Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=

Overview

General Information

Sample URL:https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=
Analysis ID:626007

Detection

HTMLPhisher
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Yara detected Captcha Phish
Phishing site detected (based on image similarity)
HTML body contains low number of good links
Invalid T&C link found
Suspicious form URL found
No HTML title found

Classification

Process Tree

  • System is start
  • chrome.exe (PID: 1576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20= MD5: 74859601FB4BEEA84B40D874CCB56CAB)
    • chrome.exe (PID: 3584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,8602215867310856610,17025399359111384958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:8 MD5: 74859601FB4BEEA84B40D874CCB56CAB)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
04956.1.pages.csvJoeSecurity_CaptchaPhish_1Yara detected Captcha PhishJoe Security
    67398.3.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Phishing site detected (based on favicon image match)
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Template: microsoft matched with high similarity
      Yara detected HtmlPhish10
      Source: Yara matchFile source: 67398.3.pages.csv, type: HTML
      Yara detected Captcha Phish
      Source: Yara matchFile source: 04956.1.pages.csv, type: HTML
      Phishing site detected (based on image similarity)
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpMatcher: Found strong image similarity, brand: Microsoft image: 67398.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Number of links: 0
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Number of links: 0
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Invalid link: Terms of use
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Invalid link: Privacy & cookies
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Invalid link: Terms of use
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Invalid link: Privacy & cookies
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Form action: action.php
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: Form action: action.php
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: HTML title missing
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: HTML title missing
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: No <meta name="author".. found
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: No <meta name="author".. found
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: No <meta name="copyright".. found
      Source: https://w2globaldata.cabildodeagayu.com/1/main/main.phpHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:56397 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:56396 version: TLS 1.2
      Source: chrome.exeMemory has grown: Private usage: 1MB later: 9MB