Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://drive.google.com/uc?export=download&id=1mmXl38H2-j7e7hD_UJbEMMSnMTA0BtQV

Overview

General Information

Sample URL:https://drive.google.com/uc?export=download&id=1mmXl38H2-j7e7hD_UJbEMMSnMTA0BtQV
Analysis ID:626101
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Misleading page title found
Yara detected HtmlPhish10
Invalid 'forgot password' link found
None HTTPS page querying sensitive user data (password, username or email)
No HTML title found
HTML body contains low number of good links
Invalid T&C link found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6136 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://drive.google.com/uc?export=download&id=1mmXl38H2-j7e7hD_UJbEMMSnMTA0BtQV MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 3648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,13766732960856306384,14944723332545166900,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1936 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1596,13766732960856306384,14944723332545166900,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4796 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Downloads\6f9b109d-574d-490d-88c4-a507f995ddcb.tmpJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    39012.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Misleading page title found
      Source: file:///C:/Users/user/Downloads/Invoice%20173215.pdf.htmlPage Title: Microsoft - Login
      Source: file:///C:/Users/user/Downloads/Invoice%20173215.pdf.htmlPage Title: Microsoft - Login
      Yara detected HtmlPhish10
      Source: Yara matchFile source: 39012.0.pages.csv, type: HTML
      Source: Yara matchFile source: C:\Users\user\Downloads\6f9b109d-574d-490d-88c4-a507f995ddcb.tmp, type: DROPPED