Edit tour
Windows
Analysis Report
https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3MzAwLCJtZXNzYWdlX2lkIjoiMGd5MGJnNjBqOTJwcmNuZjhhNHNxYWpwIzZjY2RmYjMyLWJiNzgtNGQwNC1hYWYwLTg3MjdkMTg4MjZ
Overview
General Information
Detection
Captcha Phish
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Yara detected Captcha Phish
HTML page contains hidden URLs or javascript code
Sigma detected: Suspicious Office Token Search Via CLI
Classification
- System is w10x64
- chrome.exe (PID: 1292 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 1464 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2116 --fi eld-trial- handle=201 6,i,628171 5248989916 148,141294 7657849537 4566,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- chrome.exe (PID: 2420 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://cdp1. tracking.e 360.salesf orce.com/c lick?jwt=e yJ0eXAiOiJ KV1QiLCJhb GciOiJIUzI 1NiJ9.eyJ0 ZW5hbnRfaW QiOiJhMzYw L3Byb2QvNT BhMGYyODg2 ZTg4NDA3Y2 I1ODUwYmRj OWQwZGIxZT UiLCJjcmVh dGlvbl90aW 1lIjoxNzE0 MTM3MzAwLC JtZXNzYWdl X2lkIjoiMG d5MGJnNjBq OTJwcmNuZj hhNHNxYWpw IzZjY2RmYj MyLWJiNzgt NGQwNC1hYW YwLTg3Mjdk MTg4MjZlMy IsImNoYW5u ZWxfdHlwZS I6ImVtYWls IiwiZXhwIj oxNzQ1Njcz MzAwLCJyZW RpcmVjdF91 cmwiOiJodH RwczovL3Zt bWVzc2FuZ2 VyLnJkb2Nt Z2xvYmFsLm NvbS9kb2Nz L2luZGV4Ln BocD9tYWls PSUyMGhiYX J0aGxvd0Bz ZWN1cnVzdG VjaG5vbG9n aWVzLmNvbS ZwYXRocz1h Ym92ZSZsaW 5rPUZheF9P dXRsb29rIi wiaW5kaXZp ZHVhbF9pZC I6IjQ0NDY4 NzI5YzA1N2 Q5ZDJjYzNi YjZlOTc3ND g3MzUyIn0. AryFGbNWOu t6hGg1x_WB Q4QL5QU_wg gDk6q2PUj7 rNI" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CaptchaPhish | Yara detected Captcha Phish | Joe Security | ||
JoeSecurity_CaptchaPhish | Yara detected Captcha Phish | Joe Security | ||
JoeSecurity_CaptchaPhish | Yara detected Captcha Phish | Joe Security |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |