Edit tour
Windows
Analysis Report
securedoc_20240425T124814.html
Overview
General Information
Detection
Score: | 22 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Suspicious Javascript code found in HTML file
Connects to many different domains
Detected hidden input values containing email addresses (often used in phishing pages)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Classification
- System is w10x64
- chrome.exe (PID: 5064 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "C:\Us ers\user\D esktop\sec uredoc_202 40425T1248 14.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 4908 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2556 --fi eld-trial- handle=237 6,i,169241 4057635953 4068,14692 5679700587 89830,2621 44 /prefet ch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
Phishing |
---|
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |