Windows Analysis Report http://3c4e7b.zgmwgzfzdwxnrfq.com

Overview

General Information

Sample URL:	http://3c4e7b.zgmwgzfzdwxnrfq.com
Analysis ID:	438537
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 185.53.179.91:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.53.179.91:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.160:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.160:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.160:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.53.179.91:443 -> 192.168.2.3:49737 version: TLS 1.2

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: 3c4e7b.zgmwgzfzdwxnrfq.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: 3c4e7b.zgmwgzfzdwxnrfq.com

Source: C4004G0V.htm.2.dr	String found in binary or memory: http://parkingcrew.net/assets
Source: webfont[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: caf[1].js0.2.dr	String found in binary or memory: https://adservice.google.com
Source: caf[1].js0.2.dr, caf[1].js.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax
Source: caf[1].js0.2.dr	String found in binary or memory: https://attestation.android.com
Source: caf[1].js0.2.dr	String found in binary or memory: https://fonts.googleapis.com/css
Source: C4004G0V.htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Poppins:300
Source: css[1].css1.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/matesc/v11/-nF8OGQ1-uoVr2wK-iLT8A.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlEw.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfedA.woff)
Source: C4004G0V.htm.2.dr	String found in binary or memory: https://parking-crew.com/track.
Source: ads[1].htm.2.dr	String found in binary or memory: https://pr.cremationservicesnewusanet.com/%253Fbackfill%253D0%2526KW1%253DCremation%252BCost%2526KW2
Source: {8A846DAE-D3C0-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DF0EAA380694CF522F.TMP.1.dr	String found in binary or memory: https://pr.cremationservicesnewusanet.com/?backfill=0&KW1=Cremation
Source: webfont[1].js.2.dr	String found in binary or memory: https://use.typekit.net
Source: ads[1].htm.2.dr	String found in binary or memory: https://www.google.com/adsense/support/bin/request.py?contact
Source: ads[1].htm.2.dr	String found in binary or memory: https://www.google.com/dp/ads?adtest%3Doff%26channel%3D000001
Source: caf[1].js0.2.dr, caf[1].js.2.dr	String found in binary or memory: https://www.google.com/uds

Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 185.53.179.91:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.53.179.91:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.160:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.160:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.160:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.53.179.91:443 -> 192.168.2.3:49737 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/24@5/4

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF72E20344339451D6.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4580 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4580 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.224.194.160	d1lxhc4jvstzrp.cloudfront.net	United States	16509	AMAZON-02US	false
185.53.179.91	pr.cremationservicesnewusanet.com	Germany	61969	TEAMINTERNET-ASDE	false
13.224.193.70	dk8g5exin21my.cloudfront.net	United States	16509	AMAZON-02US	false
216.58.212.161	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false

Contacted Domains

Name	IP	Active
dk8g5exin21my.cloudfront.net	13.224.193.70	true
pr.cremationservicesnewusanet.com	185.53.179.91	true
d1lxhc4jvstzrp.cloudfront.net	13.224.194.160	true
googlehosted.l.googleusercontent.com	216.58.212.161	true
afs.googleusercontent.com	unknown	unknown
3c4e7b.zgmwgzfzdwxnrfq.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://3c4e7b.zgmwgzfzdwxnrfq.com/	false	Avira URL Cloud: safe	unknown

ID:	438537
Product:	CloudBasic
Start time:	18:15:05
Start date:	22.06.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8A846DAC-D3C0-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	7C7EA8F34EBF4FC6DFD4CCB00AFE16CD	6DFCA7F449AA4FB2370A190B7AF39B0E910702C4	F63346C29FFC48F4726D6E187497511738F1971F9155732A1AA4AA59C8872796
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A846DAE-D3C0-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	E40522EF391BBEBE0751BE97352836CC	3ED13598ABF88E328952207DE5C0AAF8EE50BA42	FBAF1082D55F6432A436A83A71AD6EA88AFF963628833B17F51CE90285BBED79
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A846DAF-D3C0-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	347838AB8CA480746ED1037415401A0A	4743E6A049725A00430A8C14A1BAD9DCF60BF976	0F46B7E8C34AC5FEA2A9C3206023673E220BED789B8E2356681162CD279ED867
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\XjWJv9LQfx407iOuFqfg52ImSSTEQJORsxDRpBL3wWM[1].js	ASCII text, with very long lines, with no line terminators	1D2D321139D5C039E4B25BFE1B265D86	6CBAE7EE462629679C4A477462A52A0C94231735	5E3589BFD2D07F1E34EE23AE16A7E0E762264924C4409391B310D1A412F7C163
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ads[1].htm	HTML document, UTF-8 Unicode text, with very long lines	E89234F3C1BD383D808AC6FBA52BDBB1	238324DA7F2E2279B3717BD256CA45FC70109147	53F529B5C165F6747A74870F2951C0A7528822FEA9E8498EC0D88F7F3FBF9420
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css	ASCII text	C8EF962B45D389627349DCA20FF07173	F5C9F3102E8258DB46005D9518E37F41339A1D0B	7CF8B1AFE7BD63D68B7693798541404FC4DD9E962005D24A32F3B33E1EC72288
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pxiByp8kv8JHgFVrLDz8Z1xlEw[1].woff	Web Open Font Format, TrueType, length 10504, version 1.1	081C758544B2BD948EB5D9CC419A597E	E81D58D009D6B57A3ABC3A8FE9C26845C1F9D54B	8E14553C0CA1D74DCD39B12E0DE5815C599710BEB7E2EAE43BA4FE6B6628D66D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\caf[1].js	ASCII text, with very long lines	DCE0DBEF8CD7BB1EA335E303966DD282	96DEAB9410C0BAAECA8300F2400D453B681ACFE5	1C93CF7C729BCCE819DF72E770B8C87980C02EB6B7A28AE298B2A131E7792203
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css	ASCII text	29E08504335319B088079B0C9D9F60D4	7F7419D267FB821F50E27FDF14346758770F8F77	76E06BF782F5DC3057859F0DCC0C09744294DE99BE3E09743BFB72117482D4CA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\js3caf[1].js	ASCII text, with very long lines	CCE7F943EC8E7B4BA13BE4ABA6B463D9	220F3E8CA723DAA91FD040CF518991A65F2BF110	BA5B7354353B0EEC1637564DAE072FEE662A5B9862F6BF7ED5E60A5A76F2EF44
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\search[1].svg	SVG Scalable Vector Graphics image	10216A4FE40133F3238AB3422FD7E706	958B620EE5D32C871395749B2145514368EB8920	1FD2E4AD62FA13E30DCE09194A2D054B4537BBD2ED6F25E7202B3B7BA537155F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\style[1].css	ASCII text	96F84D0985AF87B4D4F6AE8816F9C5C5	9CF62A3E426361587207124EB6CAF0AEEB3CB030	93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\style[2].css	ASCII text	29952CF23B2A110A8085FBE5C29C14C0	CC0A7F1AD0A5B132821DBED19D593C98361C0CD0	2E3C8229D7851FA3345FA481BA64B70590D92E466CBC4BCC3E9905AC27C80B2F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chevron[1].svg	SVG Scalable Vector Graphics image	11B3089D616633CA6B73B57AA877EEB4	07632F63E06B30D9B63C97177D3A8122629BDA9B	809FB4619D2A2F1A85DBDA8CC69A7F1659215212D708A098D62150EEE57070C1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\css[1].css	ASCII text	46FFF5C1AE13CAC68764A9BBF1B78C6B	3257E52A6E325355B6F5969304572009884126FD	2CA8E111AAE98F36D0F4671DBB9C6898627637AABA90A7626BDA425C28A4C35A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\webfont[1].js	ASCII text, with very long lines	7C96A5F11D9741541D5E3C42FF6380D7	D3FA2564C021CF730E58FFDDB138CF6B57ED126E	81016AC6BE850B72DF5D4FAA0C3CEC8E2C1B0BA0045712144A6766ADFAD40BEE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\-nF8OGQ1-uoVr2wK-iLT8A[1].woff	Web Open Font Format, TrueType, length 12396, version 1.1	54E2D4A178793E6F674A0E356E7BF277	6E09B9B2BA35EB38985F80719D7847BDCE7710BD	95D4C520ED7CCE462884A77119FF377A5700FADD36C0D1632FA7C2E9E0D31B26
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\C4004G0V.htm	HTML document, ASCII text, with very long lines	20D91D3EC7EE3715F50DE972CF26FC9A	65E96FA53D54C01FE587F9B1940DE1307F2E17DD	C826B99B4354A8B527A61982FF798EF0D6B81D9578FF9F8D941DDAFCE6914952
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\arrows[1].png	PNG image data, 1500 x 600, 8-bit colormap, non-interlaced	72A92898F1DD7EA307CE6F2890D165F4	CF167FF00875385B08356A9E3B82C8930F019107	8FCEB564C059D6FFAD5C8F3A5E5617A57D501C1E10DE1874357505831E2FDB4C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\caf[1].js	ASCII text, with very long lines	FA50ECE2AE647B0E59B3ECD6A9DD714F	76EFD35869E183E4E03F0716C9BA983C1CDA404E	CA83A4A1C9B9CA48743A7CFA2D9C07FD21B7C79F5EEF27BD5CC1E1DA2CA676AB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\pxiEyp8kv8JHgFVrJJfedA[1].woff	Web Open Font Format, TrueType, length 10536, version 1.1	4FC29212BD42883C45EDD0BFBD91AD72	6FF25B6FAE5D1C35B9255A483283AA7F698A10E8	12BCAA5F5203A347C58533BE7E0051BB7EA4432D27A472CC36E32C398A585B00
C:\Users\user\AppData\Local\Temp\~DF0EAA380694CF522F.TMP	data	7E338190BE8013CD7A16F5F15AFF98A7	D9B79F386B783C4CFE0413E9FF9B5FC4AE140FD4	D12DCBDB7CB675103230D0C2EFDE8D1D9634E9A2324D3E3BD1D70600C5E08137
C:\Users\user\AppData\Local\Temp\~DF69E7BBDB605ADC19.TMP	data	EACD1DC197B9E63735BD101D8C05001B	C2A64A41A8E81814DE78E9BC6B98D0A890C110AD	FD52F1C72386F843D0C1A249190D45F33FAF1091766CDC2C4EC8AEBFC331020F
C:\Users\user\AppData\Local\Temp\~DF72E20344339451D6.TMP	data	927E04837A14EF65ECB6CA0B1F0B51CE	B67F57782663DE67F5E6C93FAC4DC5F68C519BA6	05A5C2AE13AB2AD9E9A2677A0D743D612DA6E125388208C5258AB79BA08550D5

Windows Analysis Report http://3c4e7b.zgmwgzfzdwxnrfq.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs