Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Benefits_Enrollment.html

Overview

General Information

Sample Name:Benefits_Enrollment.html
Analysis ID:756263
MD5:8c560f59b895539eb3a2980f29820e06
SHA1:c507b4ef991f85f812aee3cf0f1e8577b95a87aa
SHA256:06ae041e84c1854931b6c57c503d225213df51e3105f32a5be617cdcf47ca085
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish45
Antivirus detection for URL or domain
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6096 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 1108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1724,i,9528676649791437270,18405537584758287388,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5560 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Benefits_Enrollment.html MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Benefits_Enrollment.htmlJoeSecurity_HtmlPhish_45Yara detected HtmlPhish_45Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://uautoma.ru/Mben.schemelin@nahan.comSlashNext: Label: Credential Stealing type: Phishing & Social Engineering

    Phishing

    barindex
    Yara detected HtmlPhish45
    Source: Yara matchFile source: Benefits_Enrollment.html, type: SAMPLE
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49725 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49886 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49888 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49889 version: TLS 1.2