Windows
Analysis Report
https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4
Overview
General Information
Detection
HTMLPhisher
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
AI detected phishing page
Antivirus detection for URL or domain
Yara detected HtmlPhish10
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Phishing site detected (based on shot match)
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden URLs or javascript code
HTML title does not match URL
Invalid T&C link found
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection
Classification
- System is w10x64
chrome.exe (PID: 1600 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 3748 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2552 --fi eld-trial- handle=252 0,i,327024 5400796582 298,116258 3596790294 7532,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
chrome.exe (PID: 4612 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://link. mail.beehi iv.com/ls/ click?upn= u001.DTQiL e1mLQCNek4 IXPrb3cd8a m3-2BtbSaR RShUhZCbhF 1FE2NDum-2 B9YeqhMivZ -2FcIJGKdO jfqgyCSTZi mAiOiNKkJG 3N5vgYBNDN lk5YkmOU2X Pb-2FKTFlF -2Fc7jFH7N b8Q0JW6uJc lJabjCcGs0 cWdzdydwDp cxzScPZQBe x7SofyQj6M GdYzEG8hbx GGqYt2bpR0 NjPAx6JIYz 6GJiSrQNg- 3D-3DNN1n_ VW5ZEdFpCu XmC2nf4fwM fiBmdui0O9 5PSMmp4s-2 F2oS3jvSHI SWr6XQl8Rt HpD7TWmHpR BlT8NsCamU ZaroeFibja yeskXeuNnF hPFOon1-2F D6SmbcpIEU C7jghzzXsg gajKIODB16 RJEeGNz4SF He6mT-2Bn5 9v08ju13fD 9NtKJQcr97 qiQNjiGiao QJcvN3gUur UBqLZp9I4f 9bNW54ZUVV CzpwaogbLa WcL9oScbt8 r4Ku34t9zO qlF27gTqXV f6T2MbNMKk oCYnb-2BuL 8kIZdyoRM3 EFOIuktrG5 gMH3OTa1K2 klBhmxFOQ2 d7plqd5asA i8Ofl9YcYO h-2FL4f45r iCQtSdd7jr u06EkHcBuJ ahi-2BD3xm -2F7PbjpIp mn-2Bu7KYd jQeOSKE-2F SiD6UNxc7J QNRWkdnK1R TC7eoEMZms 82uCa8fJQI oMgqBt91Nr cdZIDONaGh hpHXRhQ1Vb Yp5h6Cow-3 D-3D#?emai l=YWx5c2Eu YUBjZW50dX J5Yml6c29s dXRpb25zLm NvbQ==" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security | ||
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security | ||
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security | ||
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Phishing |
---|
Source: | LLM: | ||
Source: | LLM: | ||
Source: | LLM: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Matcher: |
Source: | Matcher: | ||
Source: | Matcher: | ||
Source: | Matcher: | ||
Source: | Matcher: |
Source: | Matcher: | ||
Source: | Matcher: | ||
Source: | Matcher: |
Source: | HTTP Parser: |