Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#Ud83d#Udcde_0072520589037.html (2).html

Overview

General Information

Sample Name:#Ud83d#Udcde_0072520589037.html (2).html
Analysis ID:626143
MD5:ba279617f88ed684dcc348066f8930b1
SHA1:8aa70edba45e04805c7f08188a5a689e2eac0687
SHA256:d8ff2148078fbbdd1b5b40bd2b3137a0caafb7f66ad0542f527d4a98cf94b8d3
Infos:

Detection

HTMLPhisher
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected HtmlPhish44
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Phishing site detected (based on image similarity)
Found iframes
Internet Provider seen in connection with other malware
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
HTML body contains low number of good links
IP address seen in connection with other malware
Submit button contains javascript call

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5748 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\#Ud83d#Udcde_0072520589037.html (2).html MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 5924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,14513621473907241117,5746487209409969036,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1912 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
#Ud83d#Udcde_0072520589037.html (2).htmlJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    Timestamp:192.168.2.38.8.8.853802532016778 05/13/22-16:40:06.023681
    SID:2016778
    Source Port:53802
    Destination Port:53
    Protocol:UDP
    Classtype:Potentially Bad Traffic

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://valdia.quatiappcn.pw/625461d8a89ccb628021247f.jsAvira URL Cloud: Label: phishing
    Source: https://etools.page/re/Zk5RTCthaVRLSXFCbGMxbGZoc0paWi9GZTNoUUVzekJWUmtmOHVhdmZvQTBoclU1Z0s0OG44SlQ0b3BxckdWRDNXNzh1V0pIelhnZUtpTVRqdEFNTGc9PQAvira URL Cloud: Label: phishing
    Multi AV Scanner detection for domain / URL
    Source: valdia.quatiappcn.pwVirustotal: Detection: 11%Perma Link

    Phishing

    bar