Windows
Analysis Report
http://www.ringaraja.net/portleti/katalogponudnikov/result.asp?id=4336&s=&t=51&p=50&url=https://furthercreation.com.sg/.deliveryportal/webm/#aaron.a.gil@saic.com
Overview
General Information
Detection
HTMLPhisher
Score: | 64 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
AI detected phishing page
Yara detected HtmlPhish10
HTML page contains suspicious base64 encoded javascript
Javascript uses Clearbit API to dynamically determine company logos
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Suspicious form URL found
URL contains potential PII (phishing indication)
Classification
- System is w10x64
chrome.exe (PID: 3712 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 3464 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2016,i ,113092970 3885863166 7,49478921 7699025195 3,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version =20250306- 183004.429 000 --mojo -platform- channel-ha ndle=2064 /prefetch: 3 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 6812 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://www.ri ngaraja.ne t/portleti /katalogpo nudnikov/r esult.asp? id=4336&s= &t=51&p=50 &url=https ://further creation.c om.sg/.del iveryporta l/webm/#aa ron.a.gil@ saic.com" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security | ||
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
⊘No Sigma rule has matched
⊘No Suricata rule has matched
- • Phishing
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
Show All Signature Results
Phishing |
---|
Source: |