Loading ...

Play interactive tourEdit tour

Windows Analysis Report Statement.html

Overview

General Information

Sample Name:Statement.html
Analysis ID:528674
MD5:b915f3d695ac5bf125fe56e046693739
SHA1:b817ca114f8804c84cb1a51753445ef2f254ba58
SHA256:081ba23c83bfd058abad95ce40fec66bc82c312172d4dd7f8dfbbacbee4c5ad6
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Misleading page title found
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Yara detected HtmlPhish44
Yara detected obfuscated html page
HTML document with suspicious title
HTML document with suspicious name
Phishing site detected (based on logo template match)
None HTTPS page querying sensitive user data (password, username or email)
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
HTML body contains low number of good links
Invalid T&C link found
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6856 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\Statement.html MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 4028 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,7824927866177008616,12814330459468632926,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1948 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Statement.htmlJoeSecurity_ObshtmlYara detected obfuscated html pageJoe Security
    Statement.htmlJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security

      Sigma Overview

      No Sigma rule has matched

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      Phishing:

      barindex
      Misleading page title foundShow sources
      Source: file:///C:/Users/user/Desktop/Statement.htmlPage Title: Microsoft | Login
      Source: file:///C:/Users/user/Desktop/Statement.htmlPage Title: Microsoft | Login
      Phishing site detected (based on favicon image match)Show sources
      Source: file:///C:/Users/user/Desktop/Statement.htmlMatcher: Template: microsoft matched with high similarity
      Yara detected HtmlPhish10Show sources
      Source: Yara matchFile source: 12440.0.pages.csv, type: HTML
      Yara detected HtmlPhish44Show sources
      Source: Yara matchFile source: Statement.html, type: SAMPLE
      Yara detected obfuscated html pageShow sources
      Source: Yara matchFile source: Statement.html, type: SAMPLE
      Phishing site detected (based on logo template match)Show sources
      Source: file:///C:/Users/user/Desktop/Statement.htmlMatcher: Template: microsoft matched
      Source: file:///C:/Users/user/Desktop/Statement.htmlHTTP Parser: Has password / email / username input fields
      Source: file:///C:/Users/user/Desktop/Statement.htmlHTTP Parser: Has password / email / username input fields
      Source: file:///C:/Users/user/Desktop/Statement.htmlHTTP Parser: HTML title missing
      Source: file:///C:/Users/user/Desktop/Statement.htmlHTTP Parser: HTML title missing
      Source: file:///C:/Users/user/Desktop/Statement.htmlHTTP Parser: Number of links: 0
      Source: file:///C:/Users/user/Desktop/Statement.htmlHTTP Parser: Number of links: 0