32ff:$d1: parseInt(_0x6e6ac0(0x12e))/0x2*(-parseInt(_0x6e6ac0(0x135))/0x3)+parseInt(_0x6e6ac0(0x124))/0x4+-parseInt(_0x6e6ac0(0x111))/0x5*(parseInt(_0x6e6ac0(0x12b))/0x6)+parseInt(_0x6e6ac0(0x125))/0x7*(-
  • 0x3320:$d1: parseInt(_0x6e6ac0(0x135))/0x3)+parseInt(_0x6e6ac0(0x124))/0x4+-parseInt(_0x6e6ac0(0x111))/0x5*(parseInt(_0x6e6ac0(0x12b))/0x6)+parseInt(_0x6e6ac0(0x125))/0x7*(-parseInt(_0x6e6ac0(0x134))/0x8)+
  • 0x3340:$d1: parseInt(_0x6e6ac0(0x124))/0x4+-parseInt(_0x6e6ac0(0x111))/0x5*(parseInt(_0x6e6ac0(0x12b))/0x6)+parseInt(_0x6e6ac0(0x125))/0x7*(-parseInt(_0x6e6ac0(0x134))/0x8)+parseInt(_0x6e6ac0(0x130))/0x9+-
22653.0.pages.csvJoeSecurity_HtmlPhish_51Yara detected HtmlPhish_51Joe Security
    22653.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      No Sigma rule has matched
      No Snort rule has matched

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: Yara matchFile source: 22653.0.pages.csv, type: HTML
      Source: Yara matchFile source: 22653.0.pages.csv, type: HTML
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 32024.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 32024.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 32024.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 32024.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 32024.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 32024.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 32024.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 32024.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 32024.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 32024.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0Matcher: Found strong image similarity, brand: Microsoft image: 32024.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0HTTP Parser: HTML title missing
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0HTTP Parser: HTML title missing
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0HTTP Parser: No <meta name="author".. found
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0HTTP Parser: No <meta name="author".. found
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0HTTP Parser: No <meta name="copyright".. found
      Source: blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0HTTP Parser: No <meta name="copyright".. found
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdater
      Source: unknownDNS traffic detected: queries for: clients2.google.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
      Source: 22653.0.pages.csv, type: HTMLMatched rule: SUSP_obfuscated_JS_obfuscatorio date = 2021-08-25, author = @imp0rtp3, description = Detects JS obfuscation done by the js obfuscator (often malicious), score = , reference = https://obfuscator.io
      Source: classification engineClassification label: mal60.phis.win@25/0@9/187
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://soilanalysis.co.in/protectedmessage.html
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1780,i,15225381768110615076,5547559303936029693,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1780,i,15225381768110615076,5547559303936029693,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdater
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdater
      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath Interception1
      Process Injection
      2
      Masquerading
      OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium2
      Encrypted Channel
      Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Process Injection
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
      Non-Application Layer Protocol
      Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
      Application Layer Protocol
      Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      https://soilanalysis.co.in/protectedmessage.html0%Avira URL Cloudsafe
      https://soilanalysis.co.in/protectedmessage.html3%VirustotalBrowse
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      NameIPActiveMaliciousAntivirus DetectionReputation
      soilanalysis.co.in
      217.21.91.30
      truefalse
        unknown
        accounts.google.com
        142.250.186.45
        truefalse
          high
          cdnjs.cloudflare.com
          104.17.24.14
          truefalse
            high
            maxcdn.bootstrapcdn.com
            104.18.11.207
            truefalse
              high
              www.google.com
              172.217.18.100
              truefalse
                high
                clients.l.google.com
                142.250.185.238
                truefalse
                  high
                  use.fontawesome.com
                  unknown
                  unknownfalse
                    high
                    clients2.google.com
                    unknown
                    unknownfalse
                      high
                      code.jquery.com
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        blob:https://soilanalysis.co.in/8899ad95-3b23-426e-9ad2-79b4143063b0true
                          low
                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs
                          IPDomainCountryFlagASNASN NameMalicious
                          142.250.186.35
                          unknownUnited States
                          15169GOOGLEUSfalse
                          142.250.186.45
                          accounts.google.comUnited States
                          15169GOOGLEUSfalse
                          104.17.24.14
                          cdnjs.cloudflare.comUnited States
                          13335CLOUDFLARENETUSfalse
                          142.250.185.67
                          unknownUnited States
                          15169GOOGLEUSfalse
                          34.104.35.123
                          unknownUnited States
                          15169GOOGLEUSfalse
                          142.250.186.170
                          unknownUnited States
                          15169GOOGLEUSfalse
                          217.21.91.30
                          soilanalysis.co.inUnited Kingdom
                          12491IPPLANET-ASILfalse
                          142.250.185.132
                          unknownUnited States
                          15169GOOGLEUSfalse
                          142.250.185.238
                          clients.l.google.comUnited States
                          15169GOOGLEUSfalse
                          104.18.11.207
                          maxcdn.bootstrapcdn.comUnited States
                          13335CLOUDFLARENETUSfalse
                          69.16.175.42
                          unknownUnited States
                          20446HIGHWINDS3USfalse
                          142.250.186.106
                          unknownUnited States
                          15169GOOGLEUSfalse
                          239.255.255.250
                          unknownReserved
                          unknownunknownfalse
                          142.250.185.163
                          unknownUnited States
                          15169GOOGLEUSfalse
                          172.64.132.15
                          unknownUnited States
                          13335CLOUDFLARENETUSfalse
                          142.250.186.138
                          unknownUnited States
                          15169GOOGLEUSfalse
                          IP
                          192.168.2.1
                          127.0.0.1
                          Joe Sandbox Version:36.0.0 Rainbow Opal
                          Analysis ID:756211
                          Start date and time:2022-11-29 20:25:03 +01:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:
                          Hypervisor based Inspection enabled:false
                          Report type:light
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Sample URL:https://soilanalysis.co.in/protectedmessage.html
                          Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
                          Number of analysed new started processes analysed:5
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          Analysis Mode:stream
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal60.phis.win@25/0@9/187
                          • Exclude process from analysis (whitelisted): SIHClient.exe
                          • Excluded IPs from analysis (whitelisted): 142.250.185.67, 34.104.35.123, 142.250.186.170, 69.16.175.42, 69.16.175.10, 142.250.186.106, 172.64.132.15, 172.64.133.15, 142.250.186.138, 142.250.185.138, 142.250.184.202, 142.250.184.234, 142.250.185.202, 142.250.185.170, 216.58.212.138, 142.250.185.106, 172.217.18.106, 216.58.212.170, 142.250.74.202, 142.250.186.74, 142.250.185.74, 172.217.23.106, 142.250.185.234, 172.217.16.195, 142.250.185.163, 142.250.181.234, 172.217.16.202
                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, cds.s5x3j6q5.hwcdn.net, fonts.googleapis.com, edgedl.me.gvt1.com, login.live.com, slscr.update.microsoft.com, ajax.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, use.fontawesome.com.cdn.cloudflare.net, firebasestorage.googleapis.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtWriteVirtualMemory calls found.
                          No created / dropped files found
                          No static file info