Source: http://hop.fyi/r1FbC |
Avira URL Cloud: Label: phishing |
Source: http://hop.fyi/r1FbC;lI(& |
Avira URL Cloud: Label: phishing |
Source: hop.fyi |
Virustotal: Detection: 12% |
Perma Link |
Source: http://198.46.178.137/xampp/rg/rg.rg.rg.rgrgrgrgrg.doc |
Virustotal: Detection: 8% |
Perma Link |
Source: http://hop.fyi/r1FbC |
Virustotal: Detection: 9% |
Perma Link |
Source: E-INVOICE.xls |
ReversingLabs: Detection: 37% |
Source: E-INVOICE.xls |
Virustotal: Detection: 23% |
Perma Link |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll |
Jump to behavior |
Source: global traffic |
TCP traffic: 192.168.2.22:49161 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49162 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49163 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49164 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49161 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 192.185.89.92:80 -> 192.168.2.22:49161 |
Source: global traffic |
TCP traffic: 192.168.2.22:49161 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49161 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 192.185.89.92:80 -> 192.168.2.22:49161 |
Source: global traffic |
TCP traffic: 192.185.89.92:80 -> 192.168.2.22:49161 |
Source: global traffic |
TCP traffic: 192.168.2.22:49161 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49162 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 198.46.178.137:80 -> 192.168.2.22:49162 |
Source: global traffic |
TCP traffic: 192.168.2.22:49162 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49162 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 198.46.178.137:80 -> 192.168.2.22:49162 |
Source: global traffic |
TCP traffic: 198.46.178.137:80 -> 192.168.2.22:49162 |
Source: global traffic |
TCP traffic: 192.168.2.22:49162 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 192.185.89.92:80 -> 192.168.2.22:49161 |
Source: global traffic |
TCP traffic: 192.168.2.22:49161 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 198.46.178.137:80 -> 192.168.2.22:49162 |
Source: global traffic |
TCP traffic: 192.168.2.22:49162 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49161 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49163 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 192.185.89.92:80 -> 192.168.2.22:49161 |
Source: global traffic |
TCP traffic: 192.185.89.92:80 -> 192.168.2.22:49163 |
Source: global traffic |
TCP traffic: 192.168.2.22:49163 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49163 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 192.185.89.92:80 -> 192.168.2.22:49163 |
Source: global traffic |
TCP traffic: 192.185.89.92:80 -> 192.168.2.22:49163 |
Source: global traffic |
TCP traffic: 192.168.2.22:49163 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49162 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49164 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 198.46.178.137:80 -> 192.168.2.22:49162 |
Source: global traffic |
TCP traffic: 198.46.178.137:80 -> 192.168.2.22:49164 |
Source: global traffic |
TCP traffic: 192.168.2.22:49164 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49164 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 198.46.178.137:80 -> 192.168.2.22:49164 |
Source: global traffic |
TCP traffic: 198.46.178.137:80 -> 192.168.2.22:49164 |
Source: global traffic |
TCP traffic: 192.168.2.22:49164 -> 198.46.178.137:80 |
Source: global traffic |
TCP traffic: 192.185.89.92:80 -> 192.168.2.22:49163 |
Source: global traffic |
TCP traffic: 192.168.2.22:49163 -> 192.185.89.92:80 |
Source: global traffic |
TCP traffic: 198.46.178.137:80 -> 192.168.2.22:49164 |
Source: global traffic |
TCP traffic: 192.168.2.22:49164 -> 198.46.178.137:80 |
Source: Joe Sandbox View |
IP Address: 198.46.178.137 198.46.178.137 |
Source: Joe Sandbox View |
IP Address: 192.185.89.92 192.185.89.92 |
Source: global traffic |
HTTP traffic detected: GET /r1FbC HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: hop.fyiConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xampp/rg/rg.rg.rg.rgrgrgrgrg.doc HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.137Connection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /r1FbC HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: hop.fyiConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xampp/rg/rg.rg.rg.rgrgrgrgrg.doc HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.137Connection: Keep-Alive |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.46.178.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.46.178.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.46.178.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.46.178.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.46.178.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.46.178.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.46.178.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.46.178.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.46.178.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.46.178.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 198.46.178.137 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\955171D8.emf |
Jump to behavior |
Source: global traffic |
HTTP traffic detected: GET /r1FbC HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: hop.fyiConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xampp/rg/rg.rg.rg.rgrgrgrgrg.doc HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.137Connection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /r1FbC HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: hop.fyiConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xampp/rg/rg.rg.rg.rgrgrgrgrg.doc HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.137Connection: Keep-Alive |
Source: global traffic |
DNS traffic detected: DNS query: hop.fyi |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Jul 2024 05:13:18 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 300Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 39 38 2e 34 36 2e 31 37 38 2e 31 33 37 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 198.46.178.137 Port 80</address></body></html> |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Jul 2024 05:13:35 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 300Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 39 38 2e 34 36 2e 31 37 38 2e 31 33 37 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 198.46.178.137 Port 80</address></body></html> |
Source: E-INVOICE.xls, B9030000.0.dr |
String found in binary or memory: http://hop.fyi/r1FbC;lI(& |
Source: E-INVOICE.xls |
OLE: Microsoft Excel 2007+ |
Source: B9030000.0.dr |
OLE: Microsoft Excel 2007+ |
Source: E-INVOICE.xls |
Stream path 'MBD00022108/\x1Ole' : http://hop.fyi/r1FbC;lI(&+pR_&Rw8%fG@I[ObaK(_1\+t=\+&*?.16.#<<{iNDDZ+'1ks\-B)UT4aA{0Hq/\bX/IaSiuN"%iAy0B%:cDjSXozvvr7xZ04X4iH43Zaa1IjK6AqdOHyddWrYYiZwMLhEZ1BXYmJ6vq7IDEHjWNIl9p4shJljkQ2RHql00aiYKaxXVXDpnfTvjXivzDHnY7DhLWeHVhA~a/Zdh o+7~30&k* |
Source: B9030000.0.dr |
Stream path 'MBD00022108/\x1Ole' : http://hop.fyi/r1FbC;lI(&+pR_&Rw8%fG@I[ObaK(_1\+t=\+&*?.16.#<<{iNDDZ+'1ks\-B)UT4aA{0Hq/\bX/IaSiuN"%iAy0B%:cDjSXozvvr7xZ04X4iH43Zaa1IjK6AqdOHyddWrYYiZwMLhEZ1BXYmJ6vq7IDEHjWNIl9p4shJljkQ2RHql00aiYKaxXVXDpnfTvjXivzDHnY7DhLWeHVhA~a/Zdh o+7~30&k* |
Source: classification engine |
Classification label: mal72.winXLS@1/8@1/2 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File created: C:\Users\user\Desktop\B9030000 |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File created: C:\Users\user\AppData\Local\Temp\CVR78F6.tmp |
Jump to behavior |
Source: E-INVOICE.xls |
OLE indicator, Workbook stream: true |
Source: B9030000.0.dr |
OLE indicator, Workbook stream: true |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: E-INVOICE.xls |
ReversingLabs: Detection: 37% |
Source: E-INVOICE.xls |
Virustotal: Detection: 23% |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll |
Jump to behavior |
Source: E-INVOICE.xls |
Initial sample: OLE indicators vbamacros = False |
Source: E-INVOICE.xls |
Initial sample: OLE indicators encrypted = True |
Source: Office document |
LLM: Score: 9 Reasons: The screenshot contains a visually prominent message stating 'This document is protected' alongside a recognizable Microsoft Office logo, which can create a false sense of legitimacy. The text 'This document is protected' implies that the user needs to take action to view the document, creating a sense of urgency. The use of the Microsoft Office logo is an attempt to impersonate a well-known brand, which can mislead users into trusting the document. The combination of these elements strongly suggests that the document could be used to trick users into clicking on a potentially harmful link, leading to a phishing page or malware download. |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: E-INVOICE.xls |
Stream path 'Workbook' entropy: 7.99648221014 (max. 8.0) |
Source: B9030000.0.dr |
Stream path 'Workbook' entropy: 7.99639050495 (max. 8.0) |