Windows
Analysis Report
RicevutaPagamento_115538206.dat
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
chrome.exe (PID: 5920 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t C:\Users \user\Desk top\Ricevu taPagament o_11553820 6.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 6944 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2068 --fi eld-trial- handle=186 8,i,542020 8313826216 992,296272 3356564100 624,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
- • Phishing
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Boot Survival
Click to jump to signature section
Phishing |
---|
Source: | LLM: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | OCR Text: | ||
Source: | OCR Text: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Extra Window Memory Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ifidpal09.serv00.net | 31.186.83.254 | true | false | unknown | |
cdn.glitch.me | 18.66.102.85 | true | false | unknown | |
cdn.glitch.com | 18.239.36.12 | true | false | unknown | |
aboribona.serv00.net | 128.204.223.111 | true | false | unknown | |
www.google.com | 142.250.185.164 | true | false | unknown | |
cdn.glitch.global | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.186.78 | unknown | United States | 15169 | GOOGLEUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
18.66.102.46 | unknown | United States | 3 | MIT-GATEWAYSUS | false | |
31.186.83.254 | ifidpal09.serv00.net | Poland | 57367 | ECO-ATMAN-PLECO-ATMAN-PL | false | |
128.204.223.111 | aboribona.serv00.net | Poland | 57367 | ECO-ATMAN-PLECO-ATMAN-PL | false | |
74.125.71.84 | unknown | United States | 15169 | GOOGLEUS | false | |
18.239.36.12 | cdn.glitch.com | United States | 16509 | AMAZON-02US | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.185.174 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.185.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
151.101.2.132 | unknown | United States | 54113 | FASTLYUS | false | |
142.250.74.195 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.186.99 | unknown | United States | 15169 | GOOGLEUS | false | |
18.66.102.85 | cdn.glitch.me | United States | 3 | MIT-GATEWAYSUS | false |
IP |
---|
192.168.2.16 |
192.168.2.4 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1534029 |
Start date and time: | 2024-10-15 14:14:52 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | RicevutaPagamento_115538206.dat |
Detection: | MAL |
Classification: | mal60.phis.winDAT@14/14@18/168 |
- Exclude process from analysis
(whitelisted): dllhost.exe, sv chost.exe - Excluded IPs from analysis (wh
itelisted): 142.250.74.195, 14 2.250.185.174, 74.125.71.84, 1 51.101.2.132, 151.101.66.132, 151.101.130.132, 151.101.194.1 32, 34.104.35.123 - Excluded domains from analysis
(whitelisted): clients2.googl e.com, accounts.google.com, j. sni.global.fastly.net, edgedl. me.gvt1.com, clientservices.go ogleapis.com, clients.l.google .com - Not all processes where analyz
ed, report is missing behavior information - VT rate limit hit for: Ricevu
taPagamento_115538206.dat
Input | Output |
---|---|
URL: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": true, "trigger_text": "Confirm your identity! This PDF document is encoded with your SMTP mail server. Please login your email account credentials below to view protected document.", "prominent_button_name": "View Document", "text_input_field_labels": [ "Email ID:", "PASSWORD:" ], "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false } |
URL: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it Model: claude-3-haiku-20240307 | ```json { "brands": [ "Adobe" ] } |
URL: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": true, "trigger_text": "Confirm your identity! This PDF document is encoded with your SMTP mail server. Please login your email account credentials below to view protected document.", "prominent_button_name": "Download", "text_input_field_labels": [ "Email ID:", "PASSWORD:" ], "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false } |
URL: file:///C:/Users/user/Desktop/RicevutaPagamento_115538206.html?13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd13Z44SQZC3Ej6rjmt28Mh3smjx5CXmxwd4fghhd&#valdigneenergiesrl@pec.cvaspa.it Model: claude-3-haiku-20240307 | ```json { "brands": [ "Adobe" ] } |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9791774582072414 |
Encrypted: | false |
SSDEEP: | |
MD5: | 83366802A4E6EEA5097365B0B971E088 |
SHA1: | 103144CA8FC86812B9CA522EAE1E17B3D21C4305 |
SHA-256: | 94C1342AF564B84A0CE8A0D2FB58959E03EC66E9A328C04DEA8D4D695A0CD846 |
SHA-512: | 7E4E0436A3DCA786FEAB4D184243635DF5A29291E4973A84133BC8F91264BF60EBD01053A58BB76F4C94EB972DACAD06BD5F4C5FA2AA37B8BB65EF86BB65CB8D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.998871858192137 |
Encrypted: | false |
SSDEEP: | |
MD5: | A863A6CD1DE99E83A18D0B04F5C920B0 |
SHA1: | 6EBB43B1951517C187DFC3DDAEFA72764A30416D |
SHA-256: | 6C468CC9CB9122B37A68CE769AB9E9C49AF6643C618C1292866A7A2D54B18D3F |
SHA-512: | CBB799E841D6097E440A6A2CBB46A3207328D8C07A93247DC82C15499BA02424BAEF456471C96BF9D69F0C88A750E6628C7D3ED2EDF071FBF600822244C0D33B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.003252905087099 |
Encrypted: | false |
SSDEEP: | |
MD5: | BF55E88548720D110FA5E1E2436D09A8 |
SHA1: | FF66C81EFE8F777E9426AA4A305032786D2B119D |
SHA-256: | 121951D68DC5EFFED79D0F227DC4B8AF0F5BCEF45DE2B7C5D39579C6D43F7894 |
SHA-512: | 962E4108D9E7751E3DD2FB066964675A3A62542328826E89FDD0E0E17A11BE44FDC64A50220F89883750BCE9B4C028416E2D483D9695F7D77468A290D0BE19D9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.996368408980403 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7EEE0164F0F6E12D42F56891E53B5F0C |
SHA1: | 45C90420978A154A47EF6B6C771C6DFD34A2CCCE |
SHA-256: | 34910F8B6B19D92A0D36EFB7578B7C8B0C62CE4C1560C7129DED63BCBE65129D |
SHA-512: | 78A105510D848B8FB499F2EDF2933ED8E9FC79F2503469E1CA502B46C9B04A578A4345CEB69B36D0D66C1FAB3E64F163821DEE466A165836155A6A076B654807 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.98272861855935 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0E57551A026C05BA6EF7792BF7A0E801 |
SHA1: | 3AB60D8B98BF42618962AC56627B98E7ED4C2EDB |
SHA-256: | 01308F0CD75CB357CFF3784ED952907BE78FB5EDE0417222B12F297A85CF7D4A |
SHA-512: | 02D8F987E998B9F9909358131726386721E453B8330E3A0D3DCB1216492D72DEA0C36ED06010CA08D6B483827D7E3B510E038165F4AB853B0D2E496121C1BBCE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.991673696404869 |
Encrypted: | false |
SSDEEP: | |
MD5: | BC435DCE37F6C73AF8C6ECC6998A8CA6 |
SHA1: | C1AD1CDEAFF9E0804D13CEDCD0AC6F44EB833EDD |
SHA-256: | 9E1F19FCC5C244F02DCEF3D3BD59D8BE9DE4454C5D8362684AC7BB2A1F464FAC |
SHA-512: | 8CC10BB5950C3319FB878C1A42AAAB92939AE4A9AAE9BFD9E51C1E74A3960608DDCBB5B3FED38AF1EED7061B071B7F117C53E5CD613F44CD24D1CC1175AA9563 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 299620 |
Entropy (8bit): | 7.975316501404528 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4E1AA6161CB1C491AF9B9FBED5B276ED |
SHA1: | 0D79D1D83F18CAD12A1207265E1F5E856E2DE939 |
SHA-256: | 6896978E524BB56E29EEF550AB6608D75F3192B304F40909DDAC858B86438685 |
SHA-512: | 154070BFA413D718E9E693D6D69D3FB8E4FAB5BC713B4CC5FB9E784BB1BAE9B0FB920B05DE8A6A6B21BD1A5E66A5D45DBCF1ACEDA53830A33678D6EA5DA55A8F |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdn.glitch.global/6466ab9f-616f-41cd-9e21-7c7f365ab274/dropbox-bg.png?v=1678527540074 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 85578 |
Entropy (8bit): | 5.366055229017455 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2F6B11A7E914718E0290410E85366FE9 |
SHA1: | 69BB69E25CA7D5EF0935317584E6153F3FD9A88C |
SHA-256: | 05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E |
SHA-512: | 0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB |
Malicious: | false |
Reputation: | unknown |
URL: | https://aboribona.serv00.net/bena/index_files/jquery.min.js.download |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39717 |
Entropy (8bit): | 7.955753495690928 |
Encrypted: | false |
SSDEEP: | |
MD5: | E4388133537B1F42C6138C18D719F949 |
SHA1: | 6D2963F3462F5B4FA5061BE4696C830509CC4778 |
SHA-256: | 58761CDE7886C796F27C9283C903E296A7DE07DE05ED447B49EA198FEEA884FF |
SHA-512: | 9E8F4BA903129390633E2CFE159B99EDC999D0DDEF199A49DB0BB4BCD64566826398706C0A19FFD313F6DF31864E9E5C8B2421CEB5E8F8AD82747AD6C9FF2BDA |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 56295 |
Entropy (8bit): | 7.975405710436488 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9DA00E7D1CE45E16EDE4380159617637 |
SHA1: | 53FA1EBE4DB9A187E7D222900E0F95C6FB234625 |
SHA-256: | EB99A9A3FC4349FFA77CEFBD09D46AC646D3D9645569A2ABD0E9F084DF127DD1 |
SHA-512: | 0A978F7578BBF632D0992DFB8EABD767F6970F04F4F68BD82D8892A47DC929A5A7E65D7D5455D49C6074296D5D879B23A8052AF46BCF9F82CA5EEB65066F75D6 |
Malicious: | false |
Reputation: | unknown |
URL: | https://aboribona.serv00.net/bena/index_files/66be8b92-cc1a-4be8-acd4-55f7384def65_secure.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61022 |
Entropy (8bit): | 7.086247256389387 |
Encrypted: | false |
SSDEEP: | |
MD5: | 030155FB903E3526AE4D460F131EAB65 |
SHA1: | 850544184938BC2FB1AD57B807205E3AC654D0A2 |
SHA-256: | E9D799F426B22004C33E534CF0A63F1236F1A3C18A941E899DDCFABDDDF8C846 |
SHA-512: | 5816CFFA0FCECBEEE2FAED0A4E42AD437F25C33547904287DAF108D1DC4352FDD49C85D82519C48D4EF47F637777225826AAEBE854C05509006971CB0DAFFB4C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 277738 |
Entropy (8bit): | 7.975325156656214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0DEED3F0A46531729B246B5ABA174B5B |
SHA1: | 13F25D3E2180114534C8AD7175D87E2347119936 |
SHA-256: | FA64B9395142155F60F6E872BE7CA62E4848541ED7D11C7E810F060A1DCE8E6E |
SHA-512: | D715E30A8B38D871A13BECF01732A289ED9019F0FA5938631078B1AA4FA032A0635E6F5BE1DDDB3A6F647847F8EE7AA552E2185EABB8651140274DEC5AEA3D4B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5114 |
Entropy (8bit): | 7.824561659228853 |
Encrypted: | false |
SSDEEP: | |
MD5: | 908013190F506E28135B03E680BBD946 |
SHA1: | E0C6772F76908753CD5343ABB185FF0536500F11 |
SHA-256: | 49D260B9E0BFC26EF114CAB13C8E7915A9CD4D5306CB99458359A898C70B4A10 |
SHA-512: | 98864E7200762BDC2E7601CF6AAE5B7A4416685064EA7F429ABC8A35E8C4C0E6D0BCB6C6BB4616BB847986F7200717BFCED5DDB55DA25423BED44C42A9A91934 |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdn.glitch.me/66be8b92-cc1a-4be8-acd4-55f7384def65%2Ffavicon.jpg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40808 |
Entropy (8bit): | 5.373477028185836 |
Encrypted: | false |
SSDEEP: | |
MD5: | F3B8CE97FF6CE324DA6232DA353ADF40 |
SHA1: | 2A3DAABC70232C6350AB48D32605DC4A6AC1F1FA |
SHA-256: | 2AC46EBEE46D515BE86DEEBA385B4E41F8CFF160364B362C9A6E153DF327C66B |
SHA-512: | 000D41CE9E50D0AD4A6A728A9AF37FE1DDC844A565BFD3D883014FBE6DF69CF3BA412F321F51CEECB6E0075A6088EC4FB5F7A0E73127D9B6BAE0C51CA89C7A08 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 5.491967359249238 |
TrID: |
|
File name: | RicevutaPagamento_115538206.dat |
File size: | 58'069 bytes |
MD5: | 3ff31f5a667e02c82983f0e49d70e4a8 |
SHA1: | ae6fc05c0bd624ee9095434633f00227a2cf8158 |
SHA256: | 1073ba7a5951034457c4a895a9e76df11ac390d4feb3faa634e8e499095b921c |
SHA512: | 777c0460cb40aefb456ae49b57e32d9af4869b3404d51aea48ec555ad4e94d06c59625191d3c520091b6b2db89575f18cc770e26d714b9aafd3921504a4cf50c |
SSDEEP: | 1536:XAgs2La/gfc5O2SkO8tAhYtAhiAMAHOeb8jAjkPMDs9J0GAfTZ32T:Ps2La1TvO8tAYtAitWOeoj6kwNG1 |
TLSH: | 684350C329EA2773D4E83155423DC1879D16EC9835B0C0E85ECBC5EACA2D7E649DF81A |
File Content Preview: | <script>function addQueryParameter(key,value){var queryString=window.location.search;if(queryString===""){queryString="?"+key+value;}else{var existingValue=getParameterValue(key);if(existingValue!==null){queryString=queryString.replace(key+existingValue,k |
Icon Hash: | 173149cccc490307 |