URL: | https://jarv.is/y2k/downloads/bejewled.exe |
Full analysis: | https://app.any.run/tasks/88bddd03-9c76-47c5-a5f9-3072009442e5 |
Verdict: | Malicious activity |
Analysis date: | May 24, 2019, 15:43:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 744203822118E4FB81C90DC0A95FA39F |
SHA1: | 617A776A1EC30ECD7E8244438BBAA4AB4AD3027E |
SHA256: | 0C53AA79AEF5078D5299F318B93B3B70CF572DCE0C7538D75757974DE4973400 |
SSDEEP: | 3:N8k3eS94KKAL:28eSV3 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3336 | "C:\Program Files\Internet Explorer\iexplore.exe" https://jarv.is/y2k/downloads/bejewled.exe | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
4000 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3336 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2980 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\bejewled[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\bejewled[1].exe | — | iexplore.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
3864 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\bejewled[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\bejewled[1].exe | iexplore.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3284 | C:\Users\admin\AppData\Local\Temp\GLB3254.tmp 4736 C:\Users\admin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\I0488CJO\BEJEWL~1.EXE | C:\Users\admin\AppData\Local\Temp\GLB3254.tmp | bejewled[1].exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
252 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | ctfmon.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
848 | C:\Windows\system32\svchost.exe -k netsvcs | C:\Windows\System32\svchost.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Host Process for Windows Services Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3656 | "C:\Windows\explorer.exe" C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shockwave.com\Bejeweled 2 Deluxe | C:\Windows\explorer.exe | — | GLB3254.tmp |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2816 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3880 | "C:\Program Files\Shockwave.com\Bejeweled 2 Deluxe\Bejeweled2Deluxe.exe" | C:\Program Files\Shockwave.com\Bejeweled 2 Deluxe\Bejeweled2Deluxe.exe | — | explorer.exe |
User: admin Company: shockwave.com Integrity Level: MEDIUM Description: shockwave.com Keyhole DRM Application Version: 1, 0, 0, 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3336 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3336 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3336 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF7789350BE20A851A.TMP | — | |
MD5:— | SHA256:— | |||
4000 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:BE087DDC05A4106F6F64684352BA0D21 | SHA256:0088122973F1FDE63D0844D5CA31F3016F107BDA292F9DF33C4D7CE95DE74BA6 | |||
3336 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B5009CF4-7E3A-11E9-B3B3-5254004A04AF}.dat | binary | |
MD5:95BBCFF7108D779272583AC79557F195 | SHA256:7B25343FA3F988DEAB85622699E6E9BF69A496FB55D9ED548FBD311AC940E0CF | |||
4000 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@jarv[1].txt | text | |
MD5:4FE776E38EAEAEB06DF11F7E6BE1EC96 | SHA256:FA8F62A0F2C3B579586AA9ADA5D55925DBCE18212FF511B5A954A7146B110C23 | |||
3336 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\bejewled[1].exe | executable | |
MD5:30583A08F50B6D7B4ED9ADA0050B05EB | SHA256:DAD28E5E444268E601F8682BEB16D89E7EFF59C62D7FAA047BF09515578F1C37 | |||
4000 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:F2EAFDF9C9320B4C19FE37871E07ADB2 | SHA256:85B968A7160B5D30800AC53BDE9B8E5A0DD737E3015837997568B25C09BC818D | |||
4000 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SIZQF3NT\bejewled[1].exe | executable | |
MD5:30583A08F50B6D7B4ED9ADA0050B05EB | SHA256:DAD28E5E444268E601F8682BEB16D89E7EFF59C62D7FAA047BF09515578F1C37 | |||
848 | svchost.exe | C:\Windows\appcompat\programs\RecentFileCache.bcf | txt | |
MD5:71CA7046B0B8C29B86E377E31888B3D7 | SHA256:1EF7983D907EA8D5C152B0A6352827CA3F4133C26E42A77E66AF092D86073AD0 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3336 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3336 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
4000 | iexplore.exe | 104.31.67.47:443 | jarv.is | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
jarv.is |
| unknown |
www.bing.com |
| whitelisted |
Process | Message |
---|---|
WinBej2.exe | BuildNum: 1948
|
WinBej2.exe | BuildNum: 1948
|
WinBej2.exe | BuildDate: Wed Oct 27 16:01:07 2004
|
WinBej2.exe | Loading completed: 218 out of 218
|
WinBej2.exe | Resource Loading Time: 9
|