Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PDF.shtml

Overview

General Information

Sample Name:PDF.shtml
Analysis ID:756145
MD5:bc087e3bee347cf72d1d098ac0217ad3
SHA1:25ca68af27719867d3ae9ec4af84a7fa481a8800
SHA256:6480bae314fd0166ea5d47f7101269ad891ff2768ab36506c1b899372a74442d
Infos:

Detection

HTMLPhisher
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish45
Phishing site detected (based on image similarity)
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1380 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 2772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1800,i,6132995491582703289,7961678720532763080,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 6412 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\PDF.shtml MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
PDF.shtmlJoeSecurity_HtmlPhish_45Yara detected HtmlPhish_45Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Yara detected HtmlPhish45
    Source: Yara matchFile source: PDF.shtml, type: SAMPLE
    Phishing site detected (based on image similarity)
    Source: file:///C:/Users/user/Desktop/PDF.shtmlMatcher: Found strong image similarity, brand: Microsoft image: 53672.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: embeddedMatcher: Found strong image similarity, brand: Microsoft image: 03117.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: unknownHTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.5:49730 version: TLS 1.2
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Joe Sandbox ViewIP Address: 13.107.219.60 13.107.219.60
    Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
    Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
    Source: unknownDNS traffic detected: queries for: clients2.google.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851