Analysis Report http://pics3.city-data.com/images/covid19/covid-19-btn.png

Overview

General Information

Sample URL: http://pics3.city-data.com/images/covid19/covid-19-btn.png
Analysis ID: 342953

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

No high impact signatures.

Classification

There are no high impact signatures.

Compliance:

barindex
Uses new MSVCR Dlls
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: global traffic HTTP traffic detected: GET /images/covid19/covid-19-btn.png HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: pics3.city-data.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: pics3.city-data.comConnection: Keep-Alive
Source: msapplication.xml0.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x7054780f,0x01d6f090</date><accdate>0x7054780f,0x01d6f090</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x7054780f,0x01d6f090</date><accdate>0x7054780f,0x01d6f090</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x7056da66,0x01d6f090</date><accdate>0x7056da66,0x01d6f090</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x7056da66,0x01d6f090</date><accdate>0x7056da66,0x01d6f090</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x70593ce2,0x01d6f090</date><accdate>0x70593ce2,0x01d6f090</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x70593ce2,0x01d6f090</date><accdate>0x70593ce2,0x01d6f090</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: pics3.city-data.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Jan 2021 22:29:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 02 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
Source: ~DF050F801E709E9CD1.TMP.1.dr String found in binary or memory: http://pics3.city-data.com/images/covid19/covid-19-btn.png
Source: {9B03AC28-5C83-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: http://pics3.city-data.com/images/covid19/covid-19-btn.pngRoot
Source: msapplication.xml.1.dr String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr String found in binary or memory: http://www.youtube.com/
Source: classification engine Classification label: clean0.win@3/16@2/1
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF95CCCC079EE04922.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3732 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3732 CREDAT:17410 /prefetch:2 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 342953 URL: http://pics3.city-data.com/... Startdate: 21/01/2021 Architecture: WINDOWS Score: 0 11 favicon.ico 2->11 6 iexplore.exe 2 84 2->6         started        process3 process4 8 iexplore.exe 2 33 6->8         started        dnsIp5 13 pics3.city-data.com 135.148.13.31, 49714, 49715, 80 AVAYAUS United States 8->13
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
135.148.13.31
 unknown United States
18676 AVAYAUS false

Contacted Domains

Name IP Active
pics3.city-data.com 135.148.13.31 true
favicon.ico unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://pics3.city-data.com/images/covid19/covid-19-btn.png false
    		high
    http://pics3.city-data.com/images/covid19/covid-19-btn.png false
      		high
      http://pics3.city-data.com/favicon.ico false
        		high