URL: | https://aka.ms/ghei36 |
Full analysis: | https://app.any.run/tasks/9e024e0f-e5bf-44db-be10-dcff1ee1f463 |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 10:05:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 974AAAD878FA48270600B9E62219DFB0 |
SHA1: | 046EC6E02A2637DBB195FA8791677862CCF59964 |
SHA256: | 0AA364B6ACD0058D238823A417376B9F4683B84C7E31395F7C2E94AD62C3A830 |
SSDEEP: | 3:N8O8WKC/Un:2O8Nrn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1740 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3632 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1740 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1740 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
1740 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G9SN5V3G\mobile[1].txt | — | |
MD5:— | SHA256:— | |||
3632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:CF4A6ECDA4CE9D2C06671EB55D1E9790 | SHA256:B8CD76DA576BDB0E4D57B60356ACC4716553854EDAFF602E053D9235C71E338A | |||
3632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:B3AEB30BBA6C0E33A7D95F19533D4E80 | SHA256:4A4CDA7CABE761BCB572A3BA7A37EF5EF1B3F0566D6588AFF75D1217A90CEF67 | |||
3632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G9SN5V3G\mobile[1].htm | html | |
MD5:CED155A04EFC0AE777CD0167AF346314 | SHA256:4143B59F008B1DD3DB3C61B22ACD1C2CBC4AC78A2577D4400D6B51BE98AB71DD | |||
3632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9VHTRR1T\mshpicons-regular-webfont[1].eot | eot | |
MD5:FD28E58DED2F9730DF34EC11DC56659B | SHA256:139B21E1C5B6E4358D4D986755A9150EAC63075E375E02FB154DA4603C4D257F | |||
3632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ASBG7VTF\l2-sms-page[1].css | text | |
MD5:CCA5E894FE7B8D05FA0B3546D933CBC0 | SHA256:2F0ECC0A814CB89BE1DABAD4E5533D16730E5C0B2EA342D4FBB5D234BF631C72 | |||
3632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT | smt | |
MD5:B54402589B87CE309884D89C438F8819 | SHA256:ED1D5E3CE43F36D80722810F997C195B89ECCAE9D0DEFB5EEF3636A6DC92BB3D | |||
3632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G9SN5V3G\l2-sms-page[1].js | text | |
MD5:33199D135F348647196D911945DA3885 | SHA256:7E485923BEB3C4DEF1AD0FE0A9FAE4FF249F74DBBF96CB513E31CADD0EB7965F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1740 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1740 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3632 | iexplore.exe | 152.199.19.161:443 | ol.azureedge.net | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3632 | iexplore.exe | 13.107.246.10:443 | assets.outlook.com | Microsoft Corporation | US | whitelisted |
3632 | iexplore.exe | 23.66.21.99:443 | aka.ms | Akamai Technologies, Inc. | NL | whitelisted |
3632 | iexplore.exe | 23.102.191.170:443 | w2.outlook.com | Microsoft Corporation | US | whitelisted |
1740 | iexplore.exe | 23.102.191.170:443 | w2.outlook.com | Microsoft Corporation | US | whitelisted |
3632 | iexplore.exe | 185.151.204.6:443 | app.adjust.com | datapath.io GmbH | DE | unknown |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
aka.ms |
| whitelisted |
app.adjust.com |
| whitelisted |
w2.outlook.com |
| whitelisted |
assets.outlook.com |
| whitelisted |
ol.azureedge.net |
| whitelisted |