Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Checks-Lists.htm_

Overview

General Information

Sample Name:Checks-Lists.htm_
Analysis ID:452324
MD5:e425a0a3fbc7d10cbc4356bef4b9c6f8
SHA1:2a2c33635681b0834508d33f8e02cfca2fd680e6
SHA256:6d5fde6ca1bc80611ee7708a71aa9577b8efad6faad9b85e44d7aeb4d57af7a5
Infos:

Most interesting Screenshot:

Errors
  • Nothing to analyse, Joe Sandbox has not found any analysis process or sample
  • Corrupt sample or wrongly selected analyzer. Details: 80040153

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish44
Yara detected HtmlPhish6

Classification

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Checks-Lists.htm_JoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security
    Checks-Lists.htm_JoeSecurity_HtmlPhish_6Yara detected HtmlPhish_6Joe Security

      Sigma Overview

      No Sigma rule has matched

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      Phishing:

      barindex
      Yara detected HtmlPhish44Show sources
      Source: Yara matchFile source: Checks-Lists.htm_, type: SAMPLE
      Yara detected HtmlPhish6Show sources
      Source: Yara matchFile source: Checks-Lists.htm_, type: SAMPLE
      Source: classification engineClassification label: mal56.phis.winHTM_@0/0@0/0

      Mitre Att&ck Matrix

      No Mitre Att&ck techniques found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Checks-Lists.htm_3%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox Version:33.0.0 White Diamond
      Analysis ID:452324
      Start date:22.07.2021
      Start time:06:22:25
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 1m 41s
      Hypervisor based Inspection enabled:false
      Report type:full
      Sample file name:Checks-Lists.htm_
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:3
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal56.phis.winHTM_@0/0@0/0
      Cookbook Comments:
      • Adjust boot time
      • Enable AMSI
      • Unable to launch sample, stop analysis
      Warnings:
      Show All
      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe
      Errors:
      • Nothing to analyse, Joe Sandbox has not found any analysis process or sample
      • Corrupt sample or wrongly selected analyzer. Details: 80040153

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASN

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:HTML document, ASCII text, with very long lines, with CRLF line terminators
      Entropy (8bit):3.8911559931066915
      TrID:
        File name:Checks-Lists.htm_
        File size:33879
        MD5:e425a0a3fbc7d10cbc4356bef4b9c6f8
        SHA1:2a2c33635681b0834508d33f8e02cfca2fd680e6
        SHA256:6d5fde6ca1bc80611ee7708a71aa9577b8efad6faad9b85e44d7aeb4d57af7a5
        SHA512:f6b013d72eb230fd4c9c8e87011c82bc70589dff47fa8ce1cb3c8aae813b3fb59ac8d9f1dacfd6cf0c9a5a23b10713358024300c2d0272eac3b0e1d13b6959d0
        SSDEEP:384:ZDKouXieT2FRdddT4q/qxhhCmwaJcw6LIhTLV5qTLCxHwv3xivT1:ZDPFCx9NbjxM3xs
        File Content Preview:<script language="javascript">document.write( unescape( '%3C%21doctype%20html%3E%0A%3Chtml%20lang%3D%22en%22%3E%0A%0A%3Chead%3E%0A%20%20%3Cscript%20src%3D%22https%3A//code.jquery.com/jquery-3.1.1.min.js%22%20crossorigin%3D%22anonymous%22%3E%3C/script%3E%0

        File Icon

        Icon Hash:74f0e4e4e4e4e0e4

        Network Behavior

        No network behavior found

        Code Manipulations

        Statistics

        System Behavior

        Disassembly

        Reset < >