Windows Analysis Report https://content.allsearchsite.com/pn/ad/1?request={"domain"%3A"content.allsearchsite.com"%2C"url"%3A"https%3A%2F%2Ffcm.googleapis.com%2Ffcm%2Fsend%2Fcvwm4b7Ly10%3AAPA91bHg2-9Tfq2sRDnIPnGF2AYDLMHk7Bz7WkBHkBhJUw4jx-2Ufxc-qczLIfRV6eah3J0xFMhp41f9A38imL_o-mbxPW_iSLCIN0jCQ058cutgDD5s-fs_T_2x_67HSk_pQpSntln4"%2C"auth"%3A"JUvQ7HFAKn8wsxK54EcsFQ"%2C"p256dh"%3A"BBlMR4FxFZEjMKyeWQuFRSeKy443_BbFE9agyrb0TxmwiRqgqxGydBALOc25CL3YNpvoapAuGtH9zks1xEUZZGw"%2C"collection_id"%3A6219%2C"

Overview

General Information

Sample URL: https://content.allsearchsite.com/pn/ad/1?request={"domain"%3A"content.allsearchsite.com"%2C"url"%3A"https%3A%2F%2Ffcm.googleapis.com%2Ffcm%2Fsend%2Fcvwm4b7Ly10%3AAPA91bHg2-9Tfq2sRDnIPnGF2AYDLMHk7Bz7WkBHkBhJUw4jx-2Ufxc-qczLIfRV6eah3J0xFMhp41f9A38imL_o-mbxPW_iSLCIN0jCQ058cutgDD5s-fs_T_2x_67HSk_pQpSntln4"%2C"auth"%3A"JUvQ7HFAKn8wsxK54EcsFQ"%2C"p256dh"%3A"BBlMR4FxFZEjMKyeWQuFRSeKy443_BbFE9agyrb0TxmwiRqgqxGydBALOc25CL3YNpvoapAuGtH9zks1xEUZZGw"%2C"collection_id"%3A6219%2C"
Analysis ID: 442201
Infos:

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

There are no high impact signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 13.224.193.16:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.193.16:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: content.allsearchsite.com
Source: OpenWith.exe, 00000007.00000003.693149131.00000223147BD000.00000004.00000001.sdmp String found in binary or memory: https://content.allsearchsite.com/pn/ad/1?request=%7B%22domain%22%3A%22content.allsearchsite.com%22%
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown HTTPS traffic detected: 13.224.193.16:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.193.16:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: classification engine Classification label: clean0.win@4/9@1/1
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{09114393-D96C-11EB-90EB-ECF4BBEA1588}.dat Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF35B25C35ECC438B1.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6380 CREDAT:17410 /prefetch:2
Source: unknown Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6380 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Windows\System32\OpenWith.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs