Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://creeksidecommunities-my.sharepoint.com:443/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9

Overview

General Information

Sample URL:https://creeksidecommunities-my.sharepoint.com:443/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9
Analysis ID:502203
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
Phishing site detected (based on logo template match)
Phishing site detected (based on image similarity)
HTML body contains low number of good links
No HTML title found
Submit button contains javascript call

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3460 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://creeksidecommunities-my.sharepoint.com:443/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 5296 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,17265093722771451815,6809347449425903331,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1912 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

barindex
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 36770.0.pages.csv, type: HTML
Phishing site detected (based on logo template match)Show sources
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9Matcher: Template: microsoft matched
Phishing site detected (based on image similarity)Show sources
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9Matcher: Found strong image similarity, brand: Microsoft image: 36770.0.img.1.gfk.csv EF884BDEDEF280DF97A4C5604058D8DB
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9HTTP Parser: Number of links: 0
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9HTTP Parser: Number of links: 0
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9HTTP Parser: HTML title missing
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9HTTP Parser: HTML title missing
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9HTTP Parser: No <meta name="author".. found
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9HTTP Parser: No <meta name="author".. found
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9HTTP Parser: No <meta name="copyright".. found
Source: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 40.108.137.81:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.108.137.81:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49677
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknownTCP traffic detected without corresponding DNS query: 95.100.218.151
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknownTCP traffic detected without corresponding DNS query: 95.100.216.89
Source: unknownTCP traffic detected without corresponding DNS query: 95.100.216.89
Source: unknownTCP traffic detected without corresponding DNS query: 95.100.216.89
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknownTCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9 HTTP/1.1Host: creeksidecommunities-my.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /WebResource.axd?d=v01qr2x_rWfS9ae1Uk8aMCM3qPL070h5AoH-69TiIRiqPjrF7MUSxNFarvXA2yyLzpDqpe46WcTNAKltmyDu9Pm5auZ2wnahvo5y-Fowy7A1&t=637453780754849868 HTTP/1.1Host: creeksidecommunities-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ScriptResource.axd?d=_dg9PEeq8l0DZ2KgXkzXWQZmcLv9rfL10gUy543eRNNmcG_DI-13Y2Azg8pKEtTOO-cWs87MXaaed1s4yzngi_xHTlPeJM5BNCTGglQr8ORKgDqbNdpNyxsrbMn47EWeRbJWNOPaFEGVY4JFSFnRVYHHp9_N_u3Emrqi5OEUx4g1&t=ffffffffe191061b HTTP/1.1Host: creeksidecommunities-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ScriptResource.axd?d=l7yw5Dmc7sEzAMoOGRE37iIOdsvj43MVLnf7foUdhHFWtpIhF2eTWy0TyEGWLbLrXBx6PCrXwAEzmlm5OnctXh5-ABL9wwg2IaEBFHXnLlImHn8yZHxYMGPwj48LD46p-OjKM6nnvTysEw5zndwKBnXHgPLOOFgXQT07LODNu3_ArgrONHFp5BCUnBq3YLkF0&t=363be08 HTTP/1.1Host: creeksidecommunities-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ScriptResource.axd?d=cWXrmrhyMSmaBM1m-7fF_hy4FmQ7ftxgJydO1S5RUcLzizz9_zHD1H-DeqiMx4SfBUJ_I8y8f-32qydDRURGVpymUWjZXVUd2DaLDBXdtFnF_nKWyj1qtnw7U4cUeLWwury0F7xs_AzAAXGv79F39D36NXY2NB0y8ZuZv0hSIUCf1NL-PdP-NBlaojSiDh9u0&t=363be08 HTTP/1.1Host: creeksidecommunities-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: creeksidecommunities-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: creeksidecommunities-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://creeksidecommunities-my.sharepoint.com/:b:/p/dcerniglia/EUzDsG_b0kpNiV5Vx-UQl8YBEYnfFzoYQvmhPjge_gUI8g?e=4%3anYyWRV&at=9Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: creeksidecommunities-my.sharepoint.com
Source: global trafficHTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: creeksidecommunities-my.sharepoint.com
Source: angular.js.0.drString found in binary or memory: http://angularjs.org
Source: angular.js.0.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.drString found in binary or memory: http://llvm.org/):
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: c87fe792-d7bd-4d45-963c-ccc2dcd7fe20.tmp.1.dr, d0a61bb5-4297-4e86-baf5-ae92f7ba2648.tmp.1.dr, manifest.json0.0.drString found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.drString found in binary or memory: https://accounts.google.com/MergeSession
Source: c87fe792-d7bd-4d45-963c-ccc2dcd7fe20.tmp.1.dr, d0a61bb5-4297-4e86-baf5-ae92f7ba2648.tmp.1.dr, manifest.json0.0.drString found in binary or memory: https://apis.google.com
Source: pnacl_public_x86_64_libgcc_a.0.dr, pnacl_public_x86_64_crtend_o.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libgcc_a.0.dr, pnacl_public_x86_64_crtend_o.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: c87fe792-d7bd-4d45-963c-ccc2dcd7fe20.tmp.1.dr, d0a61bb5-4297-4e86-baf5-ae92f7ba2648.tmp.1.drString found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json1.0.dr, manifest.json0.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: c87fe792-d7bd-4d45-963c-ccc2dcd7fe20.tmp.1.dr, d0a61bb5-4297-4e86-baf5-ae92f7ba2648.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: c87fe792-d7bd-4d45-963c-ccc2dcd7fe20.tmp.1.drString found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.1.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIUCQf-TilK