Loading ...

Play interactive tourEdit tour

Analysis Report http://covidexitstrategy.com

Overview

General Information

Sample URL:http://covidexitstrategy.com

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

No high impact signatures.

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 4428 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 3636 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4428 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covidexitstrategy.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /index.html HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://covidexitstrategy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: courtesy.register.itConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: covidexitstrategy.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1User-Agent: AutoItHost: covidexitstrategy.com
Source: msapplication.xml1.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0eb5a601,0x01d633f0</date><accdate>0x0eb5a601,0x01d633f0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml1.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0eb5a601,0x01d633f0</date><accdate>0x0eb81c6c,0x01d633f0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml6.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0ebd2bea,0x01d633f0</date><accdate>0x0ebd2bea,0x01d633f0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml6.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0ebd2bea,0x01d633f0</date><accdate>0x0ebd2bea,0x01d633f0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml8.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0ebfc819,0x01d633f0</date><accdate>0x0ebfc819,0x01d633f0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml8.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0ebfc819,0x01d633f0</date><accdate>0x0ebfc819,0x01d633f0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: covidexitstrategy.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 May 2020 21:28:08 GMTServer: ApacheContent-Length: 209Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /favicon.ico was not found on this server.</p></body></html>
Source: widget_v2.327[1].js.2.drString found in binary or memory: http://api.zopim.com/
Source: widget_v2.327[1].js.2.drString found in binary or memory: http://bit.ly/raven-secret-key
Source: jquery.cookiecuttr[1].js.2.drString found in binary or memory: http://cookiecuttr.com
Source: AM5BQ5V1.htm.2.drString found in binary or memory: http://courtesy.register.it/index.html
Source: ~DFD44124E670FF2A24.TMP.1.dr, {37DC7E92-9FE3-11EA-AAE5-44C1B3FB757B}.dat.1.drString found in binary or memory: http://covidexitstrategy.com/
Source: ~DFD44124E670FF2A24.TMP.1.drString found in binary or memory: http://covidexitstrategy.com/:http://covidexitstrategy.com/
Source: {37DC7E92-9FE3-11EA-AAE5-44C1B3FB757B}.dat.1.drString found in binary or memory: http://covidexitstrategy.com/Root
Source: font-awesome.min[1].css.2.drString found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.2.drString found in binary or memory: http://fontawesome.io/license
Source: bootstrap.min[1].js.2.drString found in binary or memory: http://getbootstrap.com)
Source: pp-dr[1].htm.2.drString found in binary or memory: http://gmpg.org/xfn/11
Source: jquery.cookiecuttr[1].js.2.drString found in binary or memory: http://gnu.org/licenses/
Source: pp-dr[1].htm.2.drString found in binary or memory: http://html5shiv.googlecode.com/svn/trunk/html5.js
Source: pp-dr[1].htm.2.drString found in binary or memory: http://ogp.me/ns#
Source: jquery.cookiecuttr[1].js.2.drString found in binary or memory: http://www.allaboutcookies.org/
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: msapplication.xml2.1.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml3.1.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml4.1.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml6.1.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml7.1.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml8.1.drString found in binary or memory: http://www.youtube.com/
Source: gtm[1].js.2.drString found in binary or memory: https://adservice.google.com/ddm/regclk
Source: analytics[1].js.2.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: pp-dr[1].htm.2.drString found in binary or memory: https://api.w.org/
Source: pp-dr[1].htm.2.drString found in binary or memory: https://controlpanel.register.it
Source: pp-dr[1].htm.2.drString found in binary or memory: https://controlpanel.register.it/assistance.html
Source: 1nREZe3eBKGk19UW3qKkVx3rFZD43UKO[1].json.2.drString found in binary or memory: https://ekr.zdassets.com/compose_product/zopim_chat/abc123?deprecated_features=true
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v13/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDQ.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v13/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7j.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v13/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18I.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v13/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdo.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v13/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdo.woff)
Source: jquery.cookie[1].js.2.drString found in binary or memory: https://github.com/carhartl/jquery-cookie
Source: gtm[1].js.2.drString found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: bootstrap.min[1].css.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://m.me/
Source: ma[1].js.2.drString found in binary or memory: https://ma.register.it
Source: ma[1].js.2.drString found in binary or memory: https://ma.register.it/dwc/slotNamePlaceholder
Source: ma[1].js.2.drString found in binary or memory: https://ma.register.it/media/js/mautic-form.js
Source: gtm[1].js.2.drString found in binary or memory: https://pagead2.googlesyndication.com
Source: pp-dr[1].htm.2.drString found in binary or memory: https://search.register.it/search
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://twitter.com/messages/compose?recipient_id=
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://use.typekit.net
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://v2.zopim.com
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://v2.zopim.com/widget
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://v2.zopim.com/widget/fonts
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://v2.zopim.com/widget/sounds
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: gtm[1].js.2.drString found in binary or memory: https://www.google.com
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-WH9LDRH
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/?p=8355&#038;lang=en
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/_js/cookiecuttr/jquery.cookie.js
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/_js/cookiecuttr/jquery.cookiecuttr.js
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/pp-dr/
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/pp-dr/?lang=en
Source: ~DFD44124E670FF2A24.TMP.1.drString found in binary or memory: https://www.register.it/pp-dr/?lang=en&a=b&host=Y292aWRleGl0c3RyYXRlZ3kuY29t
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/siti-web/creare-sito/?lang=en&PR=DD27
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/wp-admin/admin-ajax.php
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/svg-support/js/min/s
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wpml-cms-nav/res/css
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/wp-content/plugins/bwp-minify/min/?f=wp-content/themes/dada/asset/js/lib/jqu
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/wp-content/themes/dada/favicon.ico
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/wp-includes/wlwmanifest.xml
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/wp-json/?lang=en%2Foembed%2F1.0%2Fembed&#038;url=https%3A%2F%2Fwww.register.
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/wp-json/?lang=en/
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/xmlrpc.php
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.register.it/xmlrpc.php?rsd
Source: pp-dr[1].htm.2.drString found in binary or memory: https://www.w3-edge.com/products/
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://www.zendesk.
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://www.zendesk.com/embeddables/?utm_source=webwidgetchat&utm_medium=poweredbyzendesk&utm_campai
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://www.zendesk.com/privacy
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://www.zopim.com
Source: widget_v2.327[1].js.2.drString found in binary or memory: https://www.zopim.com/auth/$NAME/$KEY-$MID
Source: widget_v2.327[1].js.2.dr