Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://elink.io/p/9360a05

Overview

General Information

Sample URL:https://elink.io/p/9360a05
Analysis ID:528631
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Yara detected HtmlPhish29
Phishing site detected (based on logo template match)
Invalid 'forgot password' link found
No HTML title found
HTML body contains low number of good links

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6340 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://elink.io/p/9360a05 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 5284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,16312033422872035278,3964410953995961333,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3JoeSecurity_HtmlPhish_29Yara detected HtmlPhish_29Joe Security

    Sigma Overview

    No Sigma rule has matched

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Antivirus / Scanner detection for submitted sampleShow sources
    Source: https://elink.io/p/9360a05SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
    Antivirus detection for URL or domainShow sources
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlSlashNext: Label: Fake Login Page type: Phishing & Social Engineering

    Phishing:

    barindex
    Yara detected HtmlPhish10Show sources
    Source: Yara matchFile source: 16391.1.pages.csv, type: HTML
    Yara detected HtmlPhish29Show sources
    Source: Yara matchFile source: 64835.0.pages.csv, type: HTML
    Source: Yara matchFile source: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, type: DROPPED
    Phishing site detected (based on logo template match)Show sources
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlMatcher: Template: microsoft matched
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlHTTP Parser: Invalid link: Forgot password?
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlHTTP Parser: Invalid link: Forgot password?
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlHTTP Parser: HTML title missing
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlHTTP Parser: HTML title missing
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlHTTP Parser: Number of links: 0
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlHTTP Parser: Number of links: 0
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlHTTP Parser: No <meta name="author".. found
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlHTTP Parser: No <meta name="author".. found
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlHTTP Parser: No <meta name="copyright".. found
    Source: https://quickest-cream-ringer.glitch.me/frk73jk.htmlHTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior