Loading ...

Play interactive tourEdit tour

Analysis Report sc.com

Overview

General Information

Sample Name:sc.com
Analysis ID:321434
MD5:a2f3a68db7863f4da11cf0255a4969e4
SHA1:fe611bbce708b77bab1b9c31eb3dd30c4a7b763a
SHA256:5411a2337cd4c63d1b0740ca513bc5c958b37777f10de80f96217368a3191b89

Most interesting Screenshot:

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish_10

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 5624 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 1720 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5624 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
sc.comJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    Phishing:

    barindex
    Yara detected HtmlPhish_10Show sources
    Source: Yara matchFile source: sc.com, type: SAMPLE
    Source: sc.comString found in binary or memory: https://i.ibb.co/7CKgHCt/ep.png
    Source: sc.comString found in binary or memory: https://i.ibb.co/9qFGmjh/miciconlogo.png
    Source: sc.comString found in binary or memory: https://i.ibb.co/F3yr74z/forgotpass.png
    Source: sc.comString found in binary or memory: https://i.ibb.co/gtKmtC9/officebg.png
    Source: sc.comString found in binary or memory: https://i.ibb.co/r5zjhmN/officebg2.png
    Source: sc.comString found in binary or memory: https://passwordreset.microsoftonline.com/
    Source: sc.comString found in binary or memory: https://pikap.kz/wp-admin/wed/server5.php
    Source: classification engineClassification label: mal48.phis.winCOM@4/5@0/0
    Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
    Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DFF37C87F1E61570B4.TMPJump to behavior
    Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
    Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5624 CREDAT:17410 /prefetch:2
    Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5624 CREDAT:17410 /prefetch:2Jump to behavior
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1O