URL: | http://flow.lavasoft.com |
Full analysis: | https://app.any.run/tasks/813f614b-9f59-4bc5-abce-d36b08e145c8 |
Verdict: | Malicious activity |
Analysis date: | June 12, 2019, 07:44:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 9A63D8065F2EAFC2478961284E70E77E |
SHA1: | 5000E85337A52E5F6CFF16A06A1F2C691D52593B |
SHA256: | 059C5A9E940B3753D4E7E4929E1F760B0125935B98024FAB6BB3EEE4BD9076AF |
SSDEEP: | 3:N1KYCOK:CYw |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3516 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3792 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3516 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
736 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 | ||||
680 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3516 CREDAT:6403 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3516 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@lavasoft[1].txt | text | |
MD5:2C695AD8B8DEB6C3144CB35FFEF8841E | SHA256:543C39FE0CE3DEF6B6A6CC8C28B61D225C09F525EA0D0DD292871145924E2999 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:5BF6452898CF19B515DE11F806965816 | SHA256:2B53797D887EB39A43452D97062A611A1DAE95C3B9650603C53B7F768B3C3409 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:45A70F3A67A9F05516DA9C0316D40F50 | SHA256:B6657DA186288BA95DE2DBA4E26B8A41AD346FFD6E6BEB24D28F20F0337341A2 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE7M9BQV\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TKA3O9ZX\errorPageStrings[1] | text | |
MD5:1A0563F7FB85A678771450B131ED66FD | SHA256:EB5678DE9D8F29CA6893D4E6CA79BD5AB4F312813820FE4997B009A2B1A1654C | |||
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3792 | iexplore.exe | GET | 404 | 104.18.87.101:80 | http://flow.lavasoft.com/ | US | — | — | whitelisted |
680 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/search?q=urlhaus&src=IE-SearchBox&FORM=IE8SRC | US | html | 35.5 Kb | whitelisted |
680 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/sa/simg/SharedSpriteDesktopRewards_022118.png | US | image | 5.73 Kb | whitelisted |
680 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/fd/ls/l?IG=CB8517ECB20D45DFA7C972FD49086D86&CID=131812D2F77B6228274C1FABF623635B&Type=Event.CPT&DATA={"pp":{"S":"L","FC":31,"BC":265,"SE":-1,"TC":-1,"H":312,"BP":344,"CT":359,"IL":3},"ad":[-1,-1,1260,560,1260,498,0]}&P=SERP&DA=DUB02 | US | image | 5.73 Kb | whitelisted |
680 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/rb/16/cj,nj/1b7dfb88/cc8437ad.js?bu=DikuYnJ6fm5marYBugEuqgEu | US | text | 7.54 Kb | whitelisted |
3792 | iexplore.exe | GET | 302 | 172.217.23.131:80 | http://www.google.it/ | US | html | 230 b | whitelisted |
680 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/rs/6J/vz/cj,nj/d695a46a/a9b12688.js | US | text | 353 b | whitelisted |
680 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/rb/5n/cj,nj/c44ec255/9a358300.js?bu=Eqsfzh_vHvQe4QSCH4Qf2h-GH40flx_GH8QftB-gHqwdrx2jHg | US | text | 4.95 Kb | whitelisted |
680 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/rs/4Z/36/cj,nj/8e81c8c7/37f3511b.js | US | text | 529 b | whitelisted |
680 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/rs/32/23/cj,nj/4c7364c5/40e1b425.js | US | text | 816 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3792 | iexplore.exe | 64.18.87.82:443 | www.adaware.com | COGECODATA | CA | unknown |
3792 | iexplore.exe | 64.18.87.102:80 | lavasoft.com | COGECODATA | CA | unknown |
3792 | iexplore.exe | 104.18.87.101:443 | flow.lavasoft.com | Cloudflare Inc | US | shared |
3792 | iexplore.exe | 104.18.87.101:80 | flow.lavasoft.com | Cloudflare Inc | US | shared |
3792 | iexplore.exe | 172.217.18.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3516 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3792 | iexplore.exe | 172.217.23.174:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
3792 | iexplore.exe | 64.18.92.73:443 | store.adaware.com | COGECODATA | CA | unknown |
3792 | iexplore.exe | 172.217.22.3:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
3792 | iexplore.exe | 104.19.198.151:443 | cdnjs.cloudflare.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
flow.lavasoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
lavasoft.com |
| whitelisted |
www.adaware.com |
| malicious |
fonts.googleapis.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
static.zdassets.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
store.adaware.com |
| unknown |
fonts.gstatic.com |
| whitelisted |