Analysis Report http://hudsoncovidvax.org/register

Overview

General Information

Sample URL: http://hudsoncovidvax.org/register
Analysis ID: 354427

Most interesting Screenshot:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Detected potential crypto function
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)

Classification

Compliance:

barindex
Uses new MSVCR Dlls
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Uses secure TLS version for HTTPS connections
Source: unknown HTTPS traffic detected: 52.222.120.45:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.120.45:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.120.45:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: global traffic HTTP traffic detected: GET /register HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: hudsoncovidvax.orgConnection: Keep-Alive
Source: msapplication.xml0.4.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbdcfa0fe,0x01d705b3</date><accdate>0xbdcfa0fe,0x01d705b3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.4.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbdcfa0fe,0x01d705b3</date><accdate>0xbdcfa0fe,0x01d705b3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.4.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbdd20301,0x01d705b3</date><accdate>0xbdd20301,0x01d705b3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.4.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbdd20301,0x01d705b3</date><accdate>0xbdd20301,0x01d705b3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.4.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbdd46566,0x01d705b3</date><accdate>0xbdd46566,0x01d705b3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.4.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbdd46566,0x01d705b3</date><accdate>0xbdd46566,0x01d705b3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: hudsoncovidvax.org
Source: wget.exe, 00000003.00000003.199978132.0000000002E89000.00000004.00000001.sdmp String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: wget.exe, 00000003.00000003.199978132.0000000002E89000.00000004.00000001.sdmp String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: wget.exe, 00000003.00000003.199978132.0000000002E89000.00000004.00000001.sdmp String found in binary or memory: http://cps.letsencrypt.org
Source: wget.exe, 00000003.00000003.199978132.0000000002E89000.00000004.00000001.sdmp String found in binary or memory: http://cps.letsencrypt.org0
Source: wget.exe, 00000003.00000003.199978132.0000000002E89000.00000004.00000001.sdmp String found in binary or memory: http://cps.root-x1.letsencrypt.org
Source: wget.exe, 00000003.00000003.199978132.0000000002E89000.00000004.00000001.sdmp String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: wget.exe String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000003.00000003.199985294.0000000002E45000.00000004.00000001.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000003.00000003.199985294.0000000002E45000.00000004.00000001.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crlh
Source: wget.exe, wget.exe, 00000003.00000003.199978132.0000000002E89000.00000004.00000001.sdmp String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Source: wget.exe, 00000003.00000003.199978132.0000000002E89000.00000004.00000001.sdmp String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: wget.exe, 00000003.00000002.200221225.0000000000B10000.00000004.00000020.sdmp, cmdline.out.3.dr String found in binary or memory: http://hudsoncovidvax.org/register
Source: wget.exe, 00000003.00000003.199985294.0000000002E45000.00000004.00000001.sdmp String found in binary or memory: http://hudsoncovidvax.org/registerS
Source: app[1].js.5.dr String found in binary or memory: http://new.gramota.ru/spravka/buro/search-answer?s=242637
Source: app[1].js.5.dr String found in binary or memory: http://new.gramota.ru/spravka/rules/139-prop
Source: app[1].css.5.dr String found in binary or memory: http://nicolasgallagher.com/micro-clearfix-hack/
Source: app[1].js.5.dr String found in binary or memory: http://praleska.pro/
Source: wget.exe, 00000003.00000003.199978132.0000000002E89000.00000004.00000001.sdmp String found in binary or memory: http://r3.i.lencr.org/
Source: wget.exe, 00000003.00000003.199978132.0000000002E89000.00000004.00000001.sdmp String found in binary or memory: http://r3.i.lencr.org/0
Source: wget.exe, 00000003.00000003.199978132.0000000002E89000.00000004.00000001.sdmp String found in binary or memory: http://r3.o.lencr.org0
Source: msapplication.xml.4.dr String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.4.dr String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.4.dr String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.4.dr String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.4.dr String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.4.dr String found in binary or memory: http://www.twitter.com/
Source: app[1].js.5.dr String found in binary or memory: http://www.unicode.org/cldr/charts/28/summary/ru.html#1753
Source: msapplication.xml6.4.dr String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.4.dr String found in binary or memory: http://www.youtube.com/
Source: register.3.dr String found in binary or memory: https://cdn.jsdelivr.net/npm/apexcharts
Source: register.3.dr String found in binary or memory: https://covid19.nj.gov/
Source: app[1].css.5.dr String found in binary or memory: https://dbushell.com/
Source: register.3.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Nunito
Source: css[1].css.5.dr String found in binary or memory: https://fonts.gstatic.com/s/nunito/v16/XRXV3I6Li01BKofINeaH.woff)
Source: app[1].js.5.dr String found in binary or memory: https://github.com/Amine27
Source: app[1].js.5.dr String found in binary or memory: https://github.com/B0k0
Source: app[1].js.5.dr String found in binary or memory: https://github.com/BYK
Source: app[1].js.5.dr String found in binary or memory: https://github.com/DevelopmentIL
Source: app[1].js.5.dr String found in binary or memory: https://github.com/ElFadiliY
Source: app[1].js.5.dr String found in binary or memory: https://github.com/IrakliJani
Source: app[1].js.5.dr String found in binary or memory: https://github.com/JanisE
Source: app[1].js.5.dr String found in binary or memory: https://github.com/Kaushik1987
Source: app[1].js.5.dr String found in binary or memory: https://github.com/MadMG
Source: app[1].js.5.dr String found in binary or memory: https://github.com/Manfre98
Source: app[1].js.5.dr String found in binary or memory: https://github.com/Oire
Source: app[1].js.5.dr String found in binary or memory: https://github.com/Quenty31
Source: app[1].js.5.dr String found in binary or memory: https://github.com/ShahramMebashar
Source: app[1].js.5.dr String found in binary or memory: https://github.com/TalAter
Source: app[1].js.5.dr String found in binary or memory: https://github.com/Viktorminator
Source: app[1].js.5.dr String found in binary or memory: https://github.com/WikiDiscoverer
Source: app[1].js.5.dr String found in binary or memory: https://github.com/ZackVision
Source: app[1].js.5.dr String found in binary or memory: https://github.com/abdelsaid
Source: app[1].js.5.dr String found in binary or memory: https://github.com/adambrunner
Source: app[1].js.5.dr String found in binary or memory: https://github.com/alesma
Source: app[1].js.5.dr String found in binary or memory: https://github.com/aliem
Source: app[1].js.5.dr String found in binary or memory: https://github.com/amaranthrose
Source: app[1].js.5.dr String found in binary or memory: https://github.com/andela-batolagbe
Source: app[1].js.5.dr String found in binary or memory: https://github.com/andrewhood125
Source: app[1].js.5.dr String found in binary or memory: https://github.com/anthonylau
Source: app[1].js.5.dr String found in binary or memory: https://github.com/armendarabyan
Source: app[1].js.5.dr String found in binary or memory: https://github.com/askpt
Source: app[1].js.5.dr String found in binary or memory: https://github.com/atamyratabdy
Source: app[1].js.5.dr String found in binary or memory: https://github.com/avaly
Source: app[1].js.5.dr String found in binary or memory: https://github.com/bangnk
Source: app[1].js.5.dr String found in binary or memory: https://github.com/baryon
Source: app[1].js.5.dr String found in binary or memory: https://github.com/ben-lin
Source: app[1].js.5.dr String found in binary or memory: https://github.com/bkyceh
Source: app[1].js.5.dr String found in binary or memory: https://github.com/bleadof
Source: app[1].js.5.dr String found in binary or memory: https://github.com/bmarkovic
Source: app[1].js.5.dr String found in binary or memory: https://github.com/boyaq
Source: app[1].js.5.dr String found in binary or memory: https://github.com/bustta
Source: app[1].js.5.dr String found in binary or memory: https://github.com/caio-ribeiro-pereira
Source: app[1].js.5.dr String found in binary or memory: https://github.com/cepem
Source: app[1].js.5.dr String found in binary or memory: https://github.com/chienkira
Source: app[1].js.5.dr String found in binary or memory: https://github.com/chrisrodz
Source: app[1].js.5.dr String found in binary or memory: https://github.com/chyngyz
Source: app[1].js.5.dr String found in binary or memory: https://github.com/colindean
Source: app[1].js.5.dr String found in binary or memory: https://github.com/demidov91
Source: app[1].js.5.dr String found in binary or memory: https://github.com/ebraminio
Source: app[1].js.5.dr String found in binary or memory: https://github.com/erhangundogan
Source: app[1].js.5.dr String found in binary or memory: https://github.com/estellecomment
Source: app[1].js.5.dr String found in binary or memory: https://github.com/evoL
Source: app[1].js.5.dr String found in binary or memory: https://github.com/flakerimi
Source: app[1].js.5.dr String found in binary or memory: https://github.com/floydpink
Source: app[1].js.5.dr String found in binary or memory: https://github.com/forabi
Source: app[1].js.5.dr String found in binary or memory: https://github.com/frontyard
Source: app[1].js.5.dr String found in binary or memory: https://github.com/gaspard
Source: app[1].js.5.dr String found in binary or memory: https://github.com/gholadr
Source: app[1].js.5.dr String found in binary or memory: https://github.com/gurdiga
Source: app[1].js.5.dr String found in binary or memory: https://github.com/harpreetkhalsagtbit
Source: app[1].js.5.dr String found in binary or memory: https://github.com/hehachris
Source: app[1].js.5.dr String found in binary or memory: https://github.com/hinrik
Source: app[1].js.5.dr String found in binary or memory: https://github.com/ibnesayeed
Source: app[1].js.5.dr String found in binary or memory: https://github.com/jalex79
Source: app[1].js.5.dr String found in binary or memory: https://github.com/javkhaanj7
Source: app[1].js.5.dr String found in binary or memory: https://github.com/jawish
Source: app[1].js.5.dr String found in binary or memory: https://github.com/jbleduigou
Source: app[1].js.5.dr String found in binary or memory: https://github.com/jfroffice
Source: app[1].js.5.dr String found in binary or memory: https://github.com/johnideal
Source: app[1].js.5.dr String found in binary or memory: https://github.com/jonashdown
Source: app[1].js.5.dr String found in binary or memory: https://github.com/jonbca
Source: app[1].js.5.dr String found in binary or memory: https://github.com/jorisroling
Source: app[1].js.5.dr String found in binary or memory: https://github.com/joshbrooks
Source: app[1].js.5.dr String found in binary or memory: https://github.com/juanghurtado
Source: app[1].js.5.dr String found in binary or memory: https://github.com/julionc
Source: app[1].js.5.dr String found in binary or memory: https://github.com/k2s
Source: app[1].js.5.dr String found in binary or memory: https://github.com/kalehv
Source: app[1].js.5.dr String found in binary or memory: https://github.com/karamell
Source: app[1].js.5.dr String found in binary or memory: https://github.com/kaushikgandhi
Source: app[1].js.5.dr String found in binary or memory: https://github.com/kcthota
Source: app[1].js.5.dr String found in binary or memory: https://github.com/kikoanis
Source: app[1].js.5.dr String found in binary or memory: https://github.com/kraz
Source: app[1].js.5.dr String found in binary or memory: https://github.com/kruyvanna
Source: app[1].js.5.dr String found in binary or memory: https://github.com/kwisatz
Source: app[1].js.5.dr String found in binary or memory: https://github.com/kyungw00k
Source: app[1].js.5.dr String found in binary or memory: https://github.com/le0tan
Source: app[1].js.5.dr String found in binary or memory: https://github.com/lluchs
Source: app[1].js.5.dr String found in binary or memory: https://github.com/madhenry
Source: app[1].js.5.dr String found in binary or memory: https://github.com/marobo
Source: app[1].js.5.dr String found in binary or memory: https://github.com/mayanksinghal
Source: app[1].js.5.dr String found in binary or memory: https://github.com/mechuwind
Source: app[1].js.5.dr String found in binary or memory: https://github.com/mehiel
Source: app[1].js.5.dr String found in binary or memory: https://github.com/middagj
Source: app[1].js.5.dr String found in binary or memory: https://github.com/miestasmia
Source: app[1].js.5.dr String found in binary or memory: https://github.com/mik01aj
Source: app[1].js.5.dr String found in binary or memory: https://github.com/milan-j
Source: app[1].js.5.dr String found in binary or memory: https://github.com/miodragnikac
Source: app[1].js.5.dr String found in binary or memory: https://github.com/mirontoli
Source: app[1].js.5.dr String found in binary or memory: https://github.com/mmozuras
Source: app[1].css.5.dr String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/14
Source: app[1].css.5.dr String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/4
Source: app[1].js.5.dr String found in binary or memory: https://github.com/mrbase
Source: app[1].js.5.dr String found in binary or memory: https://github.com/muminoff
Source: app[1].js.5.dr String found in binary or memory: https://github.com/mweimerskirch
Source: app[1].js.5.dr String found in binary or memory: https://github.com/naderio
Source: app[1].js.5.dr String found in binary or memory: https://github.com/narainsagar
Source: app[1].js.5.dr String found in binary or memory: https://github.com/nostalgiaz
Source: app[1].js.5.dr String found in binary or memory: https://github.com/noureddinem
Source: app[1].js.5.dr String found in binary or memory: https://github.com/nurlan
Source: app[1].js.5.dr String found in binary or memory: https://github.com/nusretparlak
Source: app[1].js.5.dr String found in binary or memory: https://github.com/oerd
Source: app[1].js.5.dr String found in binary or memory: https://github.com/orif-jr
Source: app[1].js.5.dr String found in binary or memory: https://github.com/petrbela
Source: app[1].js.5.dr String found in binary or memory: https://github.com/ragnar123
Source: app[1].js.5.dr String found in binary or memory: https://github.com/ragulka
Source: app[1].js.5.dr String found in binary or memory: https://github.com/rajeevnaikte
Source: app[1].js.5.dr String found in binary or memory: https://github.com/rexxars
Source: app[1].js.5.dr String found in binary or memory: https://github.com/robgallen
Source: app[1].js.5.dr String found in binary or memory: https://github.com/robin0van0der0v
Source: app[1].js.5.dr String found in binary or memory: https://github.com/ryangreaves
Source: app[1].js.5.dr String found in binary or memory: https://github.com/ryanhart2
Source: app[1].js.5.dr String found in binary or memory: https://github.com/sakarisson
Source: app[1].js.5.dr String found in binary or memory: https://github.com/sampathsris
Source: app[1].js.5.dr String found in binary or memory: https://github.com/sedovsek
Source: app[1].js.5.dr String found in binary or memory: https://github.com/sigurdga
Source: app[1].js.5.dr String found in binary or memory: https://github.com/sirn
Source: app[1].js.5.dr String found in binary or memory: https://github.com/skakri
Source: app[1].js.5.dr String found in binary or memory: https://github.com/skfd
Source: app[1].js.5.dr String found in binary or memory: https://github.com/socketpair
Source: app[1].js.5.dr String found in binary or memory: https://github.com/soniasimoes
Source: app[1].js.5.dr String found in binary or memory: https://github.com/sschueller
Source: app[1].js.5.dr String found in binary or memory: https://github.com/stephenramthun
Source: app[1].css.5.dr String found in binary or memory: https://github.com/suitcss/base
Source: app[1].js.5.dr String found in binary or memory: https://github.com/suupic
Source: app[1].js.5.dr String found in binary or memory: https://github.com/suvash
Source: apexcharts[1].js.5.dr String found in binary or memory: https://github.com/svgdotjs/svg.draggable.js
Source: app[1].css.5.dr String found in binary or memory: https://github.com/tailwindcss/tailwindcss/issues/362
Source: app[1].css.5.dr String found in binary or memory: https://github.com/tailwindcss/tailwindcss/pull/116
Source: app[1].js.5.dr String found in binary or memory: https://github.com/thanyawzinmin
Source: app[1].js.5.dr String found in binary or memory: https://github.com/tk120404
Source: app[1].js.5.dr String found in binary or memory: https://github.com/tomer
Source: app[1].js.5.dr String found in binary or memory: https://github.com/topchiyev
Source: app[1].js.5.dr String found in binary or memory: https://github.com/ulmus
Source: app[1].js.5.dr String found in binary or memory: https://github.com/uu109
Source: app[1].js.5.dr String found in binary or memory: https://github.com/vajradog
Source: app[1].js.5.dr String found in binary or memory: https://github.com/vnathalye
Source: app[1].js.5.dr String found in binary or memory: https://github.com/wernerm
Source: apexcharts[1].js.5.dr String found in binary or memory: https://github.com/wout/svg.filter.js
Source: app[1].js.5.dr String found in binary or memory: https://github.com/xfh
Source: app[1].js.5.dr String found in binary or memory: https://github.com/xsoh
Source: app[1].js.5.dr String found in binary or memory: https://github.com/zemlanin
Source: app[1].js.5.dr String found in binary or memory: https://github.com/zenozeng
Source: register.3.dr String found in binary or memory: https://hudson-county-coronavirus-resources-hudsoncogis.hub.arcgis.com/
Source: register.3.dr String found in binary or memory: https://hudsoncovidvax.org/css/app.css
Source: register.3.dr String found in binary or memory: https://hudsoncovidvax.org/js/app.js
Source: register.3.dr String found in binary or memory: https://hudsoncovidvax.org/login
Source: cmdline.out.3.dr String found in binary or memory: https://hudsoncovidvax.org/register
Source: wget.exe, 00000003.00000003.199985294.0000000002E45000.00000004.00000001.sdmp String found in binary or memory: https://hudsoncovidvax.org/registerrg)
Source: app[1].js.5.dr String found in binary or memory: https://nodejs.org/api/http.html#http_message_headers
Source: register.3.dr String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/index.html
Source: register.3.dr String found in binary or memory: https://www.hudsonregional.org/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown HTTPS traffic detected: 52.222.120.45:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.120.45:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.120.45:443 -> 192.168.2.3:49719 version: TLS 1.2

System Summary:

barindex
Detected potential crypto function
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4E9AA 3_3_02E4E9AA
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E51F94 3_3_02E51F94
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E48310 3_3_02E48310
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E51F94 3_2_02E51F94
Source: classification engine Classification label: clean1.win@7/19@3/1
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\Desktop\cmdline.out Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6076:120:WilError_01
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF0BFD6412979B4C12.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: wget.exe String found in binary or memory: ext-sm leading-5 text-gray-500"> <img class="h-6 w-6 w-auto" src="/images/loading.gif" alt="Loader" /> </div> </div> </div> </div> </div> <div class="bg-gray-50 px-4 py-3
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://hudsoncovidvax.org/register' > cmdline.out 2>&1
Source: unknown Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://hudsoncovidvax.org/register'
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Desktop\download\register.html
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:752 CREDAT:17410 /prefetch:2
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://hudsoncovidvax.org/register' Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:752 CREDAT:17410 /prefetch:2 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior

Data Obfuscation:

barindex
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E470C8 push 000100CFh; iretd 3_3_02E470DB
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4D2A5 pushad ; retn 0078h 3_3_02E4D2B5
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4F42A push ss; iretd 3_3_02E4F42B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E53235 push ecx; retf 3_3_02E5324B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4F235 push edx; iretd 3_3_02E4F24B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E5123D push edx; iretd 3_3_02E51253
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E53205 push esi; retf 3_3_02E53233
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4F205 push esp; iretd 3_3_02E4F21B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4520D push edx; iretd 3_3_02E45223
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E47215 push edx; iretd 3_3_02E4722B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4D210 push edi; iretd 3_3_02E4D22B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4921D push edx; iretd 3_3_02E49233
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4F21D push edi; iretd 3_3_02E4F233
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E471E5 push esp; iretd 3_3_02E471FB
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4D3E0 push ss; iretd 3_3_02E4D423
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E471FD push edi; iretd 3_3_02E47213
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4D1FD pushad ; retn 0078h 3_3_02E4D20D
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E551C2 push ecx; iretd 3_3_02E551C3
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E451DD push edi; iretd 3_3_02E4520B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_3_02E4734D push ss; iretd 3_3_02E4740B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E58057 pushad ; iretd 3_2_02E5805B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E4F42A push ss; iretd 3_2_02E4F42B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E53235 push ecx; retf 3_2_02E5324B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E4F235 push edx; iretd 3_2_02E4F24B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E5123D push edx; iretd 3_2_02E51253
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E53205 push esi; retf 3_2_02E53233
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E4F205 push esp; iretd 3_2_02E4F21B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E4D210 push edi; iretd 3_2_02E4D22B
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E4921D push edx; iretd 3_2_02E49233
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E4F21D push edi; iretd 3_2_02E4F233
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_02E4D3E0 push ss; iretd 3_2_02E4D423

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\wget.exe Queries volume information: C:\Users\user\Desktop\download VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 354427 URL: http://hudsoncovidvax.org/r... Startdate: 17/02/2021 Architecture: WINDOWS Score: 1 5 cmd.exe 2 2->5         started        7 iexplore.exe 2 84 2->7         started        process3 9 wget.exe 2 5->9         started        12 conhost.exe 5->12         started        14 iexplore.exe 35 7->14         started        dnsIp4 16 hudsoncovidvax.org 52.222.120.45, 443, 49712, 49714 AMAZONEXPANSIONGB United States 9->16 18 cdn.jsdelivr.net 14->18
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
52.222.120.45
 unknown United States
8987 AMAZONEXPANSIONGB false

Contacted Domains

Name IP Active
hudsoncovidvax.org 52.222.120.45 true
cdn.jsdelivr.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://hudsoncovidvax.org/register false
    		unknown