top title background image
flash

_747031500 D747031500_A.html

Status: finished
Submission Time: 2025-02-14 09:42:13 +01:00
Malicious
Ransomware
Phishing
Trojan
Spyware
Exploiter
Evader
Remcos

Comments

Tags

  • html

Details

  • Analysis ID:
    1614924
  • API (Web) ID:
    1614924
  • Analysis Started:
    2025-02-14 09:42:14 +01:00
  • Analysis Finished:
    2025-02-14 10:01:37 +01:00
  • MD5:
    eda06343a6c8752ece0f067524c48c12
  • SHA1:
    2f0f8c05924927aa153e12cd4c65de6cec2b4f77
  • SHA256:
    09836e34e6f45bccb520b9c5e8b7be0a43945d2fd8fa0dfe58b23379d8b74164
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 15/61
malicious
Score: 10/37

IPs

IP Country Detection
104.21.96.1
United States
194.59.30.80
Germany
2.22.242.105
European Union
Click to see the 11 hidden entries
216.58.206.36
United States
162.159.61.3
United States
150.171.28.10
United States
13.74.129.1
United States
142.250.184.225
United States
172.64.41.3
United States
18.244.18.32
United States
95.101.182.19
European Union
239.255.255.250
Reserved
178.237.33.50
Netherlands
204.79.197.203
United States

Domains

Name IP Detection
www2.0zz0.com
104.21.96.1
favor-grace-fax.home-webserver.de
194.59.30.80
www.google.com
216.58.206.36
Click to see the 16 hidden entries
api.msn.com
0.0.0.0
ntp.msn.com
0.0.0.0
c.msn.com
0.0.0.0
assets.msn.com
0.0.0.0
bzib.nelreports.net
0.0.0.0
clients2.googleusercontent.com
0.0.0.0
e28578.d.akamaiedge.net
95.101.182.19
googlehosted.l.googleusercontent.com
142.250.184.225
chrome.cloudflare-dns.com
162.159.61.3
sb.scorecardresearch.com
18.244.18.32
ax-0001.ax-msedge.net
150.171.28.10
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
c-msn-pme.trafficmanager.net
13.74.129.1
a-0003.a-msedge.net
204.79.197.203
geoplugin.net
178.237.33.50
a416.dscd.akamai.net
2.22.242.105

URLs

Name Detection
favor-grace-fax.home-webserver.de
https://www2.0zz0.com/2025/01/31/04/195774460.jpg
https://www2.0zz0.com/2025/01/31/04/672996792.jpg
Click to see the 33 hidden entries
https://login.yahoo.com/config/login
http://geoplugin.net/json.gp/C
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531
https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.db56afd7ad4ece15d946.js
https://www2.0zz0.com/2025/01/
https://google-ohttp-relay-join.fastly-edge.com/Vs
https://www.google.com/accounts/servicelogin
https://www2.0zz0.com/2025/01/31/04/672996792.jpgsL
https://chrome.cloudflare-dns.com/dns-query
file:///C:/Users/user/Desktop/_747031500%20D747031500_A.html
http://www.nirsoft.net/
https://google-ohttp-relay-join.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/
https://www2.0
https://google-ohttp-relay-join.fastly-edge.com/Enabled_Notice_MPArch_M1_XS_Delay_GA4Kids_20230926
https://ntp.msn.com/bundles/v1/edgeChromium/latest/web-worker.96ac23719317b1928681.js
http://www.ebuddy.com
https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.f30eb488fb3069c7561f.js
https://www2.0zz0.com/2025/01/31/04/195774460.jpgD
https://assets.msn.com/bundles/v1/edgeChromium/latest/common.4d74ce6d770d1f2b035e.js
https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.5da1d823f3d7131a6bff.js
http://www.imvu.com
https://www2.0zz0.com/2025/01/31/04/672996792.jpgThF
https://www2.0zz0.com/2025/01/31/04/195774460.jpg)MF
https://www.autoitscript.com/autoit3/
https://clients2.googleusercontent.com/crx/blobs/ASuc5ohfQPNzGo5SSihcSk6msC8CUKw5id-p0KCEkBKwK2LS4AjdrDP0wa1qjzCTaTWEfyM52ADmUAdPETYA5vgD87UPEj6gyG11hjsvMLHGmzQgJ9F5D8s8Lo0Lbai5BQYAxlKa5esPJXukyaicyq83JwZ0HIWqzrjN/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_86_1_0.crx
http://www.autoitscript.com/autoit3/J
https://google-ohttp-relay-query.fastly-edge.com/
https://www2.0zz0.com/
https://www2.0zz0.com/2025/01/31/04/195774460.jpg2
http://geoplugin.net/json.gp
https://www.google.com
https://google-ohttp-relay-join.fastly-edge.com/
https://www2.0e

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\672996792[1].jpg
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\drvt\fdilfn.dll
Unicode text, UTF-8 text, with very long lines (1999), with CRLF line terminators
#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Temp\drvt\kmwdx.txt
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\drvt\kmwdx.txt.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\inhr1x0x.w5r\747031500 D747031500_A.js
ASCII text, with very long lines (941), with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\nkidhrkkebcikn\kmwdx.txt
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nkidhrkkebcikn\kmwdx.txt.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Downloads\_747031500 D747031500_A (1).zip (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
#
C:\Users\user\Downloads\_747031500 D747031500_A (2).zip (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
#
C:\Users\user\Downloads\_747031500 D747031500_A (3).zip (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
#
C:\Users\user\Downloads\_747031500 D747031500_A (4).zip (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
#
C:\Users\user\Downloads\_747031500 D747031500_A (5).zip (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
#
C:\Users\user\Downloads\_747031500 D747031500_A.zip (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
#
C:\Users\user\Downloads\_747031500 D747031500_A.zip.crdownload (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
#