Windows
Analysis Report
Desligar Tr. SE SSR.lnk
Overview
General Information
Sample name: | Desligar Tr. SE SSR.lnk |
Analysis ID: | 1467015 |
MD5: | 46f8d7e32948c41618897eda16b531f6 |
SHA1: | 916f301acea34f93fc63138b762291972e4be6e3 |
SHA256: | 36c86fe2b4eb9c37228c1a52fc61c9d1f6affba3af18803ba756659b28a657f3 |
Errors
|
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Classification label: |
Source: | LNK file: |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467015 |
Start date and time: | 2024-07-03 16:28:18 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 1m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 1 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Desligar Tr. SE SSR.lnk |
Detection: | UNKNOWN |
Classification: | unknown0.winLNK@0/0@0/0 |
Cookbook Comments: |
|
- No process behavior to analyse as no analysis process or sample was found
- Corrupt sample or wrongly selected analyzer. Details: The operation was canceled by the user.
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 20.190.159.64, 20.190.159.0, 20.190.159.73, 20.190.159.75, 20.190.159.4, 20.190.159.23, 40.126.31.73, 40.126.31.67, 40.115.3.253, 2.16.100.168, 88.221.110.91, 40.113.103.199
- Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, client.wns.windows.com, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, login.msa.msidentity.com, download.windowsupdate.com.edgesuite.net, wns.notify.trafficmanager.net, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, wu-b-net.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
- VT rate limit hit for: Desligar Tr. SE SSR.lnk
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
File type: | |
Entropy (8bit): | 5.1111422761559595 |
TrID: |
|
File name: | Desligar Tr. SE SSR.lnk |
File size: | 625 bytes |
MD5: | 46f8d7e32948c41618897eda16b531f6 |
SHA1: | 916f301acea34f93fc63138b762291972e4be6e3 |
SHA256: | 36c86fe2b4eb9c37228c1a52fc61c9d1f6affba3af18803ba756659b28a657f3 |
SHA512: | 9c5f5db60de2e5652a5e73d3ded378603c4009f237643b0129b254ca6f7ea70d75f55cc0f4ad2070b58ce0139fbf4091a7c578af023b4a946ffbac0174027eeb |
SSDEEP: | 12:8iFi8pzYNbRvcXkBl4wcjCtOV9n5BMqQ/Lm4pBm:8K8nqOluC49nHwm4pBm |
TLSH: | 6CF08B3257823F9BF275A03789B55267EA22AC5BFAB05B0906D4439548B8A00A584F3A |
File Content Preview: | L..................F.. .....v/.<.....?..J.......J................................P.O. .:i.....+00.:...:...,.LB.).....A&...&........C).......3mH...A.7mH.....t.1......X.i..DESLIG~1.SES..X........X"N.X.i..........P...............@.x.D.e.s.l.i.g.a.r. .T.r... |
Icon Hash: | 30b4b4b464696d0d |
General | |
---|---|
Relative Path: | ..\..\..\..\..\Desktop\Desligar Tr. SE SSR |
Command Line Argument: | |
Icon location: |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 3, 2024 16:29:24.037846088 CEST | 1.1.1.1 | 192.168.2.5 | 0x842a | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 3, 2024 16:29:24.037846088 CEST | 1.1.1.1 | 192.168.2.5 | 0x842a | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |