URL: | http://www.mediafire.com/download/fy8ixq9on1p84cm/rFactorSetup1255Lite.exe |
Full analysis: | https://app.any.run/tasks/ed8e7b69-3581-44f1-820c-8c45d967c835 |
Verdict: | Malicious activity |
Analysis date: | February 11, 2019, 11:10:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 6BA8EE3C8F6D4E4AF58D0525AF643FCB |
SHA1: | A63D45B5DAD1F8A207979190D7F3AE4698806C7D |
SHA256: | 17DABA75B25810814C7C7CEFFF6E4C3DCAC5213630D112E3DDE20D4E624993F0 |
SSDEEP: | 3:N1KJS4w3eGWKLA7LMKRZNbdA:Cc4w3eGN8PMKnNbdA |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2836 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3236 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2836 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2192 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2836 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2836 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3236 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediafire[2].txt | — | |
MD5:— | SHA256:— | |||
3236 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\rFactorSetup1255Lite[1].exe | — | |
MD5:— | SHA256:— | |||
3236 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\icons_sprite[1].svg | — | |
MD5:— | SHA256:— | |||
3236 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ads[1].php | — | |
MD5:— | SHA256:— | |||
3236 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\rFactorSetup1255Lite[1].htm | html | |
MD5:EC7D738205939C8E923F794A43B5144C | SHA256:7E5CF08B8643EC56C6CC272D6CA8F6DDBBE95F24FD2FA59179CD467FE0D44C7F | |||
3236 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\gpt[1].js | text | |
MD5:023E5E5C1F41C7B036F0E5B6F2DBA183 | SHA256:C129FB84C8039F7F54140FF5991035101C4E08BAF85E1A69D8E9E8F2A094A4FA | |||
3236 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\f[1].txt | text | |
MD5:03F0BDEEA68E1879C808C74846134692 | SHA256:02E0720F5DF172280BCE8E0E7142C6D915B180BC10176F826E9FD8ED1DBA5F05 | |||
3236 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\aab_train[1].svg | image | |
MD5:7B13AC7C08DAE9FEFC12D27E5B74BEEF | SHA256:F0642B4DDFDCB03660F93A42DA9EE7119ECB2EF50EC3C49359FB254B81346955 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3236 | iexplore.exe | GET | — | 104.19.194.29:80 | http://www.mediafire.com/images/icons/svg_light/icons_sprite.svg | US | — | — | shared |
3236 | iexplore.exe | GET | 301 | 104.19.194.29:80 | http://www.mediafire.com/download/fy8ixq9on1p84cm/rFactorSetup1255Lite.exe | US | — | — | shared |
3236 | iexplore.exe | GET | 200 | 104.19.195.29:80 | http://static.mediafire.com/js/ads.js | US | text | 143 b | shared |
3236 | iexplore.exe | GET | 200 | 104.19.194.29:80 | http://www.mediafire.com/templates/linkto/ads.php?o=0&d=1&t=0 | US | html | 3.24 Kb | shared |
3236 | iexplore.exe | GET | 200 | 172.217.18.98:80 | http://www.googletagservices.com/tag/js/gpt.js | US | text | 9.82 Kb | whitelisted |
3236 | iexplore.exe | GET | 200 | 104.19.195.29:80 | http://static.mediafire.com/images/backgrounds/download/dl_promo_logo.png | US | image | 2.19 Kb | shared |
3236 | iexplore.exe | GET | 200 | 104.19.194.29:80 | http://www.mediafire.com/file/fy8ixq9on1p84cm/rFactorSetup1255Lite.exe | US | html | 57.6 Kb | shared |
3236 | iexplore.exe | GET | 200 | 104.19.195.29:80 | http://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png | US | image | 583 b | shared |
3236 | iexplore.exe | GET | 200 | 216.58.210.10:80 | http://translate.googleapis.com/translate_static/js/element/main.js | US | text | 1.49 Kb | whitelisted |
3236 | iexplore.exe | GET | 200 | 104.18.92.64:80 | http://cdn.engine.addroplet.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 | US | text | 71.1 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3236 | iexplore.exe | 104.19.194.29:80 | www.mediafire.com | Cloudflare Inc | US | shared |
3236 | iexplore.exe | 108.177.15.156:443 | stats.g.doubleclick.net | Google Inc. | US | whitelisted |
3236 | iexplore.exe | 104.19.195.29:80 | www.mediafire.com | Cloudflare Inc | US | shared |
3236 | iexplore.exe | 216.58.207.46:80 | www.google-analytics.com | Google Inc. | US | whitelisted |
3236 | iexplore.exe | 216.58.207.46:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
3236 | iexplore.exe | 216.58.210.10:80 | translate.googleapis.com | Google Inc. | US | whitelisted |
3236 | iexplore.exe | 216.58.207.72:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
3236 | iexplore.exe | 172.217.22.46:80 | translate.google.com | Google Inc. | US | whitelisted |
2836 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3236 | iexplore.exe | 172.217.18.98:80 | www.googletagservices.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.mediafire.com |
| shared |
static.mediafire.com |
| shared |
www.google-analytics.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
www.googletagservices.com |
| whitelisted |
translate.google.com |
| whitelisted |
cdn.engine.addroplet.com |
| whitelisted |
translate.googleapis.com |
| whitelisted |
stats.g.doubleclick.net |
| whitelisted |