Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://doc.clickup.com/p/h/c0hgx-46/b302180a8f685f8

Overview

General Information

Sample URL:https://doc.clickup.com/p/h/c0hgx-46/b302180a8f685f8
Analysis ID:452269
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Phishing site detected (based on shot template match)
Yara detected HtmlPhish10
Yara detected HtmlPhish7
Form action URLs do not match main URL
Found iframes
HTML body contains low number of good links

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5712 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://doc.clickup.com/p/h/c0hgx-46/b302180a8f685f8' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 3484 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,9348279836173803146,15535106751469244526,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: https://doc.clickup.com/p/h/c0hgx-46/b302180a8f685f8SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domainShow sources
Source: https://mega-sharedrives.club/data/SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Phishing site detected (based on shot template match)Show sources
Source: https://mega-sharedrives.club/data/Matcher: Template: office matched
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 56203.pages.csv, type: HTML
Yara detected HtmlPhish7Show sources
Source: Yara matchFile source: 56203.pages.csv, type: HTML
Source: https://clickup.com/?utm_source=clickup&utm_medium=doc&utm_campaign=12600861HTTP Parser: Form action: https://www.facebook.com/tr/ clickup facebook
Source: https://clickup.com/?utm_source=clickup&utm_medium=doc&utm_campaign=12600861HTTP Parser: Form action: https://www.facebook.com/tr/ clickup facebook
Source: https://clickup.com/?utm_source=clickup&utm_medium=doc&utm_campaign=12600861HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-W9LSCFD
Source: https://clickup.com/?utm_source=clickup&utm_medium=doc&utm_campaign=12600861HTTP Parser: Iframe src: https://vars.hotjar.com/box-dfc01efbdc94bb0936d9a35a502b0b64.html
Source: https://clickup.com/?utm_source=clickup&utm_medium=doc&utm_campaign=12600861HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-W9LSCFD
Source: https://clickup.com/?utm_source=clickup&utm_medium=doc&utm_campaign=12600861HTTP Parser: Iframe src: https://vars.hotjar.com/box-dfc01efbdc94bb0936d9a35a502b0b64.html
Source: https://mega-sharedrives.club/data/HTTP Parser: Number of links: 0
Source: https://mega-sharedrives.club/data/HTTP Parser: Number of links: 0
Source: https://clickup.com/?utm_source=clickup&utm_medium=doc&utm_campaign=12600861HTTP Parser: No <meta name="author".. found
Source: https://clickup.com/?utm_source=clickup&utm_medium=doc&utm_campaign=12600861HTTP Parser: No <meta name="author".. found
Source: https://mega-sharedrives.club/data/HTTP Parser: No <meta name="author".. found
Source: https://mega-sharedrives.club/data/HTTP Parser: No <meta name="author".. found
Source: https://clickup.com/?utm_source=clickup&utm_medium=doc&utm_campaign=12600861HTTP Parser: No <meta name="copyright".. found
Source: https://clickup.com/?utm_source=clickup&utm_medium=doc&utm_campaign=12600861HTTP Parser: No <meta name="copyright".. found
Source: https://mega-sharedrives.club/data/HTTP Parser: No <meta name="copyright".. found
Source: https://mega-sharedrives.club/data/HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 3.125.16.43:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.125.16.43:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.184.109.158:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 158.69.52.117:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.224.99.77:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.224.99.69:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.224.99.60:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.29.132.95:443 -> 192.168.2.3:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 66.29.132.95:443 -> 192.168.2.3:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.212.204:443 -> 192.168.2.3:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.174.11.85:443 -> 192.168.2.3:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.174.11.85:443 -> 192.168.2.3:49812 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.168.223.221:443 -> 192.168.2.3:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.124.156.213:443 -> 192.168.2.3:49819 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.232.136.157:443 -> 192.168.2.3:49821 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.124.156.213:443 -> 192.168.2.3:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.124.156.213:443 -> 192.168.2.3:49824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.124.156.213:443 -> 192.168.2.3:49826 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.11.37.91:443 -> 192.168.2.3:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.11.37.91:443 -> 192.168.2.3:49825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.129.171:443 -> 192.168.2.3:49828 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.70.176:443 -> 192.168.2.3:49831 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.45.121.249:443 -> 192.168.2.3:49827 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.224.194.150:443 -> 192.168.2.3:49830 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.134.49.160:443 -> 192.168.2.3:49837 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.45.121.249:443 -> 192.168.2.3:49834 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.224.194.150:443 -> 192.168.2.3:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.161.189.78:443 -> 192.168.2.3:49844 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.108:443 -> 192.168.2.3:49846 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.244.42.133:443 -> 192.168.2.3:49851 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.33.220.244:443 -> 192.168.2.3:49860 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.227.190.204:443 -> 192.168.2.3:49864 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.227.190.204:443 -> 192.168.2.3:49866 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.10.121.135:443 -> 192.168.2.3:49865 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.10.121.135:443 -> 192.168.2.3:49867 version: TLS 1.2
Source: unknownHTTPS traffic detected: 44.238.216.23:443 -> 192.168.2.3:49887 version: TLS 1.2
Source: unknownHTTPS traffic detected: 44.238.216.23:443 -> 192.168.2.3:49888 version: TLS 1.2
Source: unknownHTTPS traffic detected: 63.32.233.146:443 -> 192.168.2.3:49891 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.224.99.47:443 -> 192.168.2.3:49893 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.224.99.47:443 -> 192.168.2.3:49894 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.248.242.197:443 -> 192.168.2.3:49896 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.50.64.214:443 -> 192.168.2.3:49895 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.10.121.135:443 -> 192.168.2.3:49898 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.244.42.67:443 -> 192.168.2.3:49906 version: TLS 1.2
Source: unknownHTTPS traffic detected: 99.83.219.81:443 -> 192.168.2.3:49915 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.170.0.145:443 -> 192.168.2.3:49920 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.224.99.4:443 -> 192.168.2.3:49923 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.174.11.85:443 -> 192.168.2.3:49933 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.124.156.213:443 -> 192.168.2.3:50012 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.11.37.91:443 -> 192.168.2.3:50013 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.124.156.213:443 -> 192.168.2.3:50016 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.124.156.213:443 -> 192.168.2.3:50018 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.124.156.213:443 -> 192.168.2.3:50019 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.33.220.244:443 -> 192.168.2.3:50029 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.10.121.135:443 -> 192.168.2.3:50033 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.170.0.145:443 -> 192.168.2.3:50058 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.174.11.85:443 -> 192.168.2.3:50064 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.255.138.57:443 -> 192.168.2.3:50068 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown