Analysis Report http://xf.gdprvalidate.de/

Overview

General Information

Sample URL: http://xf.gdprvalidate.de/
Analysis ID: 356828
Infos:

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

No high impact signatures.

Classification

There are no high impact signatures.

Compliance:

barindex
Uses new MSVCR Dlls
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKContent-Encoding: gzipContent-Type: text/html; charset=UTF-8Date: Tue, 23 Feb 2021 16:29:00 GMTServer: Apache/2.2.34 (Amazon)Vary: Accept-EncodingContent-Length: 20Connection: keep-aliveData Raw: 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKAccept-Ranges: bytesContent-Encoding: gzipContent-Type: image/vnd.microsoft.iconDate: Tue, 23 Feb 2021 16:29:01 GMTETag: "22f38-13e-5ac96e54073a8"Last-Modified: Tue, 11 Aug 2020 09:42:54 GMTServer: Apache/2.2.34 (Amazon)Vary: Accept-EncodingContent-Length: 62Connection: keep-aliveData Raw: 1f 8b 08 00 00 00 00 00 00 03 63 60 60 04 42 01 01 01 20 c9 c2 a0 c1 c8 c0 20 c6 c0 c0 a0 01 c4 02 40 ac 00 c4 20 71 10 68 60 40 00 01 28 fd ff ff 7f 86 91 0c 00 74 21 5b c8 3e 01 00 00 Data Ascii: c``B @ qh`@(t![>
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: xf.gdprvalidate.deConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: xf.gdprvalidate.deConnection: Keep-Alive
Source: msapplication.xml0.2.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x801534ae,0x01d70a4c</date><accdate>0x801534ae,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.2.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x801534ae,0x01d70a4c</date><accdate>0x801534ae,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.2.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x8019f957,0x01d70a4c</date><accdate>0x8019f957,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.2.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x8019f957,0x01d70a4c</date><accdate>0x8019f957,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.2.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x801c5be2,0x01d70a4c</date><accdate>0x801c5be2,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.2.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x801c5be2,0x01d70a4c</date><accdate>0x801c5be2,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: xf.gdprvalidate.de
Source: msapplication.xml.2.dr String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.2.dr String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.2.dr String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.2.dr String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.2.dr String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.2.dr String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.2.dr String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.2.dr String found in binary or memory: http://www.youtube.com/
Source: ~DF543357D77BC484B8.TMP.2.dr String found in binary or memory: http://xf.gdprvalidate.de/
Source: {AAA56A25-763F-11EB-90E4-ECF4BB862DED}.dat.2.dr String found in binary or memory: http://xf.gdprvalidate.de/Root
Source: imagestore.dat.3.dr String found in binary or memory: http://xf.gdprvalidate.de/favicon.ico
Source: classification engine Classification label: clean0.win@3/17@1/1
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF4A77A388F0ADC98B.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1956 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1956 CREDAT:17410 /prefetch:2 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 356828 URL: http://xf.gdprvalidate.de/ Startdate: 23/02/2021 Architecture: WINDOWS Score: 0 5 iexplore.exe 2 84 2->5         started        process3 7 iexplore.exe 2 33 5->7         started        dnsIp4 10 xf-gdprvalidate-de-368230675.eu-west-1.elb.amazonaws.com 54.228.229.1, 49703, 49704, 80 AMAZON-02US United States 7->10 12 xf.gdprvalidate.de 7->12
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
54.228.229.1
 unknown United States
16509 AMAZON-02US false

Contacted Domains

Name IP Active
xf-gdprvalidate-de-368230675.eu-west-1.elb.amazonaws.com 54.228.229.1 true
xf.gdprvalidate.de unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://xf.gdprvalidate.de/ false
    		unknown
    http://xf.gdprvalidate.de/favicon.ico false
    • Avira URL Cloud: safe
    		 unknown
    http://xf.gdprvalidate.de/ false
      		unknown