Windows Analysis Report
https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.com

Overview

General Information

Sample URL:	https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoe
Analysis ID:	1580347

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish29

AI detected suspicious Javascript

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML title does not match URL

Invalid 'forgot password' link found

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

Yara detected HtmlPhish29

Source: Yara match

File source: 1.2.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.5.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://monaghans.jimdosite.com/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as a challenge-response mechanism, the overall behavior is highly suspicious and indicative of malicious intent.
Source: 0.14.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://aweitapp.com/zeng/advance/auth/?cf-turnsti... This JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The use of `eval`, `Function` constructor, and heavily encoded strings indicates a high likelihood of malicious intent. Additionally, the script appears to be attempting to redirect the user to an unknown or suspicious domain, which further increases the risk. Overall, this script demonstrates a clear pattern of malicious activity and should be treated as a high-risk threat.

HTML body contains low number of good links

Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML body with high number of embedded images detected

HTTP Parser: Total embedded image size: 30653

HTML page contains hidden javascript code

Source: https://monaghans.jimdosite.com/

HTTP Parser: Base64 decoded: 1735034861.000000

HTML title does not match URL

HTTP Parser: Title: Confirm your identity does not match URL

Invalid 'forgot password' link found

HTTP Parser: Invalid link: Forgot password?

Invalid T&C link found

Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: Invalid link: Terms of use
Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: Invalid link: Privacy & cookies
Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: Invalid link: Terms of use
Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: Invalid link: Privacy & cookies

HTTP Parser: <input type="password" .../> found

Source: https://aweitapp.com/zeng/advance/auth/?cf-turnstile-response=0.QXqZAlA8fMRQJ_zR13dsc79idJdrl0KyXG2y6KH29qhPs7HdLDdzzysKTOERvvRdzbcgJCTbSeyX1l35dX4nLEj5u6yFVuRWpCy3i6JObV4BIWyilQ2hXjfIpZP8Vmb64IpK9Rb_eyaE5gQQsxCt_3ji8grKdpFtVXL--6-PCE5aEsWLaURgy-1hfqxYhKp3e8KYaAxkAg0plynzvhehp6LnVEPRHfjuiSarrO8lDUWjz_8JJag__O5DmqalhWadMA_R-3VwQkV6DPifhRD3fGxST0fgQrY20wjs7gOWKXS_0F9PGfE0cMxA0AX4OIYGvl6LvORq03auMxIFAokF9Z6TQ6Fcj_2P5foejUESKCWykXxUqMDmlMwbY0vtFcqo24cv85FwkfflBWCntJGbYyCZLiXSts1ZePVhkAc3JXL9ENEJ3aHk3POtq5qxwtMFWQ7624n8Pgi9LO59g05_ijBExCa8P_uueDkwtt7gGWJhM4ioJosALnTolH1fRlxvWoJtQK0g8yb5pJaiOCjzDD8WE9HRnldp5NyYdHDSOSkoAy1pstPzHG365gUQoDCwpGT4_p_rWzrXJx307UmM3khZpsJTZFnLnlUQAiaewx724tJLQ2eUuA7OjmhCSdosf8mSynuyrdH3jGQ1coCfACnNJZ_PT2gVuh8AGOMzOdvoX1JLCxUgcR3Q7aTD3kedjZGvN096X8wymkci1-9Hs0CsX_3JuftDwp_MFTOO7sU.yplelQlcy72bCcgVXpaRwQ.3f1a7efda6821d137df3f971249af42fc42a7f7a97330dc60e79c8d571e62fd3&cf-turnstile-response=0.QXqZAlA8fMRQJ_zR13dsc79idJdrl0KyXG2y6KH29qhPs7HdLDdzzysKTOERvvRdzbcgJCTbSeyX1l35dX4nLEj5u6yFVuRWpCy3...

HTTP Parser: No favicon

Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: No <meta name="author".. found
Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: No <meta name="author".. found

Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: No <meta name="copyright".. found
Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.194.30.59:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.75:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.194.30.59:443 -> 192.168.2.16:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.88:443 -> 192.168.2.16:49809 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200

Source: global traffic	DNS traffic detected: DNS query: app.salesforceiq.com
Source: global traffic	DNS traffic detected: DNS query: monaghans.jimdosite.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: jimdo-dolphin-static-assets-prod.freetls.fastly.net
Source: global traffic	DNS traffic detected: DNS query: fonts.jimstatic.com
Source: global traffic	DNS traffic detected: DNS query: jimdo-storage.freetls.fastly.net
Source: global traffic	DNS traffic detected: DNS query: aweitapp.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: at.prod.jimdo.systems
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.194.30.59:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.75:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.194.30.59:443 -> 192.168.2.16:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.88:443 -> 192.168.2.16:49809 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.win@21/34@38/237

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1864,i,9497331665577131981,9893332119093896269,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1864,i,9497331665577131981,9893332119093896269,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.19.227	unknown	United States	15169	GOOGLEUS	false
172.217.19.238	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.217.17.35	unknown	United States	15169	GOOGLEUS	false
172.217.17.46	unknown	United States	15169	GOOGLEUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
151.101.65.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
104.18.41.38	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.208.227	unknown	United States	15169	GOOGLEUS	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
54.73.104.6	at.prod.jimdo.systems	United States	16509	AMAZON-02US	false
151.101.2.79	jimdo-dolphin-static-assets-prod.freetls.fastly.net	United States	54113	FASTLYUS	false
144.76.181.177	aweitapp.com	Germany	24940	HETZNER-ASDE	false
151.101.2.137	unknown	United States	54113	FASTLYUS	false
142.250.181.106	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.83.193.244	apiq-apiv1-06027f9a-pb-48692342.us-west-2.elb.amazonaws.com	United States	237	MERIT-AS-14US	false
151.101.130.79	unknown	United States	54113	FASTLYUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
64.233.161.84	unknown	United States	15169	GOOGLEUS	false
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false
162.159.128.70	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
jimdo-dolphin-static-assets-prod.freetls.fastly.net	151.101.2.79	true
jsdelivr.map.fastly.net	151.101.65.229	true
at.prod.jimdo.systems	54.73.104.6	true
aweitapp.com	144.76.181.177	true
code.jquery.com	151.101.66.137	true
jimdo-storage.freetls.fastly.net	151.101.2.79	true
challenges.cloudflare.com	104.18.94.41	true
www.google.com	172.217.21.36	true
apiq-apiv1-06027f9a-pb-48692342.us-west-2.elb.amazonaws.com	35.83.193.244	true
app.salesforceiq.com	unknown	unknown
cdn.jsdelivr.net	unknown	unknown
monaghans.jimdosite.com	unknown	unknown
fonts.jimstatic.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	false	unknown
https://aweitapp.com/zeng/advance/auth/	true	unknown
https://monaghans.jimdosite.com/	true	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 24 09:07:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	08A1EC5999CF1C79052043A5CCE240B6	A10E3402563AEAADD6A47D8ECEFDF2C3BD43A98B	8471AB852F7446674F7B418E3E713B7018C8F457164101843F48786826653851
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 24 09:07:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	327B2A38EB71C31FA22013DCAEF808DB	8A720F50A3E4BEF6BDD4EC165BF9E41129920EAC	8BFD025787EFB29B3B5377C73D05CD01A33B5A982FA37348F5F86477515545B7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A2827BE20E259728654C719C3EC694D3	5A63EFE5A52BE4DA25A582ED60F2F4F793563449	895CFE29F15781CFC2A829306D89166379590DD342B0384EE8B234D538718723
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 24 09:07:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	CFB8D6860E2A4E23CEFFB0113223CD87	9EF1571F56850112D013071910AE4557787F8158	CA546E93D9BAC76568B8141F59FE2F676175F011E2C664FEB4F01EE0A44AC366
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 24 09:07:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5E60FBA86E46E2F7F9AD1ABBEE06C130	1E22937C0C63F80AB865567B0D16A5169AA2DB9E	FF0E3272297D46EE1BD64951FCC342E0D5BBD503DADA72E543E4DB6B79AD12F5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 24 09:07:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BB556A1CB12E7ECDA1D9505F240993B5	1D72A406AD9CD18980B4DB9F7B0B434D7CAC8321	2EF000EA53D4AD25136907D099077360BD24AB14878FB1827D7E7B7F18C72CCA
Chrome Cache Entry: 102	PNG image data, 32 x 32, 8-bit colormap, non-interlaced	FD400ADA20E53B4BB4EFBBEB0C0E16FD	16C4AEFE874E9B5952A1E72528E1011BD38D8772	E29475FE49A5A23D5ECA32E07367AA425D4A1F32D75DFE7E6D8D0398C35802CE
Chrome Cache Entry: 103	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 104	Web Open Font Format (Version 2), TrueType, length 18596, version 1.0	C83E4437A53D7F849F9D32DF3D6B68F3	FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC	D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB
Chrome Cache Entry: 105	PNG image data, 52 x 40, 8-bit/color RGBA, non-interlaced	8244AF7FE59CC67A3B69CD98F19862C6	C0D505C27802EBC71C5D551A55D56A78138EA3A7	F8917DA114B5593AFD3C934A2A588DB7191D6E645833B6809D81DE64722CD21A
Chrome Cache Entry: 107	ASCII text, with very long lines (47691)	9046FDD8B20F930F537279DEDE41E747	EBB905F60D71F45D056D42E6096736EA8C2D4BD9	5AAC9E52F80011983676C03AD8120E0369E651E6357D0B05054026A3BC8EC32D
Chrome Cache Entry: 108	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	547988BAC5584B4608466D761E16F370	C11BB71049702528402A31027F200184910A7E23	70E32B2DB3F079BB0295A85A0DB15ED9E5926294DD947938D6CFA595F5AB18B4
Chrome Cache Entry: 109	ASCII text, with very long lines (8758), with no line terminators	CF85FD1B43230D8B2D492A2DEC6034A9	AFE0B06BA0A24F467B50CEA1FE872547E36D94CB	12BDBDF31D5C4CCB392047565971BDBC2D26F5B9340101DF9939CD62BABD093E
Chrome Cache Entry: 111	ASCII text	A90A2E5B9A3C097A815681A49DA9E6A1	1142CB363AB1A35E64546ED886CFD00B5093F504	308FCE1E8CC31B982E8ED8A78A0729F7935F0056FDCE41483C59691B1339599E
Chrome Cache Entry: 113	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 114	RIFF (little-endian) data, Web/P image, VP8 encoding, 160x81, Suserng: [none]x[none], YUV color, decoders should clamp	7B1B76B5CB3E7A98E128058737C37061	B5EE89B072B9A42FCFFA7BEFF84B18D1A86F029A	3E13BA8B7E730C2407B47D851AF424D38079980C67AAE9552D26DF4B3E9BDA95
Chrome Cache Entry: 115	Unicode text, UTF-8 text, with very long lines (3041)	330F013E490C23ECCF4165233F84FCE9	D02A244218EAD5C4304443EE866C8DAE6E06CBFA	F56B5EC40D7D6C6FF186940DDF6D916591E9B2C6621409C71B961966B25BB31B
Chrome Cache Entry: 119	PNG image data, 263 x 31, 8-bit/color RGBA, non-interlaced	EF984B9CE53801ADAE1FAE29B5A5792F	653DE3EACDAA9B38634892A021FF63CC46D84C2E	C2B2CA401F18B83BB197CED34FB80BAE4A3E3E2259F86CE4946EFE36BB7ACADF
Chrome Cache Entry: 120	ASCII text	D4D3BF56F6DCF7B0220086286683B0DB	3F62226BD5AC9DF07A47BACE316C7348E27809DA	2312D413C757DA161B5B3FE8394ACC86414CC6888937866918B68EAD29222083
Chrome Cache Entry: 121	ASCII text, with no line terminators	3E3A9DBE5828D868CF824DB636665521	96E9874716E098DDAEAFE1A30A3AD201085B1A28	F9A7BA5B9CEFD0301A4367E653D5EFBE8F6913977C6CB137811D554CE936E941
Chrome Cache Entry: 122	Web Open Font Format (Version 2), TrueType, length 18536, version 1.0	8EFF0B8045FD1959E117F85654AE7770	227FEE13CEB7C410B5C0BB8000258B6643CB6255	89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
Chrome Cache Entry: 123	PNG image data, 82 x 45, 8-bit/color RGB, non-interlaced	A937F05DABEFBA26BD0FCAF811A31C85	75B8323B3721D72630F417220CF07B4F5108B3D1	15E5DFBAD3DE1E903B137A6B48628C2759D5491442D6D6967DB415CC002B88E2
Chrome Cache Entry: 124	PNG image data, 51 x 42, 8-bit/color RGBA, non-interlaced	E198D3D3F75FF270E4DE1C36E0BF4A8A	C9B68D5472B2B32B46CB0922CEC0FEA76ABB1DC3	029B50BBBC9BCE1593AE21671033736AE44111EE275E346B6316AE508DD61685
Chrome Cache Entry: 82	HTML document, ASCII text, with very long lines (7885)	4167CA0E6CB607659B044553EDBA7728	B5F57FD5FD0598D8C7CDD345E8B831F9DABCF800	29F20B60A484C85B90399FACD7D0158A1703009F24A6060F4E58703B8A7CED8D
Chrome Cache Entry: 84	PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced	333EE830E5AB72C41DD9126A27B4D878	12D8D66EBB3076F3D6069E133C3212F97C8774E1	8702292CBC365E9F0488143E2B309B85EFE09C61FD2E0A2E21C53735A309313C
Chrome Cache Entry: 85	PNG image data, 50 x 58, 8-bit/color RGBA, non-interlaced	804F72421862425A01D9697F9F36C9A2	B73DF25467E364FB229E7715E5393B5931491977	112D2EAC21572A13C7DC55466DDD3091E28829611716C911714C05D183CFC56C
Chrome Cache Entry: 87	PNG image data, 61 x 73, 8-bit/color RGBA, non-interlaced	F69BD1A8C5D18C08C140445DC8DBC7E2	ED7CBF47983BD9B39D188A531C350C3B3D05DB0E	C6E325A690B4378B2C1E25F604A4E1F197910F75B55218A495FACFF076ADF97B
Chrome Cache Entry: 88	ASCII text, with very long lines (2804)	0CB699A5581C3F985C95D7622A448B27	22E6428F3893AB5F272C4A4D7C694CC0F9C67E20	D156C15C56A07666D0DE4E518C4960DA11648012D8B0ADB6AD0D549A45594E30
Chrome Cache Entry: 89	PNG image data, 49 x 63, 8-bit/color RGBA, non-interlaced	3AFF8064BB4CA017473290B5E3B9F949	D3F110D0C60CD21D3F7A2725157FC419F5B9DD99	153A445447F6DC712D29916BE3B172055729D7E132B5E75041C34BCF4AF19951
Chrome Cache Entry: 90	assembler source, ASCII text, with very long lines (496)	EEC1FE57631C3131ECAB62E7E23BD3A3	C7EC2AC57DA9CC7D4D1C8377D120C036E554596C	9A39C818CE6292F1BF464FD5DD438DFCB6170373DB5C229FE7EA7DC77C37B0EF
Chrome Cache Entry: 93	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 160x81, components 3	CDEAF92CE81730893807A21D8C8613ED	540CC0BE8D969824F0B987F95D59585780FB3640	00042792777EC22816A408039DF9C19EB84BFE8E0B78A3E2D0818D3240552D5B
Chrome Cache Entry: 94	ASCII text, with very long lines (8798), with no line terminators	93F8859BC7D7C2E3AA66D469DFB317C8	C2D6BA16BFDEAE29961B971CA39CEBADC4CC4D5D	CB436B64DF31234D779B06AED2A9F8008715AAA2CAFC8C9D0DCCA9E02D15F159
Chrome Cache Entry: 95	Web Open Font Format (Version 2), TrueType, length 8000, version 1.0	72993DDDF88A63E8F226656F7DE88E57	179F97EC0275F09603A8DB94D4380EB584D81CD5	F4E80D9DFD374D02989B87A27B5ED4CB78FBB177C27F1478E9A8B0AFB7513149
Chrome Cache Entry: 99	ASCII text, with very long lines (65458)	B96C3C7D1244E87AB4F16AC94DDD4254	6ABC794A482DF8DB01E2EA3F33DB367D2B7255F9	CF475C968913DCF3733BAD871B90091FCEA321EF0722038749F596D33A0590F8

Phishing

Yara detected HtmlPhish29

Source: Yara match

File source: 1.2.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.5.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://monaghans.jimdosite.com/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscated nature of the code further increase the risk. While the script may have a legitimate purpose, such as a challenge-response mechanism, the overall behavior is highly suspicious and indicative of malicious intent.
Source: 0.14.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://aweitapp.com/zeng/advance/auth/?cf-turnsti... This JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The use of `eval`, `Function` constructor, and heavily encoded strings indicates a high likelihood of malicious intent. Additionally, the script appears to be attempting to redirect the user to an unknown or suspicious domain, which further increases the risk. Overall, this script demonstrates a clear pattern of malicious activity and should be treated as a high-risk threat.

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML body with high number of embedded images detected

HTTP Parser: Total embedded image size: 30653

HTML page contains hidden javascript code

Source: https://monaghans.jimdosite.com/

HTTP Parser: Base64 decoded: 1735034861.000000

HTML title does not match URL

HTTP Parser: Title: Confirm your identity does not match URL

Invalid 'forgot password' link found

HTTP Parser: Invalid link: Forgot password?

Invalid T&C link found

Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: Invalid link: Terms of use
Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: Invalid link: Privacy & cookies
Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: Invalid link: Terms of use
Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: Invalid link: Privacy & cookies

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: No <meta name="author".. found
Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: No <meta name="author".. found

Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: No <meta name="copyright".. found
Source: https://aweitapp.com/zeng/advance/auth/lczfGdmMq3tll8sERUdi6qEj7hDYNS6rtU22A9WWakxfkX9hpMwdWw1Tj4myLfPIApOb0BryixZnw0TvQt40uKGbg1N7JnYu8aQER3AyeIzPKZpMonZVocguYSHR2DgXJHTOvBjFz3GcosxVBa1JFr/verify	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.194.30.59:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.75:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.194.30.59:443 -> 192.168.2.16:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.88:443 -> 192.168.2.16:49809 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200

Source: global traffic	DNS traffic detected: DNS query: app.salesforceiq.com
Source: global traffic	DNS traffic detected: DNS query: monaghans.jimdosite.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: jimdo-dolphin-static-assets-prod.freetls.fastly.net
Source: global traffic	DNS traffic detected: DNS query: fonts.jimstatic.com
Source: global traffic	DNS traffic detected: DNS query: jimdo-storage.freetls.fastly.net
Source: global traffic	DNS traffic detected: DNS query: aweitapp.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: at.prod.jimdo.systems
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.194.30.59:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.75:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.194.30.59:443 -> 192.168.2.16:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.88:443 -> 192.168.2.16:49809 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.win@21/34@38/237

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1864,i,9497331665577131981,9893332119093896269,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1864,i,9497331665577131981,9893332119093896269,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1580347
Product:	CloudBasic
Start time:	11:07:04
Start date:	24.12.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.com