Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://bit.ly/36R4geg

Overview

General Information

Sample URL:https://bit.ly/36R4geg
Analysis ID:452248
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected HtmlPhish10
Yara detected HtmlPhish20
Yara detected HtmlPhish7
HTML body contains low number of good links
HTML title does not match URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 768 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://bit.ly/36R4geg' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 2968 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,13602693734026748389,18434443092193835822,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1720 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6672 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1544,13602693734026748389,18434443092193835822,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=4720 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus detection for URL or domainShow sources
Source: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.htmlSlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 91064.pages.csv, type: HTML
Yara detected HtmlPhish20Show sources
Source: Yara matchFile source: 91064.pages.csv, type: HTML
Yara detected HtmlPhish7Show sources
Source: Yara matchFile source: 91064.pages.csv, type: HTML
Source: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.htmlHTTP Parser: Number of links: 0
Source: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.htmlHTTP Parser: Number of links: 0
Source: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.htmlHTTP Parser: Title: OneDrive does not match URL
Source: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.htmlHTTP Parser: Title: OneDrive does not match URL
Source: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.htmlHTTP Parser: No <meta name="author".. found
Source: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.htmlHTTP Parser: No <meta name="author".. found
Source: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.htmlHTTP Parser: No <meta name="copyright".. found
Source: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.htmlHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 52.217.134.120:443 -> 192.168.2.5:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.217.134.120:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.217.134.120:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.217.134.120:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.217.134.120:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.217.134.120:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.217.134.120:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.217.134.120:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: 77EC63BDA74BD0D0E0426DC8F8008506.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 4D1ED785E3365DE6C966A82E99CCE8EA_216A6C169356295AB09C26D4D7D32E06.2.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmA
Source: EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619.2.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1Jg
Source: Reporting and NEL.2.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=MbcbACeFNaWE4YV%2BykWD0gB3iJJHvKwAPMyQiabpM5amD11my0Ie4KnT4
Source: Reporting and NEL.2.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=dHIXOSbGMDcOwB2fAOoN5NcuMuOuNz30wa1E8VIpk7jLo372EcDJJtQSKGm
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, manifest.json0.0.dr, 14b44e13-d048-4924-b6fa-8c63dc0a1883.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://accounts.google.com
Source: d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://ajax.googleapis.com
Source: 4b604237260d4090_0.0.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: bd8ed83d42d2a190_0.0.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsa
Source: bd8ed83d42d2a190_0.0.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsaD
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, manifest.json0.0.dr, 14b44e13-d048-4924-b6fa-8c63dc0a1883.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://apis.google.com
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://bit.ly
Source: Current Session.0.dr, History.0.drString found in binary or memory: https://bit.ly/36R4geg
Source: History Provider Cache.0.drString found in binary or memory: https://bit.ly/36R4geg2
Source: History.0.drString found in binary or memory: https://bit.ly/36R4gegOneDrive
Source: History.0.drString found in binary or memory: https://bit.ly/36R4gegOneDrive/&H
Source: Current Session.0.drString found in binary or memory: https://bit.ly/36R4gegf
Source: d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://cdnjs.cloudflare.com
Source: 5fcb4d810f618d50_0.0.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, 14b44e13-d048-4924-b6fa-8c63dc0a1883.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://clients2.google.com
Source: manifest.json1.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, 14b44e13-d048-4924-b6fa-8c63dc0a1883.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://clients2.googleusercontent.com
Source: d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://code.jquery.com
Source: 738dbc06345f3eb5_0.0.drString found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.0.drString found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.2.dr, Reporting and NEL-journal.2.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/downloads-lorry
Source: 678ba568-9573-46ef-8f00-5dab3911804e.tmp.2.dr, 19773482-ac05-4b09-bb32-a94b97d13bef.tmp.2.dr, 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, 14b44e13-d048-4924-b6fa-8c63dc0a1883.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://dns.google
Source: manifest.json0.0.drString found in binary or memory: https://feedback.googleusercontent.com
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, 14b44e13-d048-4924-b6fa-8c63dc0a1883.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.drString found in binary or memory: https://fonts.googleapis.com;
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, 14b44e13-d048-4924-b6fa-8c63dc0a1883.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.drString found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.drString found in binary or memory: https://hangouts.google.com/
Source: d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://maxcdn.bootstrapcdn.com
Source: bcd50c0593d29b4f_0.0.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, 14b44e13-d048-4924-b6fa-8c63dc0a1883.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://ogs.google.com
Source: manifest.json1.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://r2---sn-h0jeener.gvt1.com
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://redirector.gvt1.com
Source: manifest.json1.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, 14b44e13-d048-4924-b6fa-8c63dc0a1883.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://ssl.gstatic.com
Source: d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://stackpath.bootstrapcdn.com
Source: a616bab70880d4b1_0.0.drString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://storage.googleapis.com
Source: 4b604237260d4090_0.0.drString found in binary or memory: https://storage.googleapis.com/
Source: bcd50c0593d29b4f_0.0.drString found in binary or memory: https://storage.googleapis.com/Z
Source: Current Session.0.drString found in binary or memory: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.html
Source: History Provider Cache.0.drString found in binary or memory: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.html2
Source: History.0.drString found in binary or memory: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.htmlOneDrive
Source: History.0.drString found in binary or memory: https://storage.googleapis.com/nkt4knn4knknk.appspot.com/17004.htmlOneDrive/&H
Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://use.fontawesome.com
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, manifest.json0.0.dr, 14b44e13-d048-4924-b6fa-8c63dc0a1883.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://www.google.com
Source: manifest.json1.0.drString found in binary or memory: https://www.google.com/
Source: manifest.json0.0.drString found in binary or memory: https://www.google.com;
Source: 177d27af-e0c3-44ae-b962-7f5571fdcaab.tmp.2.dr, 14b44e13-d048-4924-b6fa-8c63dc0a1883.tmp.2.dr, d03ae835-d26c-40c4-9108-d1b71d0fb9b7.tmp.2.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json1.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json1.0.dr