File name: | PO-July-82779.xls.htm |
Full analysis: | https://app.any.run/tasks/4c5fa3db-3e73-4814-ab26-a27ad7a6e0b5 |
Verdict: | Malicious activity |
Analysis date: | July 18, 2019, 04:07:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with CRLF line terminators |
MD5: | A1D158FE38220CF7C6612031CB3E737F |
SHA1: | FA216503674DDC24139ABC7B406A7F3D640B9299 |
SHA256: | 04F490CF71E9991C918BD0A3A15E5F9BFFF7DF87AD0EC0FFC87FB5246A80F07D |
SSDEEP: | 12:hnMEwhuX4w4vy4Wh96QclfVI9xuIcADq75b8Kc1Gb:hMhmMvy4Wvsq9VcAD+wKP |
.htm/html | | | HyperText Markup Language with DOCTYPE (80.6) |
---|---|---|
.html | | | HyperText Markup Language (19.3) |
Title: | Untitled Document |
---|---|
Refresh: | 1;url=http://gogianguyen.com/extension/reader/[email protected] |
ContentType: | text/html; charset=iso-8859-1 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3376 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\PO-July-82779.xls.htm | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3468 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3376 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
940 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3376 CREDAT:137473 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF67B1906E25C903E0.TMP | — | |
MD5:— | SHA256:— | |||
940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:E6309CF6AE325752E1D1EADD1D37B15D | SHA256:E85BFEF5DF63A4683CB43AD60D8C1948FF4315051A6A51FDC26998EF9CA938F1 | |||
3468 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019071820190719\index.dat | dat | |
MD5:A4254B33A1FF62D0682B64F0F1993144 | SHA256:D57E9CF3E4BB6D24A88C5551BBD90CA459D6E9374E5AAB26EF7902C3BDA0E52A | |||
940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IVNFW21D\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A3277AC8-A911-11E9-B2FD-5254004A04AF}.dat | binary | |
MD5:74A746790013D398331A306CDCD97E5E | SHA256:C0A50DEACD686EFA468DAE583EFE3D27E48AD496F52300A78C49E793CD216FAA | |||
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3376 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:5A86EA60411D46D3C3A8DF0E24969D9D | SHA256:B5EDC2426FDB4636742659FA398BD8B40B70F090CB9C85B924570072F76E2D69 | |||
940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JSJOBE0U\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IVNFW21D\background_gradient[1] | image | |
MD5:20F0110ED5E4E0D5384A496E4880139B | SHA256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
940 | iexplore.exe | GET | 302 | 42.112.20.111:80 | http://gogianguyen.com/extension/reader/[email protected] | VN | — | — | suspicious |
940 | iexplore.exe | GET | 302 | 42.112.20.111:80 | http://gogianguyen.com/extension/reader/?path= | VN | — | — | suspicious |
940 | iexplore.exe | GET | 302 | 42.112.20.111:80 | http://gogianguyen.com/extension/reader/[email protected] | VN | — | — | suspicious |
940 | iexplore.exe | GET | 302 | 42.112.20.111:80 | http://gogianguyen.com/extension/reader/[email protected] | VN | — | — | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3376 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
940 | iexplore.exe | 185.244.39.10:443 | freshflands.co.za | — | — | unknown |
— | — | 185.244.39.10:443 | freshflands.co.za | — | — | unknown |
940 | iexplore.exe | 42.112.20.111:80 | gogianguyen.com | The Corporation for Financing & Promoting Technology | VN | suspicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
gogianguyen.com |
| suspicious |
freshflands.co.za |
| unknown |