Edit tour
Windows
Analysis Report
https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTQxMDYyLCJtZXNzYWdlX2lkIjoiMGd5MHB6amd2a3hmeTlnN24wNzkzdzQ3IzIzYWUwMmFhLWVjMDQtNGYwMy1iODk3LWM4NjMyYzU3ZDI
Overview
General Information
Detection
Captcha Phish
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Yara detected Captcha Phish
Sigma detected: Suspicious Office Token Search Via CLI
Stores files to the Windows start menu directory
Classification
- System is w10x64_ra
- chrome.exe (PID: 7104 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// cdp1.track ing.e360.s alesforce. com/click? jwt=eyJ0eX AiOiJKV1Qi LCJhbGciOi JIUzI1NiJ9 .eyJ0ZW5hb nRfaWQiOiJ hMzYwL3Byb 2QvNTBhMGY yODg2ZTg4N DA3Y2I1ODU wYmRjOWQwZ GIxZTUiLCJ jcmVhdGlvb l90aW1lIjo xNzE0MTQxM DYyLCJtZXN zYWdlX2lkI joiMGd5MHB 6amd2a3hme TlnN24wNzk zdzQ3IzIzY WUwMmFhLWV jMDQtNGYwM y1iODk3LWM 4NjMyYzU3Z DIxMyIsImN oYW5uZWxfd HlwZSI6ImV tYWlsIiwiZ XhwIjoxNzQ 1Njc3MDYyL CJyZWRpcmV jdF91cmwiO iJodHRwczo vL3ZtbWVzc 2FuZ2VyLnJ kb2NtZ2xvY mFsLmNvbS9 kb2NzL2luZ GV4LnBocD9 tYWlsPSUyM HNlYW4uZnV lbGxoYXJ0Q GJhbmthdGN pdHkuY29tJ nBhdGhzPWF ib3ZlJmxpb ms9RmF4X09 1dGxvb2siL CJpbmRpdml kdWFsX2lkI joiNDBmMjc wMDVjM2U0Z WRkMzE4MTU yNDIxMWMwZ mNiZDYifQ. HuxvS7w7UG Vjl7M8LBH9 yLcIGAIbx_ lymrlb7oZb nQ4 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6196 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2200 --fi eld-trial- handle=198 8,i,891351 7502057053 10,4321162 1355710504 66,262144 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction /pre fetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CaptchaPhish | Yara detected Captcha Phish | Joe Security | ||
JoeSecurity_CaptchaPhish | Yara detected Captcha Phish | Joe Security | ||
JoeSecurity_CaptchaPhish | Yara detected Captcha Phish | Joe Security | ||
JoeSecurity_CaptchaPhish | Yara detected Captcha Phish | Joe Security |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |