Loading ...

Play interactive tourEdit tour

Analysis Report http://covid19-immunization-learning-program-2021.ca

Overview

General Information

Sample URL:http://covid19-immunization-learning-program-2021.ca
Analysis ID:403292
Infos:

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Found iframes

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 3008 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 4800 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3008 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 4744 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3008 CREDAT:17418 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09HTTP Parser: Iframe src: /en-us/authentication/silentsignin?ru=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fsilentsigninhandler
Source: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09HTTP Parser: Iframe src: /en-us/authentication/silentsignin?ru=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fsilentsigninhandler
Source: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09HTTP Parser: No <meta name="author".. found
Source: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09HTTP Parser: No <meta name="author".. found
Source: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09HTTP Parser: No <meta name="copyright".. found
Source: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 162.241.217.204:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.107.253.133:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.107.253.133:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.241.217.204:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.91:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.91:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.89:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.89:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.197.225.6:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.197.225.6:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.197.225.6:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.197.225.6:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.210.184.158:443 -> 192.168.2.3:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.74:443 -> 192.168.2.3:49810 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.74:443 -> 192.168.2.3:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.43:443 -> 192.168.2.3:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.74:443 -> 192.168.2.3:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.43:443 -> 192.168.2.3:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.74:443 -> 192.168.2.3:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.74:443 -> 192.168.2.3:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.21.74:443 -> 192.168.2.3:49812 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covid19-immunization-learning-program-2021.caConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /en-US/kb/enable-and-disable-cookies-website-preferences HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: support.mozilla.orgConnection: Keep-Alive
Source: delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09[1].htm.2.drString found in binary or memory: <a id="ocFacebookButton" class="ocShareButton" target="_blank" data-bi-bhvr="SOCIALSHARE" data-bi-name="facebook" data-bi-slot="1" ms.interactiontype="1" ms.ea_offer="SOC" ms.cmpgrp="Share" ms.ea_action="Goto" ms.pgarea="Body" href="https://www.facebook.com/sharer.php?u=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fmicrosoft-edge%2Fdelete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09"> equals www.facebook.com (Facebook)
Source: lightgallery[1].js.2.drString found in binary or memory: video = '<iframe class="lg-video-object lg-youtube ' + addClass + '" width="560" height="315" src="//www.youtube.com/embed/' + isVideo.youtube[1] + a + '" frameborder="0" allowfullscreen></iframe>'; equals www.youtube.com (Youtube)
Source: enhanced-tracking-protection-firefox-desktop[1].htm.2.drString found in binary or memory: <li><a class="youtube" href="https://www.youtube.com/firefoxchannel">YouTube<span> (firefoxchannel)</span></a></li> equals www.youtube.com (Youtube)
Source: style[1].css.2.drString found in binary or memory: Description: <strong>A superflexible and responsive Business Theme by Tranmautritam team</strong> - <br/>Update notifications available on twitter and facebook:<br/> <a href='https://twitter.com/tranmautritam'>Follow me on twitter</a><br/> - <a href='https://www.facebook.com/tranmautritam.designer'>Join the Facebook Group</a> A theme by <a href="http://themeforest.net/user/tranmautritam?ref=tranmautritam">Tranmautritam Team</a>. equals www.facebook.com (Facebook)
Source: style[1].css.2.drString found in binary or memory: Description: <strong>A superflexible and responsive Business Theme by Tranmautritam team</strong> - <br/>Update notifications available on twitter and facebook:<br/> <a href='https://twitter.com/tranmautritam'>Follow me on twitter</a><br/> - <a href='https://www.facebook.com/tranmautritam.designer'>Join the Facebook Group</a> A theme by <a href="http://themeforest.net/user/tranmautritam?ref=tranmautritam">Tranmautritam Team</a>. equals www.twitter.com (Twitter)
Source: unknownDNS traffic detected: queries for: covid19-immunization-learning-program-2021.ca
Source: cesis_transition[1].js.2.drString found in binary or memory: http://blog.alexmaccaw.com/css-transitions
Source: style[2].css.2.drString found in binary or memory: http://cesis.co
Source: style[1].css.2.drString found in binary or memory: http://cesis.co/
Source: fonticonpicker[1].js.2.drString found in binary or memory: http://codeb.it/fontIconPicker
Source: layerslider.transitions[1].js.2.drString found in binary or memory: http://codecanyon.net/licenses/
Source: layerslider.kreaturamedia.jquery[1].js.2.drString found in binary or memory: http://codecanyon.net/licenses/standard
Source: fitvids[1].js.2.drString found in binary or memory: http://css-tricks.com
Source: style[1].css.2.drString found in binary or memory: http://css-tricks.com/inheriting-box-sizing-probably-slightly-better-best-practice/
Source: animate.min[1].css.2.drString found in binary or memory: http://daneden.me/animate
Source: cesis_fittext[1].js.2.dr, fitvids[1].js.2.drString found in binary or memory: http://daverupert.com
Source: clientlib-site-min[1].css.7.dr, font-awesome-social[1].css.2.drString found in binary or memory: http://fontawesome.io
Source: clientlib-site-min[1].css.7.drString found in binary or memory: http://fontawesome.io/license
Source: appleicons_text[1].ttf.2.drString found in binary or memory: http://fontello.com
Source: appleicons_text[1].ttf.2.drString found in binary or memory: http://fontello.comappleicons_textRegularappleicons_textappleicons_textVersion
Source: appleicons_thin[1].ttf.2.drString found in binary or memory: http://fontello.comappleicons_thinRegularappleicons_thinappleicons_thinVersion
Source: appleicons_ultralight[1].ttf.2.drString found in binary or memory: http://fontello.comappleicons_ultralightRegularappleicons_ultralightappleicons_ultralightVersion
Source: cesis_collapse[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#collapse
Source: cesis_transition[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#transitions
Source: 17-f90ef1[1].js.2.drString found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: 2.d97c81c1.chunk[1].css.2.drString found in binary or memory: http://github.com/semantic-org/semantic-ui/
Source: privacy-policy[1].htm.2.drString found in binary or memory: http://gmpg.org/xfn/11
Source: jquery.themepunch.tools.min[1].js.2.drString found in binary or memory: http://greensock.com
Source: jquery.themepunch.tools.min[1].js.2.drString found in binary or memory: http://greensock.com/club/
Source: jquery.themepunch.tools.min[1].js.2.drString found in binary or memory: http://greensock.com/standard-license
Source: cesis_easing[1].js.2.drString found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: isotope[1].js.2.drString found in binary or memory: http://isotope.metafizzy.co
Source: effect.min[1].js.2.drString found in binary or memory: http://jquery.org/license
Source: screen.845fb9a46a00[1].css.2.dr, effect.min[1].js.2.drString found in binary or memory: http://jqueryui.com
Source: screen.845fb9a46a00[1].css.2.drString found in binary or memory: http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&
Source: authorize[1].htm.2.drString found in binary or memory: http://knockoutjs.com/
Source: jquery.themepunch.tools.min[1].js.2.drString found in binary or memory: http://labs.skinkers.com/touchSwipe/
Source: mac[1].htm.2.drString found in binary or memory: http://ogp.me/ns#
Source: 2.d97c81c1.chunk[1].css.2.dr, animate.min[1].css.2.drString found in binary or memory: http://opensource.org/licenses/MIT
Source: jquery.themepunch.tools.min[1].js.2.drString found in binary or memory: http://plugins.jquery.com/project/touchSwipe
Source: app-apd-route[1].js.2.drString found in binary or memory: http://purl.eligrey.com/github/classList.js/blob/master/classList.js
Source: lightgallery[1].js.2.drString found in binary or memory: http://sachinchoolur.github.io/lightGallery
Source: cesis_plugins[1].css.2.drString found in binary or memory: http://sachinchoolur.github.io/lightGallery/
Source: cesis_fittext[1].js.2.dr, fitvids[1].js.2.drString found in binary or memory: http://sam.zoy.org/wtfpl/
Source: 7TBY4BLD.htm.7.drString found in binary or memory: http://schema.org
Source: mac[1].htm.2.drString found in binary or memory: http://schema.org/
Source: delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09[1].htm.2.drString found in binary or memory: http://schema.org/Organization
Source: scrollmagic[1].js.2.drString found in binary or memory: http://scrollmagic.io
Source: the-grid.min[1].js.2.drString found in binary or memory: http://theme-one.com/the-grid/
Source: style[1].css.2.drString found in binary or memory: http://themeforest.net/user/tranmautritam?ref=tranmautritam
Source: smartmenus[1].js.2.drString found in binary or memory: http://vadikom.com/
Source: lightgallery[1].js.2.drString found in binary or memory: http://vk.com/video_ext.php?
Source: fitvids[1].js.2.drString found in binary or memory: http://www.alistapart.com/articles/creating-intrinsic-ratios-for-video/
Source: launch[1].js.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: post-office-logo[1].svg.2.dr, target-icon[1].svg.2.drString found in binary or memory: http://www.bohemiancoding.com/sketch
Source: jquery.themepunch.tools.min[1].js.2.drString found in binary or memory: http://www.github.com/mattbryson
Source: cesis_transition[1].js.2.drString found in binary or memory: http://www.modernizr.com/)
Source: smartmenus[1].js.2.drString found in binary or memory: http://www.opensource.org/licenses/MIT
Source: authorize[1].htm.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: smartmenus[1].js.2.drString found in binary or memory: http://www.smartmenus.org/
Source: settings[1].css.2.drString found in binary or memory: http://www.themepunch.com
Source: js[1].js0.2.drString found in binary or memory: https://adservice.google.com/ddm/regclk
Source: js[1].js0.2.drString found in binary or memory: https://adservice.google.com/pagead/regclk
Source: 7931d9d5_panel-en-gb[1].js.2.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: privacy-policy[1].htm.2.dr, 1BTS334A.htm.2.drString found in binary or memory: https://api.w.org/
Source: delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09[1].htm.2.drString found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.3.5.js
Source: enhanced-tracking-protection-firefox-desktop[1].htm.2.drString found in binary or memory: https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
Source: enhanced-tracking-protection-firefox-desktop[1].htm.2.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1122305#c8
Source: js[1].js0.2.drString found in binary or memory: https://cct.google/taggy/agent.js
Source: delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09[1].htm.2.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09[1].htm.2.drString found in binary or memory: https://channel9.msdn.com/
Source: {2E0548C9-ACB2-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://cookienotice.a
Source: {34120186-ACB2-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DF07B1C91B77A8F6EB.TMP.1.drString found in binary or memory: https://cookienotice.astrazeneca.com/
Source: {34120186-ACB2-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://cookienotice.astrazeneca.com/Root