Analysis Report http://www.floridahealth.gov/_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-vaccine-update.png

Overview

General Information

Sample URL: http://www.floridahealth.gov/_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-vaccine-update.png
Analysis ID: 337124

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Queries the volume information (name, serial number etc) of a device

Classification

Source: global traffic HTTP traffic detected: GET /_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-vaccine-update.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: www.floridahealth.govConnection: Keep-Alive
Source: unknown DNS traffic detected: queries for: www.floridahealth.gov
Source: wget.exe, 00000002.00000002.260541552.0000000000BC0000.00000004.00000020.sdmp, cmdline.out.2.dr String found in binary or memory: http://www.floridahealth.gov/_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-va
Source: classification engine Classification label: clean0.win@4/2@1/1
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\Desktop\cmdline.out Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6604:120:WilError_01
Source: C:\Windows\SysWOW64\wget.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.floridahealth.gov/_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-vaccine-update.png' > cmdline.out 2>&1
Source: unknown Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.floridahealth.gov/_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-vaccine-update.png'
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.floridahealth.gov/_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-vaccine-update.png' Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: wget.exe, 00000002.00000002.260556415.0000000000D58000.00000004.00000020.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\wget.exe Queries volume information: C:\Users\user\Desktop\download VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 337124 URL: http://www.floridahealth.go... Startdate: 07/01/2021 Architecture: WINDOWS Score: 0 5 cmd.exe 2 2->5         started        process3 7 wget.exe 2 5->7         started        10 conhost.exe 5->10         started        dnsIp4 12 www.floridahealth.gov 199.250.31.29, 49716, 80 STATE-OF-FLAUS United States 7->12
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
199.250.31.29
 unknown United States
8103 STATE-OF-FLAUS false

Contacted Domains

Name IP Active
www.floridahealth.gov 199.250.31.29 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.floridahealth.gov/_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-vaccine-update.png false
    		high