Windows Analysis Report
https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=

Overview

General Information

Sample URL: https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=
Analysis ID: 626007

Detection

HTMLPhisher
Score: 68
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Yara detected Captcha Phish
Phishing site detected (based on image similarity)
HTML body contains low number of good links
Invalid T&C link found
Suspicious form URL found
No HTML title found

Classification

Phishing
barindex
Phishing site detected (based on favicon image match)
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish10
Source: Yara match File source: 67398.3.pages.csv, type: HTML
Yara detected Captcha Phish
Source: Yara match File source: 04956.1.pages.csv, type: HTML
Phishing site detected (based on image similarity)
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
HTML body contains low number of good links
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Number of links: 0
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Number of links: 0
Invalid T&C link found
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Invalid link: Terms of use
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Invalid link: Privacy & cookies
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Invalid link: Terms of use
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Invalid link: Privacy & cookies
Suspicious form URL found
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Form action: action.php
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Form action: action.php
No HTML title found
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: HTML title missing
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: HTML title missing
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: No <meta name="author".. found
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: No <meta name="author".. found
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: No <meta name="copyright".. found
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:56397 version: TLS 1.2
Source: unknown HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:56396 version: TLS 1.2
Source: chrome.exe Memory has grown: Private usage: 1MB later: 9MB
Source: unknown DNS traffic detected: queries for: clients2.google.com
Source: unknown Network traffic detected: HTTP traffic on port 54070 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52352
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56755
Source: unknown Network traffic detected: HTTP traffic on port 55137 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56397 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54181
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57093
Source: unknown Network traffic detected: HTTP traffic on port 63116 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64258
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64458
Source: unknown Network traffic detected: HTTP traffic on port 52352 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52607
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56400
Source: unknown Network traffic detected: HTTP traffic on port 63164 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57387
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 61637
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54070
Source: unknown Network traffic detected: HTTP traffic on port 64458 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54181 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56400 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61637 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52607 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57394 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56399 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58642
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57394
Source: unknown Network traffic detected: HTTP traffic on port 54566 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 61244
Source: unknown Network traffic detected: HTTP traffic on port 53286 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53119
Source: unknown Network traffic detected: HTTP traffic on port 61244 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64562 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64258 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63164
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54566
Source: unknown Network traffic detected: HTTP traffic on port 57387 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55137
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56396
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56397
Source: unknown Network traffic detected: HTTP traffic on port 60860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57093 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56399
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53286
Source: unknown Network traffic detected: HTTP traffic on port 56396 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58642 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64562
Source: unknown Network traffic detected: HTTP traffic on port 53119 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63116
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown TCP traffic detected without corresponding DNS query: 65.9.63.90
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown TCP traffic detected without corresponding DNS query: 104.17.24.14
Source: unknown HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:56397 version: TLS 1.2
Source: unknown HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:56396 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\alfredo\AppData\Local\Temp\3ecff3c8-ba34-4dea-b8a0-895d33f6caea.tmp
Source: classification engine Classification label: mal68.phis.win@26/78@5/211
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,8602215867310856610,17025399359111384958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,8602215867310856610,17025399359111384958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-627EBCB4-628.pma
Source: Window Recorder Window detected: More than 3 window changes detected