Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://jaguar-roadrunner-whg2.squarespace.com/

Overview

General Information

Sample URL:https://jaguar-roadrunner-whg2.squarespace.com/
Analysis ID:552968
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Yara detected HtmlPhish6
Phishing site detected (based on logo template match)
Phishing site detected (based on image similarity)
Yara signature match
No HTML title found
HTML body contains low number of good links
Invalid T&C link found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6612 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://jaguar-roadrunner-whg2.squarespace.com/ MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,3200821143792073864,3703688936769996398,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: https://jaguar-roadrunner-whg2.squarespace.com/SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domainShow sources
Source: https://jaguar-roadrunner-whg2.squarespace.com/#pageSlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://coachcalvert.com/SUMOgroupview/SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 78395.2.pages.csv, type: HTML
Yara detected HtmlPhish6Show sources
Source: Yara matchFile source: 78395.2.pages.csv, type: HTML
Phishing site detected (based on logo template match)Show sources
Source: https://coachcalvert.com/SUMOgroupview/Matcher: Template: onedrive matched
Phishing site detected (based on image similarity)Show sources
Source: embeddedMatcher: Found strong image similarity, brand: Microsoft image: 78395.2.img.2.gfk.csv EF884BDEDEF280DF97A4C5604058D8DB
Source: https://coachcalvert.com/SUMOgroupview/HTTP Parser: HTML title missing
Source: https://coachcalvert.com/SUMOgroupview/HTTP Parser: HTML title missing
Source: https://coachcalvert.com/SUMOgroupview/HTTP Parser: Number of links: 0
Source: https://coachcalvert.com/SUMOgroupview/HTTP Parser: Number of links: 0
Source: https://coachcalvert.com/SUMOgroupview/HTTP Parser: Invalid link: Privacy & Cookies
Source: https://coachcalvert.com/SUMOgroupview/HTTP Parser: Invalid link: Privacy & Cookies
Source: https://coachcalvert.com/SUMOgroupview/HTTP Parser: No <meta name="author".. found
Source: https://coachcalvert.com/SUMOgroupview/HTTP Parser: No <meta name="author".. found
Source: https://coachcalvert.com/SUMOgroupview/HTTP Parser: No <meta name="copyright".. found
Source: https://coachcalvert.com/SUMOgroupview/HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 151.101.0.237:443 -> 192.168.2.3:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.0.238:443 -> 192.168.2.3:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 154.53.57.93:443 -> 192.168.2.3:49836 version: TLS 1.2
Source: unknownHTTPS traffic detected: 122.201.127.230:443 -> 192.168.2.3:49929 version: TLS 1.2
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic