URL: | https://bfhj.cryptoo.live/questions/34827334/triggering-angular2-change-detection-manually |
Full analysis: | https://app.any.run/tasks/b0023508-0dc1-410e-a915-9fe331ec17b3 |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 15:57:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | C706CD6138526271556225B96E8F7EEF |
SHA1: | 42F6CC6CAC51A0DA4042C49CCD8BA786D4A367EE |
SHA256: | 149DB8948250A18BB727CCBBE687F99DEF9176FACA44A9863F9B829951922BB2 |
SSDEEP: | 3:N8/skfCMKJAWRafRSyJEwY0t2kE8:2/sdOWESPj0t2u |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3440 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3576 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3440 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3184 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | explorer.exe | |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 67.0.4 | ||||
888 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.0.1658843760\1041567156" -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 1156 gpu | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 67.0.4 | ||||
3372 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.3.1889379855\1454786420" -childID 1 -isForBrowser -prefsHandle 1616 -prefMapHandle 1648 -prefsLen 1 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 1612 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 67.0.4 | ||||
2680 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.13.224628953\628604174" -childID 2 -isForBrowser -prefsHandle 2716 -prefMapHandle 2720 -prefsLen 5842 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 2724 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 67.0.4 | ||||
2280 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.20.377107548\266602593" -childID 3 -isForBrowser -prefsHandle 3208 -prefMapHandle 3408 -prefsLen 6720 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 3520 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 67.0.4 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3440 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3440 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3440 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].htm | — | |
MD5:— | SHA256:— | |||
3440 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3440 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF3D864D23881A2FC1.TMP | — | |
MD5:— | SHA256:— | |||
3440 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFB77E34ACADF410CD.TMP | — | |
MD5:— | SHA256:— | |||
3440 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@cryptoo[1].txt | text | |
MD5:FAF8547B32A853C496F1BC77882F3A29 | SHA256:C7B4828C03E0813FBBF1FAD007855372A2BF71A45B08A349D496D332E6862AFF | |||
3576 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:89836F408519179EFDDBA96C3602B67C | SHA256:A6567E37F76221F30FADE00BFF01F50F8A3DD96463E15BB2CA8007D16F0915DB | |||
3576 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:B27841FDAD3DF17FCB24A0CB7E004BBE | SHA256:54D447146125289071298CD82F874F45AC3037ACA2BD3718D1B222F293641E61 | |||
3440 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF8AC2752573848424.TMP | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3184 | firefox.exe | POST | 200 | 172.217.21.227:80 | http://ocsp.pki.goog/GTSGIAG3 | US | der | 471 b | whitelisted |
3184 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3184 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 278 b | whitelisted |
3184 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 278 b | whitelisted |
3184 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3184 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3440 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3184 | firefox.exe | GET | 200 | 2.16.186.112:80 | http://detectportal.firefox.com/success.txt | unknown | text | 8 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3576 | iexplore.exe | 104.24.116.210:443 | bfhj.cryptoo.live | Cloudflare Inc | US | shared |
3184 | firefox.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3440 | iexplore.exe | 104.24.116.210:443 | bfhj.cryptoo.live | Cloudflare Inc | US | shared |
— | — | 54.192.202.230:443 | snippets.cdn.mozilla.net | Amazon.com, Inc. | US | unknown |
— | — | 172.217.21.227:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
— | — | 104.24.117.210:443 | bfhj.cryptoo.live | Cloudflare Inc | US | shared |
3440 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3576 | iexplore.exe | 151.101.1.69:443 | cdn.sstatic.net | Fastly | US | suspicious |
3184 | firefox.exe | 2.16.186.112:80 | detectportal.firefox.com | Akamai International B.V. | — | whitelisted |
3184 | firefox.exe | 54.192.202.230:443 | snippets.cdn.mozilla.net | Amazon.com, Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
bfhj.cryptoo.live |
| unknown |
cdn.sstatic.net |
| whitelisted |
detectportal.firefox.com |
| whitelisted |
a1089.dscd.akamai.net |
| whitelisted |
location.services.mozilla.com |
| whitelisted |
locprod1-elb-eu-west-1.prod.mozaws.net |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
cs9.wac.phicdn.net |
| whitelisted |
push.services.mozilla.com |
| whitelisted |