Loading ...

Play interactive tourEdit tour

Windows Analysis Report Doc3038210381 pdf.html

Overview

General Information

Sample Name:Doc3038210381 pdf.html
Analysis ID:552899
MD5:4c6dceb0066e0149059dc44660c60e5c
SHA1:c3e61fdf3a82e16fb42436fb6cd4e3943c6ca6a4
SHA256:c50383f477fba603fa5cd029a2e594086c37253cbf2e54bbe1b9611822582aaf
Infos:

Most interesting Screenshot:

Detection

FormBook HTMLPhisher
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Phishing site detected (based on favicon image match)
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Modifies the prolog of user mode functions (user mode inline hooks)
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
.NET source code contains method to dynamically call methods (often used by packers)
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
Phishing site detected (based on logo template match)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
No HTML title found
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
HTML body contains low number of good links
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6392 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\Doc3038210381 pdf.html MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 5780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3256 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 3716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3560 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3536 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 4928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3308 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 7120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=5888 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 7008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3024 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 7092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3236 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3576 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=4216 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=4228 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 4672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=4128 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 7092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=4496 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=5752 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 1088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=5040 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3668 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 2740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=4960 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 3112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3596 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=5860 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=5704 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 1472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=4684 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3408 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 2864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=4236 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6168 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=5788 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 1004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3704 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 5776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=5704 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 5216 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1516,3288991115567119224,7010409812870976589,131072 --lang=en-GB --service-sandbox-type=icon_reader --enable-audio-service-sandbox --mojo-platform-channel-handle=3968 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • Doc3038210381 (2).exe (PID: 6592 cmdline: "C:\Users\user\Downloads\Doc3038210381 (2).exe" MD5: F98B720FA7B335C7E7B81C2F50E35FED)
      • Doc3038210381 (2).exe (PID: 5688 cmdline: C:\Users\user\Downloads\Doc3038210381 (2).exe MD5: F98B720FA7B335C7E7B81C2F50E35FED)
      • Doc3038210381 (2).exe (PID: 2212 cmdline: C:\Users\user\Downloads\Doc3038210381 (2).exe MD5: F98B720FA7B335C7E7B81C2F50E35FED)