Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848

Overview

General Information

Sample URL:	https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848
Analysis ID:	1558081

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

AI detected landing page (webpage, office document or email)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Invalid 'forgot password' link found

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 3964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1920,i,6116323049918806105,9771225765546259776,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=

Joe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'jayquarters.com' does not match the legitimate domain for Microsoft., The URL does not contain any recognizable association with Microsoft, which is suspicious., The presence of input fields related to account access and creation is common in phishing sites attempting to harvest credentials., The domain 'jayquarters.com' does not have any known association with Microsoft, increasing the likelihood of phishing. DOM: 2.6.pages.csv

AI detected landing page (webpage, office document or email)

Source: https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848

Joe Sandbox AI: Page contains button: 'Open' Source: '1.4.pages.csv'

Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=

HTTP Parser: Number of links: 0

Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848

HTTP Parser: Base64 decoded: sv=o365_1_nom&rand=WTFjZWs=&uid=USER04112024U15110412

Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=

HTTP Parser: Title: Authenticating ... does not match URL

Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=

HTTP Parser: Invalid link: Forgot password?

Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: Invalid link: Terms of use
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: Invalid link: Privacy & cookies
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: Invalid link: Terms of use
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: Invalid link: Privacy & cookies
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: Invalid link: Terms of use
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: Invalid link: Privacy & cookies
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: Invalid link: Terms of use
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: Invalid link: Privacy & cookies

Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=

HTTP Parser: <input type="password" .../> found

Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No favicon
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No favicon
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No favicon
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No favicon

Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No <meta name="author".. found
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No <meta name="author".. found
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No <meta name="author".. found
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No <meta name="author".. found

Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No <meta name="copyright".. found
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No <meta name="copyright".. found
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No <meta name="copyright".. found
Source: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:65341 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:65341 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:65341 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:65341 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:65341 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:65341 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:65341 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: viewstripo.email
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: tlr.stripocdn.email
Source: global traffic	DNS traffic detected: DNS query: frvcbnx.stripocdn.email
Source: global traffic	DNS traffic detected: DNS query: jayquarters.com
Source: global traffic	DNS traffic detected: DNS query: cdn.socket.io
Source: global traffic	DNS traffic detected: DNS query: www.w3schools.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: grastoonm3vides.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 65398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 65370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 65369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 65386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65408
Source: unknown	Network traffic detected: HTTP traffic on port 65399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65409
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65406
Source: unknown	Network traffic detected: HTTP traffic on port 65408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65404
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65402
Source: unknown	Network traffic detected: HTTP traffic on port 65387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65403
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65417
Source: unknown	Network traffic detected: HTTP traffic on port 65382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65411
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65412
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65410
Source: unknown	Network traffic detected: HTTP traffic on port 65348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65413
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65393
Source: unknown	Network traffic detected: HTTP traffic on port 65390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65390
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65391
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65397
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65394
Source: unknown	Network traffic detected: HTTP traffic on port 65355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65388
Source: unknown	Network traffic detected: HTTP traffic on port 65406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 65343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65399
Source: unknown	Network traffic detected: HTTP traffic on port 65367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65344 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65351
Source: unknown	Network traffic detected: HTTP traffic on port 65416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65346
Source: unknown	Network traffic detected: HTTP traffic on port 65368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65349
Source: unknown	Network traffic detected: HTTP traffic on port 65385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65360
Source: unknown	Network traffic detected: HTTP traffic on port 65356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65356
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65357
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65355
Source: unknown	Network traffic detected: HTTP traffic on port 65380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65375
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65373
Source: unknown	Network traffic detected: HTTP traffic on port 65357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65366
Source: unknown	Network traffic detected: HTTP traffic on port 65400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65382
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65380
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65383
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65384
Source: unknown	Network traffic detected: HTTP traffic on port 65379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65379
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65376
Source: unknown	Network traffic detected: HTTP traffic on port 65405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65377

Source: classification engine

Classification label: mal52.phis.win@23/6@40/258

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1920,i,6116323049918806105,9771225765546259776,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1920,i,6116323049918806105,9771225765546259776,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false		high
jayquarters.com	108.167.141.193	true	true		unknown
frvcbnx.stripocdn.email	104.26.0.90	true	false		unknown
cs837.wac.edgecastcdn.net	192.229.133.221	true	false		high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false		high
grastoonm3vides.com	188.114.97.3	true	false		high
stats.g.doubleclick.net	64.233.184.155	true	false		high
tlr.stripocdn.email	104.26.1.90	true	false		unknown
analytics-alv.google.com	216.239.38.181	true	false		high
d2vgu95hoyrpkh.cloudfront.net	18.245.31.78	true	false		high
s-part-0036.t-0009.t-msedge.net	13.107.246.64	true	false		high
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false		high
www.google.com	142.250.184.196	true	false		high
td.doubleclick.net	142.251.116.155	true	false		high
viewstripo.email	52.208.21.62	true	false		unknown
aadcdn.msftauth.net	unknown	unknown	false		high
cdn.socket.io	unknown	unknown	false		high
analytics.google.com	unknown	unknown	false		high
www.w3schools.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI=	true		unknown
https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.26.1.90	tlr.stripocdn.email	United States		13335	CLOUDFLARENETUS	false
13.107.246.64	s-part-0036.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
216.239.38.181	analytics-alv.google.com	United States		15169	GOOGLEUS	false
18.245.31.78	d2vgu95hoyrpkh.cloudfront.net	United States		16509	AMAZON-02US	false
64.233.184.155	stats.g.doubleclick.net	United States		15169	GOOGLEUS	false
142.250.185.202	unknown	United States		15169	GOOGLEUS	false
216.58.206.35	unknown	United States		15169	GOOGLEUS	false
142.250.181.238	unknown	United States		15169	GOOGLEUS	false
142.250.185.163	unknown	United States		15169	GOOGLEUS	false
172.217.23.99	unknown	United States		15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
216.58.212.174	unknown	United States		15169	GOOGLEUS	false
66.102.1.84	unknown	United States		15169	GOOGLEUS	false
172.67.69.191	unknown	United States		13335	CLOUDFLARENETUS	false
142.250.184.196	www.google.com	United States		15169	GOOGLEUS	false
142.251.116.155	td.doubleclick.net	United States		15169	GOOGLEUS	false
104.26.0.90	frvcbnx.stripocdn.email	United States		13335	CLOUDFLARENETUS	false
34.104.35.123	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
172.217.18.8	unknown	United States		15169	GOOGLEUS	false
216.58.206.40	unknown	United States		15169	GOOGLEUS	false
172.217.16.206	unknown	United States		15169	GOOGLEUS	false
52.208.21.62	viewstripo.email	United States		16509	AMAZON-02US	false
192.229.133.221	cs837.wac.edgecastcdn.net	United States		15133	EDGECASTUS	false
142.250.185.238	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
188.114.97.3	grastoonm3vides.com	European Union		13335	CLOUDFLARENETUS	false
108.167.141.193	jayquarters.com	United States		46606	UNIFIEDLAYER-AS-1US	true
152.199.21.175	sni1gl.wpc.omegacdn.net	United States		15133	EDGECASTUS	false
13.35.58.91	unknown	United States		16509	AMAZON-02US	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1558081
Start date and time:	2024-11-18 23:04:12 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@23/6@40/258

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.35, 142.250.181.238, 66.102.1.84, 34.104.35.123, 216.58.206.40, 172.217.18.8, 172.217.16.206, 216.58.212.174
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, www.googletagmanager.com, clientservices.googleapis.com, clients.l.google.com, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848

LLM Input / Output

Input	Output
URL: https://viewstripo.email Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://viewstripo.email
URL: https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848 Model: Joe Sandbox AI	```json { "contains_trigger_text": true, "trigger_text": "This document contains files from the cloud, to view them, click on the \"OPEN\" button.", "prominent_button_name": "Open", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848 Model: Joe Sandbox AI	```json { "brands": [ "Excel Online", "Microsoft" ] }
	```json { "brands": [ "Excel Online", "Microsoft" ] }
URL: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI= Model: Joe Sandbox AI	```json { "contains_trigger_text": true, "trigger_text": "Trying to sign in", "prominent_button_name": "Cancel", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI= Model: Joe Sandbox AI	```json { "contains_trigger_text": true, "trigger_text": "Sign in", "prominent_button_name": "Next", "text_input_field_labels": [ "Email, phone or Skype", "No account? Create one!", "Can't access your account?" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://jayquarters.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://jayquarters.com
URL: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI= Model: Joe Sandbox AI	```json { "brands": [] } ``` The provided image does not contain any visible brand logos or identifiable brands. The image shows a login screen with the text "Trying to sign in" and a "Cancel" button, but no brand names or logos are present.

URL: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI= Model: Joe Sandbox AI	```json { "brands": [ "Microsoft" ] }
	```json { "brands": [ "Microsoft" ] }
URL: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI= Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'jayquarters.com' does not match the legitimate domain for Microsoft.", "The URL does not contain any recognizable association with Microsoft, which is suspicious.", "The presence of input fields related to account access and creation is common in phishing sites attempting to harvest credentials.", "The domain 'jayquarters.com' does not have any known association with Microsoft, increasing the likelihood of phishing." ], "riskscore": 9} Google indexed: True
URL: jayquarters.com Brands: Microsoft Input Fields: Email, phone or Skype, No account? Create one!, Can't access your account?
URL: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI= Model: Joe Sandbox AI	```json { "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI= Model: Joe Sandbox AI	```json { "brands": [ "Microsoft" ] }
	```json { "brands": [ "Microsoft" ] }
URL: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI= Model: Joe Sandbox AI	```json { "contains_trigger_text": true, "trigger_text": "Authenticating ...", "prominent_button_name": "Cancel", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://jayquarters.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdURmpaV3M9JnVpZD1VU0VSMDQxMTIwMjRVMTUxMTA0MTI= Model: Joe Sandbox AI	```json { "brands": [ "Microsoft" ] }
	```json { "brands": [ "Microsoft" ] }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 18 21:04:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.981812688238257
Encrypted:	false
SSDEEP:
MD5:	A5EA3927EFC65F069D6001464FE46289
SHA1:	A751C754682A680FCA0AE458A8166917428CE54E
SHA-256:	A7F74951409D9992912C3AB78017B46189A9D709E41184D1F52CA2E2C1E8DB46
SHA-512:	A24448486E1255986906A8539FBBDFB3A40963AAA4130A35CC89AC5979DF0C9F41E3FFDFF451CBBA836392D5EA010C18757E935EC45F846A3F6BA93418C11643
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....e...:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IrY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VrY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VrY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VrY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VrY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 18 21:04:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.998829935815988
Encrypted:	false
SSDEEP:
MD5:	568D517BDB6EB79230880320F677388F
SHA1:	B4370FE6A5DE9962659908789D7EC9BCE599DD06
SHA-256:	18EF0E4A6E0DAA4624662B6A655082A32AF4BA9D3E6DDC79FA46BA0507875F14
SHA-512:	318B4A71C0A66997FB6DAA54B70D5B3A415F4720C9571DFDFC50C28D9A4CB658FFF64815C7D0DF5F32F64DE0362B193CA393C1A6FB30DBB50FDA8D4E9DE4EF0E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IrY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VrY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VrY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VrY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VrY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.0067891984064135
Encrypted:	false
SSDEEP:
MD5:	6F4738690E29B627BA1D1C90CEC3AD58
SHA1:	3D48C02A9427162197DB42635E4BFB985B45E0AD
SHA-256:	814165109DEEF6ABB27021DD1F5C8D44A7CDA606D8EBE3508534878DDE752C3A
SHA-512:	1AB3E89301E088ABD8E4594ED1515FE4F12C0FEB1DCE4863651696F796532C9DD2D1548E9A3436A04E04A46A8C05E76B0000E7A8C97C2E3B958EFC09DEF4CEC5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IrY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VrY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VrY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VrY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 18 21:04:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9962497791776683
Encrypted:	false
SSDEEP:
MD5:	827D26BDAD10722909B910355756D0A1
SHA1:	2F59EFE279D9F76B2D86C809F447D2E47F30F6FA
SHA-256:	16D585AE00D1E2712038548EC0331A747DAB12F00A5EDEE8B51A24ECB7274F25
SHA-512:	2BAD44D09AC48BF7AD6BC63A89E8CBC383BA2498E6C97183065F9F0D164F2C097250B0C87DF0569468CEB6D9F7BC10D4C17FB9CEAE20923DF2D30DB691C23AC1
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....o....:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IrY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VrY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VrY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VrY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VrY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 18 21:04:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9858412816273163
Encrypted:	false
SSDEEP:
MD5:	1BCA40F9AA8D26B7CFD3C889EC5E582B
SHA1:	CBA908A172A2F655FB17D43EC15610C674C9EAFD
SHA-256:	BC3481645361975E651F89A09EA3E4F11CD637E1AE8C6810FD6AFDEFEC3F1D4D
SHA-512:	C95C82F2DC3A9975FB423350843AD809855285762C40865B66E9516A11BAE53750116730326BB17B9C9F75F8B25C3E2D07437AC90C26984D20ECC7CACCB68031
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....~...:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IrY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VrY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VrY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VrY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VrY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 18 21:04:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9925718339628635
Encrypted:	false
SSDEEP:
MD5:	18AAFAB2F87EA105FF3B3D08ADAB2615
SHA1:	E4719E05A85D0D0D0021C97F0BEBC6197CA39C72
SHA-256:	4F37447E11DBFF581334C51E47892F7339809ADB0ADD24A77245312258E884A5
SHA-512:	3B36A9BAF16D7B39327771563E5DC10F250A8DA9FF38D28F7DC6C88BA6604C30BA6E61FBE00BFA1C96240794A57F384901CC0835D13E0FA0CBF83F4C265C5AD6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....Pt...:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IrY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VrY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VrY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VrY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VrY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

⊘No static file info