Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1

Overview

General Information

Sample URL:https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1
Analysis ID:694563
Infos:

Detection

HTMLPhisher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected HtmlPhish7
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Antivirus detection for URL or domain

Classification

Process Tree

  • System is start
  • chrome.exe (PID: 2320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
    • chrome.exe (PID: 1444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1792,i,12639697223929511104,9217918321184502464,131072 /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
16154.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    16154.2.pages.csvJoeSecurity_HtmlPhish_7Yara detected HtmlPhish_7Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
      Antivirus detection for URL or domain
      Source: https://www.evernote.com/shard/s601/client/snv?noteGuid=37d985c2-2862-575c-145e-8cd169549bc8&noteKey=518d16a0d112c168ac6c447977a15cc1&sn=https%3A%2F%2Fwww.evernote.com%2Fshard%2Fs601%2Fsh%2F37d985c2-2862-575c-145e-8cd169549bc8%2F518d16a0d112c168ac6c447977a15cc1&title=County%2Bof%2BMarinSlashNext: Label: Credential Stealing type: Phishing & Social Engineering

      Phishing

      barindex
      Yara detected HtmlPhish7
      Source: Yara matchFile source: 16154.2.pages.csv, type: HTML
      Phishing site detected (based on favicon image match)
      Source: file:///C:/Users/user/Downloads/message.htmlMatcher: Template: adobe matched with high similarity
      Yara detected HtmlPhish10
      Source: Yara matchFile source: 16154.2.pages.csv, type: HTML