Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://drive.google.com/uc?export=download&id=1mmXl38H2-j7e7hD_UJbEMMSnMTA0BtQV

Overview

General Information

Sample URL:https://drive.google.com/uc?export=download&id=1mmXl38H2-j7e7hD_UJbEMMSnMTA0BtQV
Analysis ID:626101
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Misleading page title found
Yara detected HtmlPhish10
Invalid 'forgot password' link found
None HTTPS page querying sensitive user data (password, username or email)
No HTML title found
HTML body contains low number of good links
Invalid T&C link found

Classification

  • System is w10x64
  • chrome.exe (PID: 6136 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://drive.google.com/uc?export=download&id=1mmXl38H2-j7e7hD_UJbEMMSnMTA0BtQV MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 3648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,13766732960856306384,14944723332545166900,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1936 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1596,13766732960856306384,14944723332545166900,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4796 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\Downloads\6f9b109d-574d-490d-88c4-a507f995ddcb.tmpJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    SourceRuleDescriptionAuthorStrings
    39012.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      No Sigma rule has matched
      No Snort rule has matched

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: file:///C:/Users/user/Downloads/Invoice%20173215.pdf.htmlPage Title: Microsoft - Login
      Source: file:///C:/Users/user/Downloads/Invoice%20173215.pdf.htmlPage Title: Microsoft - Login
      Source: Yara matchFile source: 39012.0.pages.csv, type: HTML
      Source: Yara matchFile source: C:\Users\user\Downloads\6f9b109d-574d-490d-88c4-a507f995ddcb.tmp, type: DROPPED