Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=

Overview

General Information

Sample URL:https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=
Analysis ID:626005

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
Yara detected Captcha Phish
Phishing site detected (based on image similarity)
HTML body contains low number of good links
Invalid T&C link found
Suspicious form URL found
No HTML title found

Classification

  • System is start
  • chrome.exe (PID: 6056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20= MD5: 74859601FB4BEEA84B40D874CCB56CAB)
    • chrome.exe (PID: 4068 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1724,7817853625496071747,17956484230927524192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:8 MD5: 74859601FB4BEEA84B40D874CCB56CAB)
  • cleanup
SourceRuleDescriptionAuthorStrings
58601.1.pages.csvJoeSecurity_CaptchaPhish_1Yara detected Captcha PhishJoe Security
    30849.3.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      No Sigma rule has matched
      No Snort rule has matched

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: Yara matchFile source: 30849.3.pages.csv, type: HTML
      Source: Yara matchFile source: 58601.1.pages.csv, type: HTML
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Number of links: 0
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Number of links: 0
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Invalid link: Terms of use
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Invalid link: Privacy & cookies
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Invalid link: Terms of use
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Invalid link: Privacy & cookies
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Form action: action.php
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Form action: action.php
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: HTML title missing
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: HTML title missing
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: No <meta name="author".. found
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: No <meta name="author".. found
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: No <meta name="copyright".. found
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:52246 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:52245 version: TLS 1.2