Analysis Report https://dostavkaolx.site

Overview

General Information

Sample URL:	https://dostavkaolx.site
Analysis ID:	433006
Infos:
Most interesting Screenshot:
Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Classification

Signatures

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Networking:

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Source: unknown

DNS traffic detected: query: dostavkaolx.site replaycode: Name error (3)

Source: unknown

DNS traffic detected: queries for: dostavkaolx.site

Source: ~DF5933E4E87066F407.TMP.2.dr	String found in binary or memory: https://dostavkaolx.site/
Source: {8B3A00B5-CAAC-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://dostavkaolx.site/Root

Source: classification engine

Classification label: unknown0.win@3/11@3/0

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF4120580C273D26FB.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5576 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5576 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

Contacted Domains

Name	IP	Active
dostavkaolx.site	unknown	unknown

ID:	433006
Product:	CloudBasic
Start time:	04:59:13
Start date:	11.06.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8B3A00B3-CAAC-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	238AC0C599E811B10DA1F41AED8147B9	CA8C340F40E9123DA28B3DA3343C1F642238FE06	2D1E4891B61A2F798D2AC1A96E8BAD2A6DDE333B8ED5D7FD1C9CE9BEEF854EF4
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B3A00B5-CAAC-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	431193D9C0C72847324722B1F40FB8A6	049390A41598B57125CF943E5A24A3967DA9975D	3FF7AB78C1FE490B916B1CDDFF46CB56EEBA1F2EE5A740AB7E70051E7E189556
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B3A00B6-CAAC-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	A082240EF43A0FF1BCF11CC5A781CEE2	4877D5433F77A0447829B3800CCA1DDD26E7A2A0	4416F89AE90EFA264944A37F2917EC6A4BBCF28640029BC9C75F3B9C9E73EE1F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	D65EC06F21C379C87040B83CC1ABAC6B	208D0A0BB775661758394BE7E4AFB18357E46C8B	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	DFEABDE84792228093A5A270352395B6	E41258C9576721025926326F76063C2305586F76	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	9234071287E637F85D721463C488704C	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	2DC61EB461DA1436F5D22BCE51425660	E1B79BCAB0F073868079D807FAEC669596DC46C1	ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	C4F558C4C8B56858F15C09037CD6625A	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
C:\Users\user\AppData\Local\Temp\~DF4120580C273D26FB.TMP	data	05EAD2274B56CE19D023513511C8C431	79282DD2C37DCD23139BC76DA1D510E1630867B8	37A06377DE97AE2F1B08563A0BD0E22750EF1A4A94F15B73DCA0EF0EAADBEC6D
C:\Users\user\AppData\Local\Temp\~DF5933E4E87066F407.TMP	data	310912BE580609AFB5AB211CCD9CA823	0D3F742F4ABC9340E59FDDAF454FB13E0CBE4FDC	377846969253E3C0490BA9F5E7F60EAAF6DDF8F1CA2EC2BC4717DC95C1B00148
C:\Users\user\AppData\Local\Temp\~DF7288BFC3A839848E.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA

Analysis Report https://dostavkaolx.site

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Domains