Loading ...

Play interactive tourEdit tour

Analysis Report https://cccounty-my.sharepoint.com:443/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9

Overview

General Information

Sample URL:https://cccounty-my.sharepoint.com:443/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9
Analysis ID:404193
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
Phishing site detected (based on image similarity)
HTML body contains low number of good links
HTML title does not match URL
Submit button contains javascript call

Classification

Startup

  • System is w10x64
  • chrome.exe (PID: 4440 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://cccounty-my.sharepoint.com:443/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 4940 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,11341300835914849824,6073494584447434684,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1768 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

barindex
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 71557.pages.csv, type: HTML
Phishing site detected (based on image similarity)Show sources
Source: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9Matcher: Found strong image similarity, brand: Microsoft image: 71557.img.1.gfk.csv EF884BDEDEF280DF97A4C5604058D8DB
Source: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9HTTP Parser: Number of links: 0
Source: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9HTTP Parser: Number of links: 0
Source: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9HTTP Parser: Title: Sharing Link Validation does not match URL
Source: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9HTTP Parser: Title: Sharing Link Validation does not match URL
Source: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9HTTP Parser: No <meta name="author".. found
Source: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9HTTP Parser: No <meta name="author".. found
Source: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9HTTP Parser: No <meta name="copyright".. found
Source: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tskyUBhQhFZwBkm1yxjBcGA2YQ5A?e=4%3aJ55MhG&at=9HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 95.101.18.109:443 -> 192.168.2.5:49885 version: TLS 1.2
Source: unknownHTTPS traffic detected: 95.101.18.109:443 -> 192.168.2.5:49884 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: cccounty-my.sharepoint.com
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, manifest.json0.0.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://accounts.google.com
Source: be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://ajax.aspnetcdn.com
Source: Network Action Predictor-journal.0.drString found in binary or memory: https://ajax.aspnetcdn.com/
Source: c94540d4c86c0448_0.0.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.1.min.js
Source: 094e2d6bf2abec98_0.0.dr, 14557f4877e37a1a_0.0.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js
Source: 14557f4877e37a1a_0.0.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.jsaD
Source: Current Session.0.drString found in binary or memory: https://aka.ms/PrivacyReport
Source: Current Session.0.drString found in binary or memory: https://aka.ms/PrivacyReport5
Source: History-journal.0.drString found in binary or memory: https://aka.ms/PrivacyReportMicrosoft
Source: 166ee82c52b87e97_0.0.drString found in binary or memory: https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, manifest.json0.0.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://apis.google.com
Source: Network Action Predictor-journal.0.drString found in binary or memory: https://assets.onestore.ms/
Source: 000003.log0.0.drString found in binary or memory: https://cccounty-my.sharepoint.com/
Source: Favicons-journal.0.drString found in binary or memory: https://cccounty-my.sharepoint.com/:b:/g/personal/dcdresources_dcd_cccounty_us/EXTcabNAlPBEs5P2S2tsk
Source: ae966ea7cdbe242d_0.0.drString found in binary or memory: https://cccounty-my.sharepoint.com/ScriptResource.axd?d=1fDsP7T8iuixVwu-fVH5iZr4cSvnLTO52_v1doY-7Fhg
Source: 087e843a6a77f2e0_0.0.drString found in binary or memory: https://cccounty-my.sharepoint.com/ScriptResource.axd?d=XLHvvuqUg5InnNgZ7caYxePwb7iO9lfyUqU9z6CieiK1
Source: 5563163b962da706_0.0.drString found in binary or memory: https://cccounty-my.sharepoint.com/ScriptResource.axd?d=XjLkEB_vSvznU474E48kPJA1H9JTKlbxQRrF9mf4oevb
Source: a7088b4299cd1633_0.0.drString found in binary or memory: https://cccounty-my.sharepoint.com/WebResource.axd?d=M5O6KBnw2Kc30Ye7wKtYeOmA0-ax1yV1j7R_PuQmXE74ijK
Source: Favicons-journal.0.drString found in binary or memory: https://cccounty-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47
Source: Current Session.0.drString found in binary or memory: https://cccounty-my.sharepoint.com/personal/dcdresources_dcd_cccounty_us/_layouts/15/guestaccess.asp
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
Source: e80e6e93d4807d92_0.0.drString found in binary or memory: https://consentreceiverfd-prod.azurefd.net/v1
Source: manifest.json0.0.drString found in binary or memory: https://content.googleapis.com
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, e72addbe-6b1d-45a5-b361-9657049270c6.tmp.1.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.dr, 7bfb62a6-3a75-44fc-af2c-f79f44843a16.tmp.1.drString found in binary or memory: https://dns.google
Source: manifest.json0.0.drString found in binary or memory: https://feedback.googleusercontent.com
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.drString found in binary or memory: https://fonts.googleapis.com;
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.drString found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.drString found in binary or memory: https://hangouts.google.com/
Source: 38c7c19d1d0ee3c7_0.0.drString found in binary or memory: https://live.com/QB
Source: Network Action Predictor-journal.0.drString found in binary or memory: https://login.live.com/
Source: Current Session.0.drString found in binary or memory: https://login.live.com/Me.srf?wa=wsignin1.0&rpsnv=13&ct=1620150434&rver=7.0.6738.0&wp=MBI_SSL&wreply
Source: History-journal.0.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1620150432&rver=7.0.6738.0&wp=S
Source: be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://logincdn.msauth.net
Source: 38c7c19d1d0ee3c7_0.0.drString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/MeControl_cT3-bL3bZ5AAnjmz77cksQ2.js
Source: 38c7c19d1d0ee3c7_0.0.drString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/MeControl_cT3-bL3bZ5AAnjmz77cksQ2.jsaD
Source: 4ac2f448771ab57b_0.0.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=OfficeProducts&market=de-ch&uhf=1
Source: 462d64d34aad30da_0.0.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1
Source: 300bb9fb98ab63f0_0.0.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=amc&market=en-us&uhf=1
Source: 6686b0c92e7fc912_0.0.drString found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.21035.1/de-DE/meBoot.min.js
Source: 0481116f3cd8293f_0.0.drString found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.21035.1/de-DE/meCore.min.js
Source: 0b6a779b97f6aaad_0.0.drString found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.21035.1/en-US/meBoot.min.js
Source: 0b6a779b97f6aaad_0.0.drString found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.21035.1/en-US/meBoot.min.jsaD
Source: 225853b3d3cc9c98_0.0.drString found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.21035.1/en-US/meCore.min.js
Source: 225853b3d3cc9c98_0.0.drString found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.21035.1/en-US/meCore.min.jsaD
Source: be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://modern.akamai.odsp.cdn.office.net
Source: a4e37f7fb809c2dc_0.0.drString found in binary or memory: https://modern.akamai.odsp.cdn.office.net/files/odsp-web-prod_2021-04-23.001/spoguestaccess-74b74b08
Source: be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://mwf-service.akamaized.net
Source: Network Action Predictor-journal.0.drString found in binary or memory: https://mwf-service.akamaized.net/
Source: 94d12f6ce814ffd5_0.0.drString found in binary or memory: https://mwf-service.akamaized.net/mwf/js/bundle/1.57.8/mwf-main.umd.min.js
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://ogs.google.com
Source: manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://r7---sn-n02xgoxufvg3-2gbs.gvt1.com
Source: be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: a4e37f7fb809c2dc_0.0.drString found in binary or memory: https://sharepoint.com/
Source: be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://spoprod-a.akamaihd.net
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
Source: be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://statica.akamai.odsp.cdn.office.net
Source: 1addd37645bc92bb_0.0.drString found in binary or memory: https://statica.akamai.odsp.cdn.office.net/bld/_layouts/15/16.0.21221.12005/require.js
Source: Network Action Predictor-journal.0.drString found in binary or memory: https://statics-marketingsites-eus-ms-com.akamaized.net/
Source: Network Action Predictor-journal.0.drString found in binary or memory: https://statics-marketingsites-wcus-ms-com.akamaized.net/
Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, manifest.json0.0.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://www.google.com
Source: manifest.json.0.drString found in binary or memory: https://www.google.com/
Source: manifest.json0.0.drString found in binary or memory: https://www.google.com;
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 5703ca06-bf7a-46ab-b8b7-8a209145f104.tmp.1.dr, be4755c6-1d2c-426f-9633-f0817db4ccdd.tmp.1.drString found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.drString found in binary or memory: https://www.gstatic.com;
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownHTTPS traffic detected: 95.101.18.109:443 -> 192.168.2.5:49885 version: TLS 1.2
Source: unknownHTTPS traffic detected: 95.101.18.109:443 -> 192.168.2.5:49884 version: TLS 1.2