Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
VM Tue, January 24, 2023 #18654.html

Overview

General Information

Sample Name:VM Tue, January 24, 2023 #18654.html
Analysis ID:791307
MD5:80cc2287a8d92303bbb07808b1d7ac08
SHA1:fdeb4f5abafd0d978ebe0b8b1a8a1026d6282922
SHA256:e3c04a3f5e27cc3d6630ac9c7e8d8b5c8fe0be2514d7676b538de9c18e45aaa4
Infos:

Detection

Captcha Phish, HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish44
Yara detected Captcha Phish
Antivirus detection for URL or domain
IP address seen in connection with other malware

Classification

  • System is w10x64
  • chrome.exe (PID: 6052 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1724,i,2672952510848693389,14012057706382809610,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 4392 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\VM Tue, January 24, 2023 #18654.html MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
VM Tue, January 24, 2023 #18654.htmlJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security
    SourceRuleDescriptionAuthorStrings
    99254.0.pages.csvJoeSecurity_CaptchaPhish_1Yara detected Captcha PhishJoe Security
      No Sigma rule has matched
      No Snort rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: https://h-kd0.shop/main/SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
      Source: https://h-kd0.shop/favicon.icoAvira URL Cloud: Label: phishing
      Source: https://h-kd0.shop/?e=YXNyeUBraW1iby5jby51aw==Avira URL Cloud: Label: phishing

      Phishing

      barindex
      Source: Yara matchFile source: VM Tue, January 24, 2023 #18654.html, type: SAMPLE
      Source: Yara matchFile source: 99254.0.pages.csv, type: HTML
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
      Source: Joe Sandbox ViewIP Address: 104.16.169.131 104.16.169.131
      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
      Source: unknownDNS traffic detected: queries for: accounts.google.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /?e=YXNyeUBraW1iby5jby51aw== HTTP/1.1Host: h-kd0.shopConnection: keep-alivesec-ch-ua: