Windows
Analysis Report
http://www.ringaraja.net/portleti/katalogponudnikov/result.asp?id=4336&s=&t=51&p=50&url=https://furthercreation.com.sg/.deliveryportal/webm/#aaron.a.gil@saic.com
Overview
General Information
Detection
HTMLPhisher
Score: | 64 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
AI detected phishing page
Yara detected HtmlPhish10
HTML page contains suspicious base64 encoded javascript
Javascript uses Clearbit API to dynamically determine company logos
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Suspicious form URL found
URL contains potential PII (phishing indication)
Classification
- System is w10x64
chrome.exe (PID: 1432 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 2684 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2032,i ,198888936 6623908931 ,323602436 0952957814 ,262144 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion --vari ations-see d-version= 20250306-1 83004.4290 00 --mojo- platform-c hannel-han dle=2072 / prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 6412 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://www.ri ngaraja.ne t/portleti /katalogpo nudnikov/r esult.asp? id=4336&s= &t=51&p=50 &url=https ://further creation.c om.sg/.del iveryporta l/webm/#aa ron.a.gil@ saic.com" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security | ||
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
⊘No Sigma rule has matched
⊘No Suricata rule has matched
- • Phishing
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
Show All Signature Results
Phishing |
---|
Source: |