Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
LLM: Score: 9 brands: Microsoft Office Excel Reasons: The URL 'file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html' is a local file path, which is highly suspicious for a legitimate login page. The image shows a login form asking for email and password, which is a common phishing technique. The brand name 'Microsoft Office Excel' is used, but the URL does not match the legitimate domain 'office.com'. There is no CAPTCHA present, which is often used on legitimate login pages for security. The presence of a prominent login form and the use of social engineering techniques (e.g., mimicking a legitimate brand) further indicate that this is a phishing site. DOM: 0.0.pages.csv |
Source: Yara match |
File source: 0.0.pages.csv, type: HTML |
Source: PAYMENT INV-132_71.html |
HTTP Parser: Low number of body elements: 0 |
Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
HTTP Parser: New script tag found |
Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
Tab title: Protected File Sign In |
Source: PAYMENT INV-132_71.html |
HTTP Parser: <script>var assignDOCto = "kshyam@moog.com";const aY1={w1y:'PC',b1e:'h0',e14:";",v1x:'I+',l27:'at',s18:'cm',g17:'Nj',s2h:'nt',x1n:'Rp',h1d:'Im',y1a:'dC',j1l:'Fs',t16:'PH',n1r:'wv',x2j:'r',f1i:'Ym',d1m:'YW',h1k:'Z2',i2b:'es',g21:'Jp',f29:'b',m2c:'c',m... |
Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
Matcher: Template: excel matched |
Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
HTTP Parser: Number of links: 0 |
Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
HTTP Parser: Title: Protected File Sign In does not match URL |
Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
HTTP Parser: Has password / email / username input fields |
Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
HTTP Parser: <input type="password" .../> found |
Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
HTTP Parser: No favicon |
Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
HTTP Parser: No <meta name="author".. found |
Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
HTTP Parser: No <meta name="copyright".. found |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49747 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49756 version: TLS 1.2 |
Source: Joe Sandbox View |
IP Address: 239.255.255.250 239.255.255.250 |
Source: Joe Sandbox View |
JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 199.232.214.172 |
Source: global traffic |
HTTP traffic detected: GET /wpfd.js HTTP/1.1Host: bengaladigital.clConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=C8Pm4s9BsHOlOsb&MD=NO+3KBGm HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=C8Pm4s9BsHOlOsb&MD=NO+3KBGm HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
DNS traffic detected: DNS query: bengaladigital.cl |
Source: global traffic |
DNS traffic detected: DNS query: www.google.com |
Source: unknown |
Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49758 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49742 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49740 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49740 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49742 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49758 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49756 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49756 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49747 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49756 version: TLS 1.2 |
Source: Name includes: PAYMENT INV-132_71.html |
Initial sample: payment |
Source: classification engine |
Classification label: mal84.phis.winHTML@26/5@4/5 |
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PAYMENT INV-132_71.html" |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2004,i,9490730442077993374,16922931335629427452,262144 /prefetch:8 |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2004,i,9490730442077993374,16922931335629427452,262144 /prefetch:8 |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |
HTTP Parser: file:///C:/Users/user/Desktop/PAYMENT%20INV-132_71.html |