Edit tour
Windows
Analysis Report
https://www.ne16.com/t/4177044/70602841/2927387/1/124665/?f8785874=aHR0cHM6Ly93b29kLWRlY2sub3JnL3BkZi85SWRac1p5aTJEeWh3ZUcvYTFmM2IxODIyN2RiNTc4NjIzOGE2ZTc0NTE3YWQ4MDEvWEM4YXAvYTFmM2IxODIyN2RiNTc4NjIzOGE2ZTc0NTE3YWQ4MDEvWTJOc1lYSmxRR0psYkd4d1lYSjBibVZ5YzJsdVl5NWpiMjA9
Overview
General Information
Detection
HTMLPhisher
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Yara detected HtmlPhish45
Phishing site detected (based on image similarity)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden URLs or javascript code
HTML title does not match URL
Stores files to the Windows start menu directory
Classification
- System is w10x64_ra
- chrome.exe (PID: 7068 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// www.ne16.c om/t/41770 44/7060284 1/2927387/ 1/124665/? f8785874=a HR0cHM6Ly9 3b29kLWRlY 2sub3JnL3B kZi85SWRac 1p5aTJEeWh 3ZUcvYTFmM 2IxODIyN2R iNTc4NjIzO GE2ZTc0NTE 3YWQ4MDEvW EM4YXAvYTF mM2IxODIyN 2RiNTc4NjI zOGE2ZTc0N TE3YWQ4MDE vWTJOc1lYS mxRR0psYkd 4d1lYSjBib VZ5YzJsdVl 5NWpiMjA9 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6088 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2180 --fi eld-trial- handle=199 6,i,434277 9536777233 872,166813 3985232297 2338,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_45 | Yara detected HtmlPhish_45 | Joe Security | ||
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security | ||
JoeSecurity_HtmlPhish_45 | Yara detected HtmlPhish_45 | Joe Security | ||
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
Phishing |
---|
Source: |