Windows Analysis Report
https://economiesocialeestrie-my.sharepoint.com/:f:/g/personal/cynthia_economiesocialeestrie_ca/Eg3bU_gVnldCmtzlGs9oSUQBYKQRNnAURt93MlkOZFbwAg?email=gaston.stratford%40assnat.qc.ca&e=iSpthp&xsdata=MDV8MDJ8R2FzdG9uLlN0cmF0Zm9yZEBhc3NuYXQucWMuY2F8Y2RjYmI0YjE1ZGI0NGZhNmQzYjUwOGRkMTA4MmQxNTh8MWE1NjE5ODB

Overview

General Information

Sample URL:	https://economiesocialeestrie-my.sharepoint.com/:f:/g/personal/cynthia_economiesocialeestrie_ca/Eg3bU_gVnldCmtzlGs9oSUQBYKQRNnAURt93MlkOZFbwAg?email=gaston.stratford%40assnat.qc.ca&e=iSpthp&xsdata=MDV
Analysis ID:	1565418
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected BlockedWebSite

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

Yara detected BlockedWebSite

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_62, type: DROPPED

Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49722 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: economiesocialeestrie-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: can01.safelinks.protection.outlook.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49722 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@18/9@8/112

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1944,i,12943089381008826603,9414078486976265042,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://economiesocialeestrie-my.sharepoint.com/:f:/g/personal/cynthia_economiesocialeestrie_ca/Eg3bU_gVnldCmtzlGs9oSUQBYKQRNnAURt93MlkOZFbwAg?email=gaston.stratford%40assnat.qc.ca&e=iSpthp&xsdata=MDV8MDJ8R2FzdG9uLlN0cmF0Zm9yZEBhc3NuYXQucWMuY2F8Y2RjYmI0YjE1ZGI0NGZhNmQzYjUwOGRkMTA4MmQxNTh8MWE1NjE5ODBkNjc0NGQzMGEyOTc1ODhjMDdhODMzNTN8MHwwfDYzODY4NDg3NjU1MjMyNTA1OHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SkZiWEIwZVUxaGNHa2lPblJ5ZFdVc0lsWWlPaUl3TGpBdU1EQXdNQ0lzSWxBaU9pSlhhVzR6TWlJc0lrRk9Jam9pVFdGcGJDSXNJbGRVSWpveWZRPT18MHx8fA%3d%3d&sdata=YVp6WGNQM0psVGw2TU5teXRVbmhhMy9VaDRhYW5SeWdTN0pDaTBKV2p2Yz0%3d"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1944,i,12943089381008826603,9414078486976265042,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://economiesocialeestrie-my.sharepoint.com/:f:/g/personal/cynthia_economiesocialeestrie_ca/Eg3bU_gVnldCmtzlGs9oSUQBYKQRNnAURt93MlkOZFbwAg?email=gaston.stratford%40assnat.qc.ca&e=iSpthp&xsdata=MDV8MDJ8R2FzdG9uLlN0cmF0Zm9yZEBhc3NuYXQucWMuY2F8Y2RjYmI0YjE1ZGI0NGZhNmQzYjUwOGRkMTA4MmQxNTh8MWE1NjE5ODBkNjc0NGQzMGEyOTc1ODhjMDdhODMzNTN8MHwwfDYzODY4NDg3NjU1MjMyNTA1OHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SkZiWEIwZVUxaGNHa2lPblJ5ZFdVc0lsWWlPaUl3TGpBdU1EQXdNQ0lzSWxBaU9pSlhhVzR6TWlJc0lrRk9Jam9pVFdGcGJDSXNJbGRVSWpveWZRPT18MHx8fA%3d%3d&sdata=YVp6WGNQM0psVGw2TU5teXRVbmhhMy9VaDRhYW5SeWdTN0pDaTBKV2p2Yz0%3d"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.205.84	unknown	United States	15169	GOOGLEUS	false
172.217.19.238	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.17.78	unknown	United States	15169	GOOGLEUS	false
172.217.17.35	unknown	United States	15169	GOOGLEUS	false
104.47.75.220	can01.safelinks.eop-tm2.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.21.35	unknown	United States	15169	GOOGLEUS	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
can01.safelinks.eop-tm2.outlook.com	104.47.75.220	true
dual-spo-0005.spo-msedge.net	13.107.136.10	true
www.google.com	142.250.181.100	true
can01.safelinks.protection.outlook.com	unknown	unknown
economiesocialeestrie-my.sharepoint.com	unknown	unknown

ID:	1565418
Product:	CloudBasic
Start time:	19:32:21
Start date:	29.11.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 29 17:32:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	ECAF04EC5BC28DD33C12D1F38082359A	A365A2E39BF052F617E1702E82697C2EE6949541	03E72009CA8B19B5A40CB26C00031B80373A0242D5A8A3CA4D6D0AB8D3473F06
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 29 17:32:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2C5A36E7F266888697D42749E856B46E	7959F4C9BD64EEE210A0BC4176252B06650FA8C1	C103FE5D22F8B24EF7FA9EA031BB2853ED60A168F61CB7A17613AB1AF02593F4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8425D3AE09595559EE5B6E9B33D93DC7	3E86AA3E5878976731D3671EA1816BB4F744966A	72EEA04232FC023E3FC30DBAB1DC40DBFCE2D97816CE17F4822E59995522DB4D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 29 17:32:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0ACA9EF57FB4BEF0FCB31F748FE9251C	91DB69D35E9DB7974C5BD8AF6C74290FC0DA6F15	B9BEC7CA8D5F4515955C1261DBD66D6A36E9CEAA69E196EE4654EBBCB6E7E420
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 29 17:32:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	34703217706BD16247458B672839860F	E60F61FC7AEFA142A05E0C9C6EDFF3FE7327F4EA	EA02C1DCAEF200B5A60C33B9FA22C46F2D0B3CAF222DDB75D8AE542D0F2767D1
Chrome Cache Entry: 61	ASCII text, with CRLF line terminators	3AF1FDB9A3F664A6683D212F4787733A	59063D49B723A1988236C8D39C2804C6EBC5FF95	A9CE4840FF0D613B456081DEA64E46EB717A1F8BFA5AFB05D3BD058F294E416C
Chrome Cache Entry: 62	HTML document, ASCII text, with very long lines (3070), with CRLF line terminators	BC3AFC48CCE77A922F4DDF8EEE9613E2	E78FEAAAB644E643F8122A3267B6C00878D229C6	EBE9654332B6684377B4ACCD67C300DCA1D0F2D4F9CBA9D768A1FD80CF9AC724
Chrome Cache Entry: 63	PNG image data, 186 x 200, 8-bit/color RGBA, non-interlaced	FF4FEDB556605288FEC259EE6B8D5981	BBC525AB65E54999044F14FF8F31CF25EEDB7754	2809B6F62DC341D238F02C33C7347A7BA714F10B6F075BDD39A1CD7C68CE9807
Chrome Cache Entry: 65	ASCII text, with CRLF line terminators	BBAD95C4A0BE4E5775B7D5B409FBF602	FAD598750B15C207DFEF6E1FEA3C072BAEAC2B66	41F78D15AE18C36B84C819D9AF3511C342C180F0ABA8F91DC1CCF4046B56B308

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains