URL: | https://google.com |
Full analysis: | https://app.any.run/tasks/ada98101-e42c-4fef-9f63-5120c35d6d16 |
Verdict: | Malicious activity |
Analysis date: | March 30, 2020, 19:18:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 99999EBCFDB78DF077AD2727FD00969F |
SHA1: | 72FE95C5576EC634E214814A32AB785568EDA76A |
SHA256: | 05046F26C83E8C88B3DDAB2EAB63D0D16224AC1E564535FC75CDCEEE47A0938D |
SSDEEP: | 3:N8r3uK:2LuK |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3044 | "C:\Program Files\Internet Explorer\iexplore.exe" https://google.com | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3012 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3044 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1248 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3044 CREDAT:3544352 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2440 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe | — | iexplore.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
3960 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe | iexplore.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
912 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe" /watchdog | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe | — | MEMZ-Destructive.exe |
User: admin Integrity Level: HIGH | ||||
2628 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe" /watchdog | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe | — | MEMZ-Destructive.exe |
User: admin Integrity Level: HIGH | ||||
2952 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe" /watchdog | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe | — | MEMZ-Destructive.exe |
User: admin Integrity Level: HIGH | ||||
2296 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe" /watchdog | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe | — | MEMZ-Destructive.exe |
User: admin Integrity Level: HIGH | ||||
2932 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe" /watchdog | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MEMZ-Destructive.exe | — | MEMZ-Destructive.exe |
User: admin Integrity Level: HIGH |
PID | Process | Filename | Type | |
---|---|---|---|---|
3044 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\PGXAICWX.txt | — | |
MD5:— | SHA256:— | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3PCSQWH5.txt | — | |
MD5:— | SHA256:— | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\BFNULQTW.txt | — | |
MD5:— | SHA256:— | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7GO6VZI.txt | — | |
MD5:— | SHA256:— | |||
3044 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.dat | binary | |
MD5:2F26266DE5B18C05B562AEDDCC78D0AC | SHA256:939354967BAB9B50AE662741DC4B87D9D8D7F9E81C68BF7DE2C0C6F167039292 | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GLHEW2DI.txt | text | |
MD5:1D3634793C1775577E7A75577E7FD779 | SHA256:3783033035C7D34C9D6E633A49C6A0284A073AC18AD2CB7F39F5DB2DFD724820 | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\jkkMLrYXQVEFzxKwxLIvF320v4s[1].js | text | |
MD5:0FD0568E7B5068E209AC15210AE56FF2 | SHA256:B87A66DF064550755C00F605C7463007675490E64346A26DD60246D00E8A09DE | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\search[1].htm | html | |
MD5:1626794EE09A5BCFDCF104EBBDCF7E6F | SHA256:CF43F7F25D3E8B1CAAF1C2046887F7823B069D7C083A454854D4D44030DA6C68 | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZMCKX417.txt | text | |
MD5:6AF6AE071FD3F11AC980C527C31A64B1 | SHA256:5D932D5207351E98A4110524F6559FA1EBDD60BB6F961314319EABBBB1946076 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3012 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/th?id=OVP.UvZbuPsrMHy2ot4cPrExJQEsDh:OVP.vHzB4B2sHjfLgaSlueoSygHgFo&w=197&h=110&c=7&rs=1&qlt=90&pid=1.7&bw=3&bc=ffffff | US | image | 16.2 Kb | whitelisted |
3012 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/rs/2Z/2c/cj,nj/jkkMLrYXQVEFzxKwxLIvF320v4s.js | US | text | 773 b | whitelisted |
3012 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/rs/5g/Tw/ic/ZricD7XDh2XWjN68qgUU8lqqArQ.png | US | image | 609 b | whitelisted |
3012 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/rs/2Z/2J/cj,nj/An1tNZ4R1OYfUeOwo-Esq_D6kC8.js | US | text | 181 b | whitelisted |
3012 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/rb/5g/cj,nj/D8nShhiaHwwY7S6Dowtg0f0NCMg.js?bu=EpMhqyHMINcgqQXrIO0guyHcIPYg-iClIakhnCH6H5gfmh-JIA | US | text | 5.38 Kb | whitelisted |
3012 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/rs/47/m/cj,nj/uUsVn8GRk0BAxdg7i_rj3QicKuc.js | US | text | 354 b | whitelisted |
3012 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/search?q=memz+download+exe&src=IE-TopResult&FORM=IE11TR&conversationid= | US | html | 67.1 Kb | whitelisted |
3012 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/rs/2Z/2Q/cj,nj/zqF1NsFR7vS1hEarPv8Ova9tpdA.js | US | text | 177 b | whitelisted |
3012 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/rs/6g/16F/cj,nj/JOVKK9CwtlLttGBW-c2T2aVxX_U.js | US | text | 297 b | whitelisted |
3012 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/rb/14/cj,nj/-nK5HAtc03YD_-fIE4Q-t8DnnZY.js?bu=DiovZHR5fHFnarMBtQEvoAEv | US | text | 7.65 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3044 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3012 | iexplore.exe | 172.217.21.238:443 | google.com | Google Inc. | US | whitelisted |
3012 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3012 | iexplore.exe | 13.107.5.80:80 | api.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 13.107.5.80:80 | api.bing.com | Microsoft Corporation | US | whitelisted |
3012 | iexplore.exe | 40.126.1.130:443 | login.microsoftonline.com | Microsoft Corporation | US | malicious |
3012 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3012 | iexplore.exe | 172.217.18.163:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3012 | iexplore.exe | 40.90.137.120:443 | login.live.com | Microsoft Corporation | US | unknown |
3012 | iexplore.exe | 172.217.16.206:443 | www.youtube.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
google.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
login.microsoftonline.com |
| whitelisted |
login.live.com |
| whitelisted |
www2.bing.com |
| whitelisted |
a4.bing.com |
| whitelisted |
www.youtube.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3012 | iexplore.exe | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |