URL: | https://ayo.so/shaky |
Full analysis: | https://app.any.run/tasks/fc22dbe0-4c73-4100-9855-a44642d48b71 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 05:56:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 6060AB22B52A3AACDB02681C9AF2552D |
SHA1: | FE76D4D7C78FEA50A1F6D8ADEAB5C37FF6075CB2 |
SHA256: | 0EEE8D3C22F63107790D222CC038665C81149368883073477C68B8F6E2BF8EBC |
SSDEEP: | 3:N8DRrn:2DRrn |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
892 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://ayo.so/shaky" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2508 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:892 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3180 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:892 CREDAT:2037001 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3696 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:892 CREDAT:988431 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: 932214160 | |||
(PID) Process: | (892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30988415 | |||
(PID) Process: | (892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30988415 | |||
(PID) Process: | (892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\703-d2b8787719b0f138[1].js | text | |
MD5:625B0C8AFDB8BAD4FB4168B52F465C27 | SHA256:79A3778D9777FC9557F2B06FBFE7E49D11DC50658144B7829012901830ED44FA | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\669-987ebeff38e27523[1].js | text | |
MD5:038B47A96F93DB70D529B86A226E1772 | SHA256:3797B77E5E963A967408D67CB34D475487ED23E0934224C49AA788F7D9D5EF08 | |||
2508 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:D15AAA7C9BE910A9898260767E2490E1 | SHA256:F8EBAAF487CBA0C81A17C8CD680BDD2DD8E90D2114ECC54844CFFC0CC647848E | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\891-6fb31fa43b7fd0fd[1].js | text | |
MD5:E5ABEF7AC85543547E06FA29E8DEC16B | SHA256:BEA810E006BA4A314401E0A0FF3CC941BCF6C127F1E029B7DE3097D1EB51CE1C | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\shaky[1].htm | html | |
MD5:CC31A32441E12420052510AA96EED0A0 | SHA256:22D1611ADDA8D56F5B0538E2433E13C62A0B11928629FB610B2F4D005C4635D7 | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabA43F.tmp | compressed | |
MD5:D15AAA7C9BE910A9898260767E2490E1 | SHA256:F8EBAAF487CBA0C81A17C8CD680BDD2DD8E90D2114ECC54844CFFC0CC647848E | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\727-8180e03ca05e6e2c[1].js | text | |
MD5:D643E933F29EB4586E324B9D5568DFA4 | SHA256:949FFD8C913E66FEE9007A428274130CE987A777A1B10CABC13912902BD0FB6A | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarA440.tmp | cat | |
MD5:C75C82DE5128C3E55D72A4FF9C73F5E4 | SHA256:379E2F7218F036D70E2C474BF6A09364C5623C1C5F8D5A1A16F1B9B1EC243B55 | |||
2508 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | binary | |
MD5:2B356D9378FC172F71F608FA73C6E62F | SHA256:B5FA7671205680F046ABC2D902874A4FCF9C29930CFD14A2F29EA00EC822EA5A | |||
2508 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:B2A66B2BA395AD2D5D24B493D3C43C91 | SHA256:2D721785B9B3DEC93801FE8CB982D55467A61B9A8F9428259ECB0A0AC2CE2542 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
892 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
2508 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?324763103124cedb | US | compressed | 60.9 Kb | whitelisted |
2508 | iexplore.exe | GET | 200 | 216.58.212.131:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
2508 | iexplore.exe | GET | 200 | 216.58.212.131:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGOlwNI5ZtyUEgHpNAgRyd0%3D | US | der | 471 b | whitelisted |
2508 | iexplore.exe | GET | 200 | 216.58.212.131:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
2508 | iexplore.exe | GET | 200 | 216.58.212.131:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEBJBetlj4ZeUEqggpI8HVMI%3D | US | der | 471 b | whitelisted |
3180 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 2.18 Kb | whitelisted |
3180 | iexplore.exe | GET | 200 | 104.18.32.68:80 | http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQCrj30uy5zETEMolIv2AoVz | US | der | 472 b | whitelisted |
2508 | iexplore.exe | GET | 200 | 142.250.186.142:80 | http://crls.pki.goog/gts1c3/zdATt0Ex_Fk.crl | US | der | 12.2 Kb | whitelisted |
3180 | iexplore.exe | GET | 200 | 104.18.32.68:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 1.42 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2508 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
2508 | iexplore.exe | 76.76.21.21:443 | ayo.so | AMAZON-02 | US | malicious |
2508 | iexplore.exe | 96.16.145.230:80 | x1.c.lencr.org | AKAMAI-AS | DE | suspicious |
— | — | 99.86.4.123:443 | cdn.ayo.so | AMAZON-02 | US | malicious |
— | — | 142.250.186.36:443 | www.google.com | GOOGLE | US | whitelisted |
2508 | iexplore.exe | 142.250.186.36:443 | www.google.com | GOOGLE | US | whitelisted |
2508 | iexplore.exe | 99.86.4.123:443 | cdn.ayo.so | AMAZON-02 | US | malicious |
892 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
2508 | iexplore.exe | 142.250.184.200:443 | www.googletagmanager.com | GOOGLE | US | suspicious |
2508 | iexplore.exe | 216.239.32.36:443 | region1.google-analytics.com | GOOGLE | US | suspicious |
Domain | IP | Reputation |
---|---|---|
ayo.so |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
cdn.ayo.so |
| suspicious |
www.google.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |