Edit tour
Windows
Analysis Report
http://rotect.com
Overview
General Information
| Sample URL: | http://rotect.com |
| Analysis ID: | 1485796 |
| Infos: | |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
AI detected phishing page
Detected suspicious crossdomain redirect
HTML page contains hidden javascript code
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection
Classification
- System is w10x64
chrome.exe (PID: 1624 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 5748 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1712 --fi eld-trial- handle=194 0,i,120650 4093651339 6881,36368 5182194839 8797,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- chrome.exe (PID: 7084 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://rotect .com" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
| Timestamp: | 2024-08-01T08:39:25.329151+0200 |
| SID: | 2012510 |
| Source Port: | 443 |
| Destination Port: | 49770 |
| Protocol: | TCP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 2024-08-01T08:39:31.231954+0200 |
| SID: | 2045203 |
| Source Port: | 49785 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | Successful Credential Theft Detected |
| Timestamp: | 2024-08-01T08:39:45.757359+0200 |
| SID: | 2045203 |
| Source Port: | 49825 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | Successful Credential Theft Detected |
| Timestamp: | 2024-08-01T08:39:30.759145+0200 |
| SID: | 2045203 |
| Source Port: | 49784 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | Successful Credential Theft Detected |
| Timestamp: | 2024-08-01T08:39:33.927941+0200 |
| SID: | 2045203 |
| Source Port: | 49793 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | Successful Credential Theft Detected |
| Timestamp: | 2024-08-01T08:39:38.113661+0200 |
| SID: | 2045203 |
| Source Port: | 49804 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | Successful Credential Theft Detected |
| Timestamp: | 2024-08-01T08:38:56.350732+0200 |
| SID: | 2012510 |
| Source Port: | 443 |
| Destination Port: | 49716 |
| Protocol: | TCP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 2024-08-01T08:39:23.592791+0200 |
| SID: | 2012510 |
| Source Port: | 443 |
| Destination Port: | 49765 |
| Protocol: | TCP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 2024-08-01T08:39:21.462231+0200 |
| SID: | 2012510 |
| Source Port: | 443 |
| Destination Port: | 49756 |
| Protocol: | TCP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 2024-08-01T08:39:45.640102+0200 |
| SID: | 2045203 |
| Source Port: | 49824 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | Successful Credential Theft Detected |
| Timestamp: | 2024-08-01T08:39:20.182273+0200 |
| SID: | 2012510 |
| Source Port: | 443 |
| Destination Port: | 49755 |
| Protocol: | TCP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 2024-08-01T08:39:48.366443+0200 |
| SID: | 2045203 |
| Source Port: | 49832 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | Successful Credential Theft Detected |
| Timestamp: | 2024-08-01T08:39:51.901086+0200 |
| SID: | 2045203 |
| Source Port: | 49850 |
| Destination Port: | 443 |
| Protocol: | TCP |
| Classtype: | Successful Credential Theft Detected |
Click to jump to signature section
Show All Signature Results
Phishing |   |
|---|
| Source: | LLM: | ||
| Source: | |||