Create Interactive Tour

Windows Analysis Report
https://m33h876fkad.larksuite.com/wiki/MhqXwPA1ciHmvfk380uuwXn6s8c?from=from_copylink

Overview

General Information

Sample URL:	https://m33h876fkad.larksuite.com/wiki/MhqXwPA1ciHmvfk380uuwXn6s8c?from=from_copylink
Analysis ID:	1395677
Infos:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Yara detected HtmlPhish33

Phishing site detected (based on OCR NLP Model)

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Creates files inside the system directory

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Invalid T&C link found

Program does not show much activity (idle)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5688 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1904,i,10472353140475670299,8424339191804323740,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6436 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://m33h876fkad.larksuite.com/wiki/MhqXwPA1ciHmvfk380uuwXn6s8c?from=from_copylink MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
3.3.pages.csv	JoeSecurity_HtmlPhish_33	Yara detected HtmlPhish_33	Joe Security
4.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

• AV Detection
• Phishing
• Networking
• System Summary
• Malware Analysis System Evasion
• Anti Debugging

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://m33h876fkad.larksuite.com/wiki/MhqXwPA1ciHmvfk380uuwXn6s8c?from=from_copylink

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://myqcloud.com

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match	File source: 4.6.pages.csv, type: HTML
Source: Yara match	File source: 3.5.pages.csv, type: HTML

Yara detected HtmlPhish33

Source: Yara match

File source: 3.3.pages.csv, type: HTML

Phishing site detected (based on OCR NLP Model)

Source: Chrome DOM	ML Model on OCR Text: Matched 94.3% probability on "Clyde Volunteer Fire Department Clyde Volunteer Fire Department Created Today OPEN OR PREVIEW FULL PDF H... Kindly Preview the below for the shared Vital Documents' PROJECT: EPZ053J SUBMISSION: LMK689XD OPEN OR PREVIEW FULL PDF HERE This document has been scanned for viruses by Norton Antivirus Security. Microsoft 365 ooooo "
Source: Chrome DOM	ML Model on OCR Text: Matched 88.7% probability on "Clyde Volunteer Fire Department Clyde Volunteer Fire Department Created Today OPEN OR PREVIEW FULL PDF H... Kindly Preview the below for the shared Vital Documents' PROJECT: EPZ053J SUBMISSION: LMK689XD OPEN OR PREVIEW FULL PDF HERE This document has been scar [3' 'iruses by Norton Antivirus Security. Microsoft 365 ooooo "

Phishing site detected (based on image similarity)