URL: | http://track.kikenzo.com/0acac12b-2798-4d9d-8925-3bf1a8c730e5?&source=zinq&batch=111 |
Full analysis: | https://app.any.run/tasks/9a08fbfa-5086-4bfe-b4d8-30034a3fbeed |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 10:48:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 342415704A8A6816CCA46EF9B4D5F0CB |
SHA1: | 9033D026263C8AC2FA4D960EFB1D294A8D30EF8E |
SHA256: | 15F4FFF3D1B96A72079454E142032EBADAC9FFAD9D9BD9B5043B7D89825FD68C |
SSDEEP: | 3:N1KKXEGoQzcNJwgnIWjUdODNQXXobDUU:CKXvMLw+PUdODCXy |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
504 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1448 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:504 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2356 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:504 CREDAT:6403 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
504 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
504 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1448 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt | — | |
MD5:— | SHA256:— | |||
1448 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabAFE2.tmp | — | |
MD5:— | SHA256:— | |||
1448 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarAFE3.tmp | — | |
MD5:— | SHA256:— | |||
1448 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabB003.tmp | — | |
MD5:— | SHA256:— | |||
1448 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarB004.tmp | — | |
MD5:— | SHA256:— | |||
1448 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabB0D0.tmp | — | |
MD5:— | SHA256:— | |||
1448 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarB0D1.tmp | — | |
MD5:— | SHA256:— | |||
1448 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1448 | iexplore.exe | GET | 200 | 18.195.174.160:80 | http://track.kikenzo.com/0acac12b-2798-4d9d-8925-3bf1a8c730e5?&source=zinq&batch=111 | DE | html | 437 b | shared |
1448 | iexplore.exe | GET | 200 | 18.195.174.160:80 | http://track.kikenzo.com/redirect?target=BASE64aHR0cHM6Ly90bC5uYXNkb2lzLmNvbS90L2Nsaz9pZD16NzZDbVpnc055OGZ4bWpBc1kmczI9d29vZzNvMDkyNXU2NTIycWg1cTRqZjUw&ts=1571050138570&hash=UetOwAebZFKQYxuplYGQa0l1u7vvE2L4huId46QYJEg&rm=D | DE | html | 290 b | shared |
504 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
1448 | iexplore.exe | GET | 200 | 13.35.254.82:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
1448 | iexplore.exe | GET | 200 | 67.27.159.126:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 57.0 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
504 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
504 | iexplore.exe | 18.195.174.160:80 | track.kikenzo.com | Amazon.com, Inc. | DE | malicious |
1448 | iexplore.exe | 99.198.108.198:443 | go.domainxchange.xyz | SingleHop, Inc. | US | suspicious |
1448 | iexplore.exe | 52.20.83.4:443 | tl.nasdois.com | Amazon.com, Inc. | US | unknown |
1448 | iexplore.exe | 13.35.254.82:80 | x.ss2.us | — | US | suspicious |
1448 | iexplore.exe | 67.27.159.126:80 | www.download.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
1448 | iexplore.exe | 18.195.174.160:80 | track.kikenzo.com | Amazon.com, Inc. | DE | malicious |
504 | iexplore.exe | 99.198.108.198:443 | go.domainxchange.xyz | SingleHop, Inc. | US | suspicious |
1448 | iexplore.exe | 104.25.212.28:443 | onwardinated.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
track.kikenzo.com |
| shared |
tl.nasdois.com |
| unknown |
x.ss2.us |
| whitelisted |
www.download.windowsupdate.com |
| whitelisted |
go.domainxchange.xyz |
| suspicious |
onwardinated.com |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
1448 | iexplore.exe | Potentially Bad Traffic | ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.xyz) |