Edit tour
Windows
Analysis Report
http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=
Overview
General Information
Detection
HTMLPhisher
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden URLs or javascript code
HTML title does not match URL
Classification
- System is w10x64
- chrome.exe (PID: 4944 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2180 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2480 --fi eld-trial- handle=239 2,i,117321 2649671754 8433,17344 4274694541 19980,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6456 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://t.cm.m organstanl ey.com/r/? id=h1b92d1 4%2C134cc3 3c%2C1356b e32&p1=www .saiengrou p.com%2Fte az%2F648c4 82b60b3906 833c9304ba b170add%2F JBVNhz%2FY W15LmNoZW5 AZG91Ymxlb GluZS5jb20 =" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | SlashNext: |
Phishing |
---|
Source: | Matcher: | ||
Source: |