Analysis Report file.txt

Overview

General Information

Sample Name:	file.txt
Analysis ID:	392880
MD5:	8896a1eb844cb01ce56eddfabe90282d
SHA1:	78b25819b6270edc53c5763719b5c9f81bc3f1ac
SHA256:	7db3772473959c79e30762b7f75bbca9abd8f41f1bd4e5530db7f63b3769f873
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish44

Yara detected obfuscated html page

Queries the volume information (name, serial number etc) of a device

Classification

Signatures

Phishing:

Yara detected HtmlPhish44

Source: Yara match

File source: file.txt, type: SAMPLE

Yara detected obfuscated html page

Source: Yara match

File source: file.txt, type: SAMPLE

Source: classification engine

Classification label: mal56.phis.winTXT@1/0@0/0

Source: C:\Windows\System32\notepad.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\notepad.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32

Jump to behavior

Source: notepad.exe, 00000000.00000002.934570873.00000234A24B0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: notepad.exe, 00000000.00000002.934570873.00000234A24B0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: notepad.exe, 00000000.00000002.934570873.00000234A24B0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: notepad.exe, 00000000.00000002.934570873.00000234A24B0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\notepad.exe

Queries volume information: C:\Users\user\Desktop\file.txt VolumeInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

ID:	392880
Product:	CloudBasic
Start time:	23:35:09
Start date:	19.04.2021
Sample:	file.txt
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	8896a1eb844cb01ce56eddfabe90282d
SHA1:	78b25819b6270edc53c5763719b5c9f81bc3f1ac
SHA256:	7db3772473959c79e30762b7f75bbca9abd8f41f1bd4e5530db7f63b3769f873

Analysis Report file.txt

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

System Summary:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Screenshots

Behavior Graph

Network Map