Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

http://blockstyerts.live/sharcup@wickersmith.com

Status: finished
Submission Time: 2021-06-11 18:07:24 +02:00
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    433392
  • API (Web) ID:
    800996
  • Analysis Started:
    2021-06-11 18:07:24 +02:00
  • Analysis Finished:
    2021-06-11 18:11:01 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 64
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP Country Detection
20.37.46.234
 United States
91.199.212.52
 United Kingdom
69.60.184.109
 United States
Click to see the 2 hidden entries
52.161.162.59
 United States
13.32.25.43
 United States

Domains

Name IP Detection
d26p066pn2w0s0.cloudfront.net
 13.32.25.43
blockstyerts.live
 52.161.162.59
crt.sectigo.com
 91.199.212.52
Click to see the 4 hidden entries
pop.cablelynx.com
 69.60.184.109
webmail.cablelynx.com
 0.0.0.0
zerossl.crt.sectigo.com
 0.0.0.0
logo.clearbit.com
 0.0.0.0

URLs

Name Detection
https://20.37.46.234/home?ids=38342e31372e35322e3138&email=sharcup@wickersmith.com
http://blockstyerts.live/sharcup@wickersmith.com
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/calendar-header.gif
Click to see the 49 hidden entries
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/button-addresses.gif);
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/magicmailseven_login.jpg
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/blue_bar_background.gif)
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/button_background_over.gif
https://webmail.cablelynx.com/webmail/plugins/login_auto/security.en.php
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/background-bottomheader.gif
https://webmail.cablel
http://blockstyerts.live/sharcup
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/calendar-day.gif
https://github.com/Valve/fingerprintjs2
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/button-compose.gif);
http://www.linuxmagic.com/
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/sidebar-logo.gif
http://www.opensource.org/licenses/mit-license.php)
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/button-folders.gif);
https://github.com/Modernizr/Modernizr/issues/548
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/blue_bar_background.gif
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/corporate_logo.gif
https://20.37.46.234/?sharcup
https://github.com/Modernizr/Modernizr/blob/master/feature-detects/canvas/winding.js
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/background-topheader.gif
https://webmail.cablelynx.com/favicon.ico
https://20.37.46.234/home?ids=38342e31372e35322e3138&email=sharcup
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/logged_in_as_bar_background.gif
http://www.lalit.org/lab/javascript-css-font-detect/
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/button-inbox.gif);
https://webmail.cablelynx.com/webmail/plugins/login_auto/security.en.phpmith.com
https://20.37.46.234/hve/sharcup
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/linuxmagic_logo.gif
https://webmail.cablelynx.com/webmail/plugins/login_auto/security.en.php
https://bugzilla.mozilla.org/show_bug.cgi?id=781447
https://logo.clearbit.com/wickersmith.com
https://20.37.46.Root
http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt
http://www.wizard.ca
https://webmail.cablelynx.com/webmail/images/favicon.ico
http://jsfiddle.net/NDYV8/16/
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/read-icon-bar.gif
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/button-options.gif);
https://20.37.46.8b73e0fa294bf6684fa38d
https://github.com/Valve/fingerprintjs2/issues/66
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/button_background.gif
https://20.37.46.ynx.com/webmail/plugins/login_auto/security.en.phpmith.comRoot
https://www.browserleaks.com/canvas#how-does-it-work
https://webmail.cablelynx.com/webmail/themes/skins/24hour_one/background-sidebar.gif
https://webmail.cablelome?ids=38342e31372e35322e3138&email=sharcup
http://www.stucox.com/blog/you-cant-detect-a-touchscreen/
http://jsfiddle.net/NDYV8/19/
http://magicmail.linuxmagic.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\sharcup@wickersmith[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\home[1].htm
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\htmlcanvas[1].js
 ASCII text, with very long lines
 #
Click to see the 23 hidden entries
C:\Users\user\AppData\Local\Temp\~DF5806896016F953CF.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF50C611A7B24C2A09.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF41EADA43E19DE92D.TMP
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\wickersmith[1].png
 PNG image data, 128 x 99, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\security.en[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\magicmail_003[1].css
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\webmail_options[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\magicmail_standard[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[2].ico
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\magicmail_002[1].css
 assembler source, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\10BDC45B4A27319429BBC4F08A4E8A10
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\24hour_one[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\wizard[1].css
 assembler source, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\magicmailseven_login[1].jpg
 [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2007:07:30 16:23:14], baseline, precision 8, 444x229, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\magicmail[1].css
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\button_background[1].gif
 GIF image data, version 89a, 1 x 18
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0ED2495-CB1A-11EB-90E4-ECF4BB862DED}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C709F192-CB1A-11EB-90E4-ECF4BB862DED}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C709F190-CB1A-11EB-90E4-ECF4BB862DED}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DOSBP6IX\20.37.46[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\10BDC45B4A27319429BBC4F08A4E8A10
 data
 #