Windows Analysis Report
Encrypt DOC2024.11.20.1983928 shared with you!.msg

{
    "explanation": [
        "Suspicious URL pattern with random parameters typical of phishing attempts",
        "Generic document sharing subject line with random numbers to create urgency",
        "Sender appears to be emailing themselves, which is unusual and suspicious"
    ],
    "phishing": true,
    "confidence": 9
}

{
    "date": "Wed, 20 Nov 2024 23:53:07 +0100", 
    "subject": "Encrypt *DOC2024.11.20.1983928* shared with you!", 
    "communications": [
        " <https://api.triofox.ai/docviewer/Viewer/DocViewer?s=79YNVmE8PeHyPztT> \n\n \n\n \n\n \n\n"
    ], 
    "from": "\"Ludwig, Valerie\" <valerie.ludwig@dallastown.net>", 
    "to": "\"Ludwig; Valerie\" <valerie.ludwig@dallastown.net>", 
    "attachements": [
        "image001.png"
    ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "VIEW DOCUMENT HERE",
  "prominent_button_name": "VIEW DOCUMENT HERE",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}

{
  "brands": []
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://api.triofox.ai

{
  "contains_trigger_text": true,
  "trigger_text": "Please wait a moment while the document is being prepared for the first-time viewing...",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}

{
  "brands": [
    "Apple"
  ]
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}

{
  "brands": [
    "Apple"
  ]
}

```json{  "legit_domain": "apple.com",  "classification": "wellknown",  "reasons": [    "The brand 'Apple' is classified as 'wellknown'.",    "The URL 'api.triofox.ai' does not match the legitimate domain 'apple.com'.",    "The domain 'triofox.ai' does not have any known association with Apple.",    "The use of a different domain extension '.ai' and the presence of 'triofox' in the domain name are suspicious.",    "The input fields labeled as 'u, n, k, n, o, w, n' do not provide clear context and could be a tactic to confuse users."  ],  "riskscore": 9}
Google indexed: False

{
    "contains_trigger_text": true,
    "trigger_text": "VIEW DOCUMENT",
    "prominent_button_name": "VIEW DOCUMENT",
    "text_input_field_labels": "unknown",
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false
}

{
  "brands": [
    "Work-Drive"
  ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "Verifying your browser to maintain secure access.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Verifying your browser to maintain secure access.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}

{
  "brands": [
    "Verifying your browser to maintain secure access"
  ]
}

{
  "brands": [
    "Cloudflare"
  ]
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://gj.hbqcbhff.ru