Analysis Report https://covidhelponline2021.weeblysite.com

Overview

General Information

Sample URL: https://covidhelponline2021.weeblysite.com
Analysis ID: 356637
Infos:

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

No high impact signatures.

Classification

There are no high impact signatures.

Compliance:

barindex
Uses new MSVCR Dlls
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Uses secure TLS version for HTTPS connections
Source: unknown HTTPS traffic detected: 199.34.228.96:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.96:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.160.166.122:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.160.166.122:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.115.50.109:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.115.50.109:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.115.50.109:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: msapplication.xml0.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x01380f4f,0x01d70a2d</date><accdate>0x01380f4f,0x01d70a2d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x01380f4f,0x01d70a2d</date><accdate>0x01380f4f,0x01d70a2d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x013cd414,0x01d70a2d</date><accdate>0x013cd414,0x01d70a2d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x013cd414,0x01d70a2d</date><accdate>0x013cd414,0x01d70a2d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x013f3654,0x01d70a2d</date><accdate>0x013f3654,0x01d70a2d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x013f3654,0x01d70a2d</date><accdate>0x013f3654,0x01d70a2d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: covidhelponline2021.weeblysite.com
Source: msapplication.xml.1.dr String found in binary or memory: http://www.amazon.com/
Source: site.f44a6688aa88623a2763.en[1].js.3.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: msapplication.xml1.1.dr String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr String found in binary or memory: http://www.youtube.com/
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://cdn3.editmysite.com/app/checkout/assets/checkout/css/cko.eb82ee0f540ba06ea13f.css
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://cdn3.editmysite.com/app/checkout/assets/checkout/imports.en.54e680e192871c52445bafbe6f10952b
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://cdn3.editmysite.com/app/checkout/assets/checkout/js/system.min.b9e210033fc5b0895164e282cbf89
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://cdn3.editmysite.com/app/website/
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://cdn3.editmysite.com/app/website/css/site.f44a6688aa88623a2763.css
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://cdn3.editmysite.com/app/website/js/runtime.96967201c3505cb8fdb8.en.js
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://cdn3.editmysite.com/app/website/js/site.f44a6688aa88623a2763.en.js
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://cdn4.editmysite.com
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://covidhelponline2021.weeblysite.com
Source: ~DF2731724A6CAEF4F2.TMP.1.dr String found in binary or memory: https://covidhelponline2021.weeblysite.com/
Source: covidhelponline2021.weeblysite[1].xml.3.dr String found in binary or memory: https://covidhelponline2021.weeblysite.com/&quot;
Source: {2A43A59D-7620-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://covidhelponline2021.weeblysite.com/Root
Source: site.f44a6688aa88623a2763.en[1].js.3.dr String found in binary or memory: https://f.fontdeck.com/s/css/js/
Source: site.f44a6688aa88623a2763.en[1].js.3.dr String found in binary or memory: https://feross.org
Source: site.f44a6688aa88623a2763[1].css.3.dr String found in binary or memory: https://getbootstrap.com/)
Source: site.f44a6688aa88623a2763[1].css.3.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://images.editor.website
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://js.squareup.com/v2/paymentform
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://sandbox.square.online
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://square.online
Source: site.f44a6688aa88623a2763.en[1].js.3.dr String found in binary or memory: https://use.typekit.net
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://www.editmysite.com
Source: 00ZGOGJ5.htm.3.dr String found in binary or memory: https://www.weebly.com
Source: imagestore.dat.3.dr, 00ZGOGJ5.htm.3.dr String found in binary or memory: https://www.weebly.com/favicon.ico
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown HTTPS traffic detected: 199.34.228.96:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.96:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.160.166.122:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.160.166.122:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.115.50.109:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.115.50.109:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.115.50.109:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: classification engine Classification label: clean0.win@3/26@6/4
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF7E675D25F30E818C.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4084 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4084 CREDAT:17410 /prefetch:2 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 356637 URL: https://covidhelponline2021... Startdate: 23/02/2021 Architecture: WINDOWS Score: 0 11 www.weebly.com 2->11 13 weebly.com 2->13 6 iexplore.exe 2 83 2->6         started        process3 process4 8 iexplore.exe 6 46 6->8         started        dnsIp5 15 weeblysite.com 199.34.228.96, 443, 49708, 49709 WEEBLYUS United States 8->15 17 weebly.com 74.115.50.109, 443, 49721, 49722 WEEBLYUS United States 8->17 19 7 other IPs or domains 8->19
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
74.115.50.109
 unknown United States
27647 WEEBLYUS false
199.34.228.96
 unknown United States
27647 WEEBLYUS false
151.101.1.46
 unknown United States
54113 FASTLYUS false
35.160.166.122
 unknown United States
16509 AMAZON-02US false

Contacted Domains

Name IP Active
sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com 35.160.166.122 true
weebly.map.fastly.net 151.101.1.46 true
weeblysite.com 199.34.228.96 true
weebly.com 74.115.50.109 true
ec.editmysite.com unknown unknown
covidhelponline2021.weeblysite.com unknown unknown
cdn2.editmysite.com unknown unknown
www.weebly.com unknown unknown
cdn3.editmysite.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://covidhelponline2021.weeblysite.com/ false
    		unknown