URL: | http://a3jenhkmqwnl.com/2gpju6qd2f?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=14350233 |
Full analysis: | https://app.any.run/tasks/8d6a3317-7fcb-4191-b0d3-86524086b703 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 10:48:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 2851819D38485D914354BEC853D73F15 |
SHA1: | 4E77C47F35C55FA862766857B19414F9AB12AABD |
SHA256: | 014CB06F0FE58C906271D68E7C05E73E7EA7B85059E59B792031F7EB5595F362 |
SSDEEP: | 3:N1KfpNUKmFOc4DmKT2SHSXWxpKQoAKG5OW:CBNTmh41Tvc0Zdd55 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1524 | "C:\Program Files\Internet Explorer\iexplore.exe" http://a3jenhkmqwnl.com/2gpju6qd2f?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=14350233 | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1832 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1524 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2756 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1524 CREDAT:4003092 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1524 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1S965QKO.txt | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\YXVGUWSS.txt | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\qsml[1].htm | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\2gpju6qd2f[1].htm | text | |
MD5:99EE039BEEBB7495DA93A31B387BB261 | SHA256:AB030A8588EF9530D38A74D9E14B36CCDD792323AF6352D4D5DA9D19B9B95341 | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\8QU1CQCK.txt | text | |
MD5:493995DB90679FA539E7E59377AAE150 | SHA256:9871F996FC00C3F20A4E66195223E10DB5A39FE6898AE4BDE7DC53C1A384245D | |||
1524 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:97C1B5813AA3ADBCCDCC55F5E319FC61 | SHA256:5AD4FA0C269EB4AFE5E642C8C94E66CC7BD994571E5B63714DB5BACA2536EDAD | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\I1SGHVL0.txt | text | |
MD5:9CF94E0D98CE1BA3A9BF5A6124DABDF7 | SHA256:12A2DDB2CCA9C44870F459380347AEAA21F940A0DEBDC54B02A7F4F826EAD1C5 | |||
2756 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT | smt | |
MD5:9C79052CD4702AB47E3269B42E873AC7 | SHA256:27174FF21A72F50A2731A7454133B29C2397AA53ABD8848C6FED36A36F0E25EE | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\qsml[2].xml | xml | |
MD5:5C31FDE2248F950ACDE3309904BBC083 | SHA256:F02E75BB2B36A619B48398EBCF4546CADB454D58CB0215EF363934BD3413E550 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1832 | iexplore.exe | GET | — | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fterraclicks.com%2Fanonymous&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | — | — | whitelisted |
2756 | iexplore.exe | GET | 403 | 198.134.112.243:80 | http://terraclicks.com/anonymous/ | US | — | — | whitelisted |
1832 | iexplore.exe | GET | — | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fterraclicks.com%2Fanonymo&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | — | — | whitelisted |
2756 | iexplore.exe | GET | 200 | 216.58.207.35:80 | http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEC4G%2Bv2mHN8jAgAAAABcZ3g%3D | US | der | 471 b | whitelisted |
1832 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fterraclicks.com%2Fano&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 193 b | whitelisted |
1832 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fterraclicks.com%2Fanonym&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 193 b | whitelisted |
1832 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fterraclicks.com%2Fanony&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 193 b | whitelisted |
1832 | iexplore.exe | GET | 200 | 213.174.153.231:80 | http://a3jenhkmqwnl.com/2gpju6qd2f?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=14350233 | US | text | 103 b | malicious |
1832 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fterraclicks.com%2Fanonymou&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 193 b | whitelisted |
1832 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fterraclicks.com%2Fan&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 193 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 172.217.21.238:443 | google.com | Google Inc. | US | whitelisted |
1832 | iexplore.exe | 213.174.153.231:80 | a3jenhkmqwnl.com | DataWeb Global Group B.V. | US | unknown |
— | — | 13.107.5.80:80 | api.bing.com | Microsoft Corporation | US | whitelisted |
2756 | iexplore.exe | 198.134.112.243:80 | terraclicks.com | Webair Internet Development Company Inc. | US | suspicious |
1832 | iexplore.exe | 13.107.5.80:80 | api.bing.com | Microsoft Corporation | US | whitelisted |
1524 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1524 | iexplore.exe | 213.174.153.231:80 | a3jenhkmqwnl.com | DataWeb Global Group B.V. | US | unknown |
2756 | iexplore.exe | 216.58.207.46:443 | consent.google.com | Google Inc. | US | whitelisted |
1524 | iexplore.exe | 172.217.16.164:443 | www.google.com | Google Inc. | US | whitelisted |
2756 | iexplore.exe | 172.217.21.238:443 | google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
a3jenhkmqwnl.com |
| malicious |
terraclicks.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
google.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
www.google.com |
| whitelisted |
consent.google.com |
| shared |
ssl.gstatic.com |
| whitelisted |
www.gstatic.com |
| whitelisted |