Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Benefits_Enrollment.html

Overview

General Information

Sample Name:Benefits_Enrollment.html
Analysis ID:756263
MD5:8c560f59b895539eb3a2980f29820e06
SHA1:c507b4ef991f85f812aee3cf0f1e8577b95a87aa
SHA256:06ae041e84c1854931b6c57c503d225213df51e3105f32a5be617cdcf47ca085
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish45
Antivirus detection for URL or domain
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware

Classification

  • System is w10x64
  • chrome.exe (PID: 6096 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 1108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1724,i,9528676649791437270,18405537584758287388,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5560 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Benefits_Enrollment.html MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Benefits_Enrollment.htmlJoeSecurity_HtmlPhish_45Yara detected HtmlPhish_45Joe Security
    No Sigma rule has matched
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: https://uautoma.ru/Mben.schemelin@nahan.comSlashNext: Label: Credential Stealing type: Phishing & Social Engineering

    Phishing

    barindex
    Source: Yara matchFile source: Benefits_Enrollment.html, type: SAMPLE
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49725 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49886 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49888 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49889 version: TLS 1.2