URL: | http://maketop.kr |
Full analysis: | https://app.any.run/tasks/f648beed-ed01-4139-9546-72ecb906d004 |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 02:37:57 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 4EAE013DB0D3A6F9663C306F76415AE3 |
SHA1: | A300EC98585B1C053B868CB7DB722C37EC91E3E1 |
SHA256: | 1AF12EF0927FBA45AB66F4F0F54B37FD7BC6AF42611E3A6014A1277D188BB004 |
SSDEEP: | 3:N1KTen:Cyn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1136 | "C:\Program Files\Internet Explorer\iexplore.exe" http://maketop.kr | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2368 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1136 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2368 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZC84C5Q7.txt | — | |
MD5:— | SHA256:— | |||
2368 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q7JO9XI3.txt | — | |
MD5:— | SHA256:— | |||
2368 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[1].htm | — | |
MD5:— | SHA256:— | |||
2368 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[3].xml | xml | |
MD5:35B49A9340DAC93CD9358E149600E3EA | SHA256:FB93DE764F47FDAB03989507D8C0AB96BA149B08298D3216C393AAAF19D44D8D | |||
2368 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1X8AV4I2.txt | text | |
MD5:173DB9CB8D5EECDE5B389C4A51CCC675 | SHA256:02C499CC905F5409336750D862C22DEC4CE6835F4E34FADD315602F305976633 | |||
2368 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[1].xml | xml | |
MD5:E3577E0BFC5AC427998DB92581535874 | SHA256:3D59A0C0E0C6C734F509C48D523997003A0DEE9AAF9A3915C95B61FFC0CC3808 | |||
1136 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
2368 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[4].xml | xml | |
MD5:18F1873E9F880443087A8755DC3E97CE | SHA256:4BA1DD8A9844A4C822AB9CC657D6DC84715A6DCC47E6AE5F9AF45D7B726EED43 | |||
1136 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:7FE36EE44172CA1CE1529E3351EB15A2 | SHA256:40040746D3E7793333D83E4B56BAD181BCA73433AFF98763E4850BE25A33504D | |||
2368 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\qsml[5].xml | xml | |
MD5:9E8AF0B5E2ACFE6AC468C8D771F811E6 | SHA256:9A084B5F53998188CCFBF6071363683E05A401E735D769383586432091074469 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2368 | iexplore.exe | GET | — | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fmaketop.kr%2Fc&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | — | — | whitelisted |
2368 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fmaketop.kr%2Fconf&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 178 b | whitelisted |
2368 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fmaketop.kr%2Fcon&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 177 b | whitelisted |
1136 | iexplore.exe | GET | 404 | 220.73.162.59:80 | http://maketop.kr/favicon.ico | KR | html | 1.21 Kb | malicious |
2368 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fmaketop.kr%2Fconfig%2Fdrea&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 182 b | whitelisted |
2368 | iexplore.exe | GET | 200 | 220.73.162.59:80 | http://maketop.kr/ | KR | html | 1.38 Kb | malicious |
2368 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fmaketop.kr%2Fconfig%2Fdr&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 181 b | whitelisted |
2368 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fmaketop.kr%2Fco&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 176 b | whitelisted |
2368 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fmaketop.kr%2Fconfig&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 179 b | whitelisted |
2368 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fmaketop.kr%2Fconfig%2Fdreamconf&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 183 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2368 | iexplore.exe | 220.73.162.59:80 | maketop.kr | Korea Telecom | KR | malicious |
2368 | iexplore.exe | 13.107.5.80:80 | api.bing.com | Microsoft Corporation | US | whitelisted |
1136 | iexplore.exe | 220.73.162.59:80 | maketop.kr | Korea Telecom | KR | malicious |
1136 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1136 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2368 | iexplore.exe | 14.0.113.205:80 | cdn.megadata.co.kr | — | KR | suspicious |
1136 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2368 | iexplore.exe | 220.73.162.59:443 | maketop.kr | Korea Telecom | KR | malicious |
Domain | IP | Reputation |
---|---|---|
maketop.kr |
| malicious |
cdn.megadata.co.kr |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ieonline.microsoft.com |
| whitelisted |