Windows
Analysis Report
[External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.eml
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
AI detected phishing page
AI detected potential phishing Email
AI detected suspicious Javascript
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry
Classification
- System is w10x64_ra
OUTLOOK.EXE (PID: 1364 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\[Ext ernal] 120 112 Manual Policies Overview G uide_ 8VM8 -WZPT3L-LY H1.eml" MD5: 91A5292942864110ED734005B7E005C0) ai.exe (PID: 6636 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "F5D 61493-321F -44A6-A5FE -3CF94B2B7 F1B" "D674 1B14-256A- 4566-8CCF- CCFF3A4410 77" "1364" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) Acrobat.exe (PID: 4264 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Micro soft\Windo ws\INetCac he\Content .Outlook\2 HLBY5LH\pp uhl Refere nce YQy Ma nual_12011 2.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 1360 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 7216 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 32 --field -trial-han dle=1588,i ,663691466 8748474544 ,547470892 7762410746 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
chrome.exe (PID: 7732 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// www.google .pt//url?o l=%25SERIA LbHWvutBHJ DJopw&rct= OKfqigeYGt e6egsda&sa =t&esrc=GN Oyseckdxhd s&source=& cd=Ztebgsh eior%3DBhs oepr&ved=B gaopepqje% 25SERIALbH Wvu%3D&url =amp%2Fely siumproper ties.net%2 Fgtoephye% 3Fe%3Doutl ook.office .com MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 7956 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2576 --fi eld-trial- handle=231 2,i,413469 3689153310 629,183808 0380980647 9140,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No yara matches
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
⊘No Suricata rule has matched
- • Phishing
- • Compliance
- • Networking
- • System Summary
- • Boot Survival
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Show All Signature Results
Phishing |
---|
Source: | Joe Sandbox AI: | ||
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | Classification: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |