Windows
Analysis Report
https://wetransfer.com/downloads/c3dede94d9c8b77a4c715e365d83619720250421174056/780f964fd4619af380d47a3fa4b4f24e20250421174107/826b13?t_exp=1745516456&t_lsid=c1cbfe35-fe1f-47dd-a346-99a0ddfccc65&t_network=email&t_rid=YXV0aDB8Njc4Zjg1Y2JiZTUxYTg4MDYzNjQ0Mzc3&t_s=download_link&t_ts=1745257267&utm_camp
Overview
General Information
Sample URL: | https://wetransfer.com/downloads/c3dede94d9c8b77a4c715e365d83619720250421174056/780f964fd4619af380d47a3fa4b4f24e20250421174107/826b13?t_exp=1745516456&t_lsid=c1cbfe35-fe1f-47dd-a346-99a0ddfccc65&t_net |
Analysis ID: | 1670900 |
Infos: | |
Errors
|
Detection
Score: | 64 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-04-22T09:46:18.207394+0200 | 1810007 | 1 | Potentially Bad Traffic | 192.168.2.16 | 50053 | 149.154.167.220 | 443 | TCP |
2025-04-22T09:46:19.540811+0200 | 1810007 | 1 | Potentially Bad Traffic | 192.168.2.16 | 50055 | 149.154.167.220 | 443 | TCP |
- • Phishing
- • Networking
- • System Summary
Click to jump to signature section
Phishing |
---|
Source: | Joe Sandbox AI: | ||
Source: | Joe Sandbox AI: | ||
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | Classification label: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Browser Extensions | Path Interception | Direct Volume Access | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1670900 |
Start date and time: | 2025-04-22 09:43:59 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://wetransfer.com/downloads/c3dede94d9c8b77a4c715e365d83619720250421174056/780f964fd4619af380d47a3fa4b4f24e20250421174107/826b13?t_exp=1745516456&t_lsid=c1cbfe35-fe1f-47dd-a346-99a0ddfccc65&t_network=email&t_rid=YXV0aDB8Njc4Zjg1Y2JiZTUxYTg4MDYzNjQ0Mzc3&t_s=download_link&t_ts=1745257267&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01 |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 0 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal64.phis.win@0/0@0/0 |
- No process behavior to analyse
as no analysis process or sam ple was found
- Excluded IPs from analysis (wh
itelisted): 142.250.68.227, 14 2.251.2.84, 142.250.68.238, 20 .109.210.53, 192.178.49.162, 1 50.171.27.10, 184.29.183.29, 1 92.178.49.195, 192.178.49.170 - Excluded domains from analysis
(whitelisted): clients2.googl e.com, fs.microsoft.com, accou nts.google.com, slscr.update.m icrosoft.com, translate.google apis.com, bat.bing.com, update .googleapis.com, clientservice s.googleapis.com, pagead2.goog lesyndication.com - VT rate limit hit for: https:
//wetransfer.com/downloads/c3d ede94d9c8b77a4c715e365d8361972 0250421174056/780f964fd4619af3 80d47a3fa4b4f24e20250421174107 /826b13?t_exp=1745516456&t _lsid=c1cbfe35-fe1f-47dd-a346- 99a0ddfccc65&t_network=ema il&t_rid=YXV0aDB8Njc4Zjg1Y 2JiZTUxYTg4MDYzNjQ0Mzc3&t_ s=download_link&t_ts=17452 57267&utm_campaign=TRN_TDL _01&utm_source=sendgrid&am p;utm_medium=email&trk=TRN _TDL_01