Analysis Report http://msoffice506.weebly.com

Overview

General Information

Sample URL: http://msoffice506.weebly.com
Analysis ID: 383629
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected HtmlPhish10
HTML body contains low number of good links
HTML title does not match URL
Suspicious form URL found

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: http://msoffice506.weebly.com SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://msoffice506.weebly.com/ SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Yara detected HtmlPhish10
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\J3GPWO06.htm, type: DROPPED
HTML body contains low number of good links
Source: https://msoffice506.weebly.com/ HTTP Parser: Number of links: 0
Source: https://msoffice506.weebly.com/ HTTP Parser: Number of links: 0
HTML title does not match URL
Source: https://msoffice506.weebly.com/ HTTP Parser: Title: Sign in to your microsoft does not match URL
Source: https://msoffice506.weebly.com/ HTTP Parser: Title: Sign in to your microsoft does not match URL
Suspicious form URL found
Source: https://msoffice506.weebly.com/ HTTP Parser: Form action: https://msoffice506.weebly.com/ajax/apps/formSubmitAjax.php
Source: https://msoffice506.weebly.com/ HTTP Parser: Form action: https://msoffice506.weebly.com/ajax/apps/formSubmitAjax.php
Source: https://msoffice506.weebly.com/ HTTP Parser: No <meta name="author".. found
Source: https://msoffice506.weebly.com/ HTTP Parser: No <meta name="author".. found
Source: https://msoffice506.weebly.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://msoffice506.weebly.com/ HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49683 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49684 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49685 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49686 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49688 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49689 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49695 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49687 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49693 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49694 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.241.55.43:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.241.55.43:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: msoffice506.weebly.comConnection: Keep-Alive
Source: unknown DNS traffic detected: queries for: msoffice506.weebly.com
Source: plugins[1].js.2.dr String found in binary or memory: http://hammerjs.github.io/
Source: jquery.revealer[1].js.2.dr, jquery.trend[1].js.2.dr String found in binary or memory: http://pixelunion.net
Source: arrow-light[1].svg.2.dr String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: ga[1].js.2.dr String found in binary or memory: http://www.google-analytics.com
Source: J3GPWO06.htm.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=85161
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=749920
Source: footerSignup[1].js.2.dr String found in binary or memory: https://cdn2.editmysite.com/js/
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lM.woff)
Source: css[2].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaHUlM.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTDH52aE0lM.woff)
Source: css[2].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTDH52aHUlM.woff)
Source: css[2].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBKXvYC6trAT7RQNNK2EG7SIwPWMNlCV3lGb7U.woff)
Source: css[2].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBKXvYC6trAT7RQNNK2EG7SIwPWMNmlUHlGb7U.woff)
Source: css[3].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs169vsUhiYw.woff)
Source: css[3].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUhiYw.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUZiYw.woff)
Source: css[3].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUhiYw.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrlnANW6Cp8.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrmAB9W6Cp8.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW-.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_Of2_ROW-.woff)
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://gist.github.com/megawac/8201012
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://gist.github.com/megawac/8355978
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://github.com/WebKit/webkit/blob/master/Source/WebCore/dom/MutationObserver.cpp
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://github.com/megawac/MutationObserver.js
Source: ~DF319CEFDB770DE62E.TMP.1.dr, J3GPWO06.htm.2.dr String found in binary or memory: https://msoffice506.weebly.com/
Source: msoffice506.weebly[1].xml.2.dr String found in binary or memory: https://msoffice506.weebly.com/&quot;
Source: ~DF319CEFDB770DE62E.TMP.1.dr String found in binary or memory: https://msoffice506.weebly.com/2Sign
Source: {FDCCFF1C-9856-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://msoffice506.weebly.com/Root
Source: imagestore.dat.2.dr String found in binary or memory: https://msoffice506.weebly.com/favicon.ico
Source: J3GPWO06.htm.2.dr String found in binary or memory: https://msoffice506.weebly.com/uploads/1/3/6/6/136605011/hhhjfhdhjfhfjkvv-ll_orig.png
Source: J3GPWO06.htm.2.dr String found in binary or memory: https://msoffice506.weebly.com/uploads/1/3/6/6/136605011/hjfhhjf_orig.png
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: ga[1].js.2.dr String found in binary or memory: https://ssl.google-analytics.com
Source: ga[1].js.2.dr String found in binary or memory: https://ssl.google-analytics.com/j/__utm.gif
Source: ga[1].js.2.dr String found in binary or memory: https://stats.g.doubleclick.net/j/collect?
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: plugins[1].js.2.dr String found in binary or memory: https://twitter.com/jacobrossi/status/480596438489890816
Source: ga[1].js.2.dr String found in binary or memory: https://www.google.%/ads/ga-audiences?
Source: ga[1].js.2.dr String found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: J3GPWO06.htm.2.dr String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: recaptcha__en[1].js.2.dr, api[1].js.2.dr String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: api[1].js.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js
Source: J3GPWO06.htm.2.dr String found in binary or memory: https://www.weebly.com/signup?utm_source=internal&utm_medium=footer
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49687
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49686
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49685
Source: unknown Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49684
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49683
Source: unknown Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49684 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown Network traffic detected: HTTP traffic on port 49685 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49687 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49683 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49684 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49685 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49686 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49688 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49689 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49695 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49687 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49693 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49694 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.54:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.241.55.43:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.241.55.43:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: classification engine Classification label: mal64.phis.win@3/47@4/3
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF4850F0FA0D4B6F93.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5636 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5636 CREDAT:17410 /prefetch:2 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior