Loading ...

Play interactive tourEdit tour

Windows Analysis Report Remittance.html

Overview

General Information

Sample Name:Remittance.html
Analysis ID:452312
MD5:1dd3d108e04a63ab04097cab5f10a921
SHA1:f4efed64ae9894307197126c22a21e57e8783114
SHA256:bbde5d42af6fd69db1901c341452a98c25fd5b8499c661b94cc24d45ea67bc86
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
HTML body contains low number of good links
HTML title does not match URL
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4168 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\Remittance.html' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 672 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,10324375867687729821,3875551371938988928,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Remittance.htmlJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    Sigma Overview

    No Sigma rule has matched

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    Phishing: