Windows Analysis Report
https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

Overview

General Information

Sample URL: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html
Analysis ID: 1427705
Infos:

Detection

HTMLPhisher
Score: 92
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Yara detected HtmlPhish29
Yara detected HtmlPhish44
HTML page contains obfuscate javascript
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Submit button contains javascript call

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing
barindex
Phishing site detected (based on favicon image match)
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev Matcher: Template: microsoft matched with high similarity
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish10
Source: Yara match File source: 0.0.pages.csv, type: HTML
Yara detected HtmlPhish29
Source: Yara match File source: 0.0.pages.csv, type: HTML
Yara detected HtmlPhish44
Source: Yara match File source: dropped/chromecache_53, type: DROPPED
HTML page contains obfuscate javascript
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html HTTP Parser: document.write( unescape( %3C%21%44%4F%43%54%59%50%45%20%48%54%4D%4C%3E%3C%68%74%6D%6C%3E%3C%68%65%6
Phishing site detected (based on image similarity)
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html Matcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html Matcher: Template: microsoft matched
HTML body contains low number of good links
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html HTTP Parser: <input type="password" .../> found but no <form action="...
HTML title does not match URL
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html HTTP Parser: Title: Sign in to your Office365 account does not match URL
Submit button contains javascript call
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html HTTP Parser: On click: submit_form()
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html HTTP Parser: <input type="password" .../> found
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html HTTP Parser: No <meta name="author".. found
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /updatemypassword.html HTTP/1.1Host: pub-ac902c48ff244e4fbf44f3e3296d093d.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/jquery/3.5.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /*https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg*/ HTTP/1.1Host: pub-ac902c48ff244e4fbf44f3e3296d093d.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /d..p/others/mi..cro---t/favicon.ico HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /d..p/others/mi..cro---t/favicon.ico HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown DNS traffic detected: queries for: pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 23:23:16 GMTContent-Type: text/htmlContent-Length: 27242Connection: closeServer: cloudflareCF-RAY: 8760296fda3b1873-ATL
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: classification engine Classification label: mal92.phis.win@16/23@10/8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2252,i,10177473466307543095,12274142213128693203,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2252,i,10177473466307543095,12274142213128693203,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1427705 URL: https://pub-ac902c48ff244e4... Startdate: 18/04/2024 Architecture: WINDOWS Score: 92 24 Antivirus / Scanner detection for submitted sample 2->24 26 Phishing site detected (based on favicon image match) 2->26 28 Yara detected HtmlPhish44 2->28 30 5 other signatures 2->30 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49723 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 part-0012.t-0009.t-msedge.net 13.107.213.40, 443, 49747 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->18 20 part-0013.t-0009.t-msedge.net 13.107.213.41, 443, 49756 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->20 22 6 other IPs or domains 11->22
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.18.3.35
 pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev United States
13335 CLOUDFLARENETUS false
142.250.105.99
 www.google.com United States
15169 GOOGLEUS false
199.36.158.100
 cdn-jm-tools.web.app United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
13.107.213.41
 part-0013.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.213.40
 part-0012.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
104.17.25.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.4

Contacted Domains

Name IP Active
part-0013.t-0009.t-msedge.net 13.107.213.41 true
pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev 104.18.3.35 true
cdnjs.cloudflare.com 104.17.25.14 true
www.google.com 142.250.105.99 true
part-0012.t-0009.t-msedge.net 13.107.213.40 true
cdn-jm-tools.web.app 199.36.158.100 true
fp2e7a.wpc.phicdn.net 192.229.211.108 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js false
    		high
    https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html true
      		unknown
      https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg false
      • URL Reputation: safe
      		 unknown
      https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg false
      • URL Reputation: safe
      		 unknown
      https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css false
      • URL Reputation: safe
      		 unknown
      https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png false
      • URL Reputation: safe
      		 unknown
      https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/favicon.ico false
      • URL Reputation: safe
      		 unknown