Edit tour

Windows Analysis Report
http://veriuserius.webcindario.com/

Overview

General Information

Sample URL:	http://veriuserius.webcindario.com/
Analysis ID:	1339389
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Found iframes

Creates files inside the system directory

None HTTPS page querying sensitive user data (password, username or email)

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5580 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1964,i,4365139056574370666,6472676557319991512,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6468 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://veriuserius.webcindario.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.9.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://veriuserius.webcindario.com/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://veriuserius.webcindario.com/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: http://webcindario.com	Matcher: Template: microsoft matched with high similarity
Source: http://veriuserius.webcindario.com/	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.9.pages.csv, type: HTML
Source: Yara match	File source: 0.6.pages.csv, type: HTML

Source: http://veriuserius.webcindario.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20190131/zrt_lookup.html
Source: http://veriuserius.webcindario.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1699484775&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=http%3A%2F%2Fveriuserius.webcindario.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&aslcwct=300&asacwct=50&dt=1699484772755&bpp=35&bdt=1534&idt=2896&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2903645492473&frm=20&pv=2&ga_vid=72856546.1699484776&ga_sid=1699484776&ga_hid=1295611359&ga_fc=0&u_tz=60&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1280&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44806499%2C44807454%2C44807463%2C31078301%2C31079473%2C44806139%2C44808148%2C31078668%2C31078670&oid=2&pvsid=2723436829787541&tmod=1403138661&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=2934
Source: http://veriuserius.webcindario.com/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-T2VG59
Source: http://veriuserius.webcindario.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20190131/zrt_lookup.html
Source: http://veriuserius.webcindario.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1699484775&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=http%3A%2F%2Fveriuserius.webcindario.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&aslcwct=300&asacwct=50&dt=1699484772755&bpp=35&bdt=1534&idt=2896&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2903645492473&frm=20&pv=2&ga_vid=72856546.1699484776&ga_sid=1699484776&ga_hid=1295611359&ga_fc=0&u_tz=60&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1280&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44806499%2C44807454%2C44807463%2C31078301%2C31079473%2C44806139%2C44808148%2C31078668%2C31078670&oid=2&pvsid=2723436829787541&tmod=1403138661&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=2934
Source: http://veriuserius.webcindario.com/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-T2VG59
Source: http://veriuserius.webcindario.com/	HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/aframe
Source: http://veriuserius.webcindario.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20231106/r20190131/zrt_lookup.html
Source: http://veriuserius.webcindario.com/	HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1699484775&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=http%3A%2F%2Fveriuserius.webcindario.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&aslcwct=300&asacwct=50&dt=1699484772755&bpp=35&bdt=1534&idt=2896&shv=r20231106&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2903645492473&frm=20&pv=2&ga_vid=72856546.1699484776&ga_sid=1699484776&ga_hid=1295611359&ga_fc=0&u_tz=60&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1280&bih=907&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44806499%2C44807454%2C44807463%2C31078301%2C31079473%2C44806139%2C44808148%2C31078668%2C31078670&oid=2&pvsid=2723436829787541&tmod=1403138661&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=2934
Source: http://veriuserius.webcindario.com/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-T2VG59