Loading ...

Play interactive tourEdit tour

Analysis Report Payment Report.html

Overview

General Information

Sample Name:Payment Report.html
Analysis ID:383613
MD5:00b8795cb028a9c742fc1c6394076d18
SHA1:4dff056dc7d685775a61e8067b50e47d824d1843
SHA256:89901d174c786d402fd36cd6d86c1acb3f25f249773b1a81ff230daea30d555c
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
JA3 SSL client fingerprint seen in connection with other malware

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 5764 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5820 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5764 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\authorize_client_id_auik4vm0-09nb-xayu-tzj2-8b39doqy0xj4_2ujigt9r4vqcam6xhskyof581wenb37dpzl0x7cpazksi4u9jfndvor60bqwm2hgy358t1leatz8peo3dxuk1vhcq0f29gy5bjim6ns4r7wl[1].htmJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Antivirus detection for URL or domainShow sources
    Source: https://vetplano.com/bhj/OfficeV4/authorize_client_id:auik4vm0-09nb-xayu-tzj2-8b39doqy0xj4_2ujigt9r4vqcam6xhskyof581wenb37dpzl0x7cpazksi4u9jfndvor60bqwm2hgy358t1leatz8peo3dxuk1vhcq0f29gy5bjim6ns4r7wl?data=am1hQHR1bGx5c3VnYXIuY29tSlashNext: Label: Fake Login Page type: Phishing & Social Engineering

    Phishing:

    barindex
    Phishing site detected (based on favicon image match)Show sources
    Source: https://vetplano.com/bhj/OfficeV4/authorize_client_id:auik4vm0-09nb-xayu-tzj2-8b39doqy0xj4_2ujigt9r4vqcam6xhskyof581wenb37dpzl0x7cpazksi4u9jfndvor60bqwm2hgy358t1leatz8peo3dxuk1vhcq0f29gy5bjim6ns4r7wl?data=am1hQHR1bGx5c3VnYXIuY29tMatcher: Template: microsoft matched with high similarity
    Yara detected HtmlPhish10Show sources
    Source: Yara matchFile source: 066656.pages.csv, type: HTML