Windows Analysis Report
skm_03029876554.htm

Overview

General Information

Sample Name:	skm_03029876554.htm
Analysis ID:	831024
MD5:	b5d7fc94a3f36ff6ef2d544577e2ba77
SHA1:	88a5a06a5e4aa9c9a83c2ffd44cc9aeb44a8ba87
SHA256:	62aea8fb264b0ad6e5076e98c5c67f99cf484680ee0df854c7917a13418a5e6a
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Multi AV Scanner detection for submitted file

HTML document with suspicious title

Phishing site detected (based on image similarity)

Drops files with a non-matching file extension (content does not match file extension)

Invalid 'forgot password' link found

None HTTPS page querying sensitive user data (password, username or email)

No HTML title found

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: skm_03029876554.htm

Virustotal: Detection: 25%

Perma Link

Phishing

Phishing site detected (based on favicon image match)

Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match	File source: skm_03029876554.htm, type: SAMPLE
Source: Yara match	File source: 58594.0.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	Matcher: Found strong image similarity, brand: Microsoft image: 58594.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD

Invalid 'forgot password' link found

Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	HTTP Parser: Invalid link: Forgot my password
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	HTTP Parser: Invalid link: Forgot my password

None HTTPS page querying sensitive user data (password, username or email)

Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	HTTP Parser: Has password / email / username input fields

No HTML title found

Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	HTTP Parser: HTML title missing

Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Source: acrord32.exe	Memory has grown: Private usage: 2MB later: 31MB
Source: chrome.exe	Memory has grown: Private usage: 5MB later: 29MB

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.13.64
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.76.141
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.76.141
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.13.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.3.243.146
Source: unknown	TCP traffic detected without corresponding DNS query: 192.3.243.146
Source: unknown	TCP traffic detected without corresponding DNS query: 192.3.243.146
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99

Source: unknown

HTTP traffic detected: POST /yms/new_action.php HTTP/1.1Host: customtaxplanning.comConnection: keep-aliveContent-Length: 71Accept: application/json, text/javascript, */*; q=0.01User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Origin: nullAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 65 6d 61 69 6c 3d 64 65 62 62 69 65 2e 6e 61 6b 61 73 68 69 6d 61 25 34 30 63 61 6e 79 6f 6e 73 2e 65 64 75 26 70 61 73 73 77 6f 72 64 3d 54 65 73 74 6f 6e 6c 79 6e 6f 74 61 72 65 61 6c 70 61 73 73 77 6f 72 64 21 Data Ascii: email=debbie.nakashima%40canyons.edu&password=Testonlynotarealpassword!

Source: unknown

DNS traffic detected: queries for: amidaworld.com

Source: global traffic

HTTP traffic detected: GET /set/style.css HTTP/1.1Host: amidaworld.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

System Summary

HTML document with suspicious title

Source: file:///C:/Users/eyup/Desktop/skm_03029876554.htm

Tab title: Sign in to your account

Source: skm_03029876554.htm

Virustotal: Detection: 25%

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\eyup\Desktop\skm_03029876554.htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1776,i,8774751515711196105,4137559805763673810,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1776,i,8774751515711196105,4137559805763673810,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\eyup\Downloads\sa100-2021.pdf
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\eyup\Downloads\sa100-2021.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\eyup\Downloads\0743ed68-e186-4fdd-be66-e56798cabd74.tmp

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\eyup\AppData\Local\Temp\acrord32_sbx\A9pi4hwn_1u6bam5_1dg.tmp

Source: classification engine

Classification label: mal72.phis.winHTM@38/27@7/174

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\eyup\Downloads\sa100-2021.pdf.crdownload

Jump to dropped file

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
216.58.212.164	unknown	United States	15169	GOOGLEUS	false
172.217.16.206	clients.l.google.com	United States	15169	GOOGLEUS	false
151.101.0.144	unknown	United States	54113	FASTLYUS	false
52.109.13.64	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.205	accounts.google.com	United States	15169	GOOGLEUS	false
69.16.175.42	unknown	United States	20446	HIGHWINDS3US	false
20.189.173.15	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.3.243.146	unknown	United States	36352	AS-COLOCROSSINGUS	false
192.229.221.95	unknown	United States	15133	EDGECASTUS	false
192.3.140.99	amidaworld.com	United States	36352	AS-COLOCROSSINGUS	false
152.199.23.37	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
52.109.76.141	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.99	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
cs1100.wpc.omegacdn.net	152.199.23.37	true
accounts.google.com	142.250.185.205	true
www.google.com	142.250.186.100	true
clients.l.google.com	172.217.16.206	true
amidaworld.com	192.3.140.99	true
clients2.google.com	unknown	unknown
code.jquery.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/eyup/Desktop/skm_03029876554.htm	true		low
http://amidaworld.com/set/style.css	false	Avira URL Cloud: safe	unknown

ID:	831024
Product:	CloudBasic
Start time:	01:03:39
Start date:	21.03.2023
Sample:	skm_03029876554.htm
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Architecture:	WINDOWS
MD5:	b5d7fc94a3f36ff6ef2d544577e2ba77
SHA1:	88a5a06a5e4aa9c9a83c2ffd44cc9aeb44a8ba87
SHA256:	62aea8fb264b0ad6e5076e98c5c67f99cf484680ee0df854c7917a13418a5e6a
Filetype:	HyperText Markup Language (12001/1) 20.69%

Name	Type	MD5	SHA1	SHA256
C:\Users\eyup\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index	COM executable for DOS	85F192DA73838B74673431BC56B4ACFC	EF8AE1B58CEC1A00F27C85BC03BBE3F65B44B6DC	BA48E6DF6DCA51CFF662ED01CE07D5C11EACBF8F62AE036D54EFD2AD48C7EC23
C:\Users\eyup\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)	COM executable for DOS	85F192DA73838B74673431BC56B4ACFC	EF8AE1B58CEC1A00F27C85BC03BBE3F65B44B6DC	BA48E6DF6DCA51CFF662ED01CE07D5C11EACBF8F62AE036D54EFD2AD48C7EC23
C:\Users\eyup\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-230321000632Z-238.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54	38327A90092CAC6C4FC9638C31153D31	A776D8DE3C60296038D8FCC3AD6C850E1DFEDE07	16C3DA8CD1D17DEF93284EC5F121912E6FD4A4E4997CE14B04B584DD06142372
C:\Users\eyup\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\eyup\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json	JSON data	9C021B642B15DC8101446194BA02B5C1	CDA3794446008F3E73288B270EF20A66EFEF0ECC	D2B14AD1218BA9107E4AA69F93108E0CF67940EF421DBC8BA34ACA9FBDED7E0D
C:\Users\eyup\AppData\Local\Adobe\Acrobat\DC\UserCache.bin	data	D61BAC3B8217D3AD798E5074710D725A	B6D19A7783A90B7B27BCB5F15D3EBE826489E1BE	8C5E5610296C1A6C2883B1282786C8C74283D92407086064AD60D31A524CFE30
C:\Users\eyup\AppData\Local\Temp\acrord32_sbx\A9pi4hwn_1u6bam5_1dg.tmp	PDF document, version 1.6, 0 pages	415A3E1EC16C8BBF1C59F10905C6B5C2	A557237DB395902676ECF4121C8E4D53F11A5821	39ED393C1C2D9E2AE0FE6B5BDA63371BC7CDBB8CD37226A874DB1E1B37574CC8
C:\Users\eyup\Documents\Outlook Files\Outlook Data File - NoEmail.pst	data	13C11A5715992237A09B81E73A061528	330B58D8BCF3E9183A4D6C605E651346DE96949B	75C5758E43AD5DC9E5FED5AFE0E1FAB4BAB99EA412D2C4512A0BB2D2BF867F7F
C:\Users\eyup\Downloads\0743ed68-e186-4fdd-be66-e56798cabd74.tmp	PDF document, version 1.6 (zip deflate encoded)	1CB582FAE8CAA96E56AEF44F41EB7F31	1F77ED6BF5F55DDFE08D0001604EC699452388B0	65C913B0D1A088AAEED06CC308EE68AF6E6716BBC0FAA8F295F5D32034B66983
C:\Users\eyup\Downloads\sa100-2021.pdf (copy)	PDF document, version 1.6 (zip deflate encoded)	8B6D1B4C2E818F61AC264C1106C3190B	A1BE39455B10CA90D13DBACF066DAE85148F1765	BD8C253F36B54B82DC61AFFFD76FD041AFCC72ABAA34D27A5C2F46F4E08F3A66
C:\Users\eyup\Downloads\sa100-2021.pdf.crdownload	PDF document, version 1.6 (zip deflate encoded)	8B6D1B4C2E818F61AC264C1106C3190B	A1BE39455B10CA90D13DBACF066DAE85148F1765	BD8C253F36B54B82DC61AFFFD76FD041AFCC72ABAA34D27A5C2F46F4E08F3A66
Chrome Cache Entry: 123	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 124	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 126	assembler source, ASCII text	F0F452924F2FF22B5C73A3D99BDA9349	27AD12AAE7B126C0B55AD418C7F0F55491F0DB49	B1B322FEC0D1640F1C1FE868AF8F9CB0965912A7E45E56943DE55710165027D3
Chrome Cache Entry: 127	SVG Scalable Vector Graphics image	A9CC2824EF3517B6C4160DCF8FF7D410	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
Chrome Cache Entry: 128	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 130	ASCII text, with very long lines (32030)	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF

Windows Analysis Report
skm_03029876554.htm

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report skm_03029876554.htm

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
skm_03029876554.htm