download: | index.html |
Full analysis: | https://app.any.run/tasks/82ac3a03-a2a0-48bc-a9a1-c7b71a25eeef |
Verdict: | Malicious activity |
Analysis date: | June 12, 2019, 01:58:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | 6DF9E3E6B423E5223E4A0E532B7CA6DC |
SHA1: | 71EA7CFB876947F04BF0565E6C35B05924ADB050 |
SHA256: | 1E69F39490436BA466BFEE79D2EE59FD1C492A2582C7B825D8462AA0FB22CEC6 |
SSDEEP: | 768:0X+QoppNv+r5AZpUxnHeCb4f1u0eywO0H+UJFUAoq2hfV7sgaRs:0X06nboq2hfVMs |
.html | | | HyperText Markup Language (100) |
---|
Generator: | blogger |
---|---|
msapplicationNavbuttonColor: | #eeeeee |
themeColor: | #eeeeee |
ContentType: | text/html; charset=UTF-8 |
Title: | achplicupko1985 |
viewport: | width=device-width, initial-scale=1 |
Refresh: | 0;URL=http://finanso.top/sl.html |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3612 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2696 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3612 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2452 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3612 CREDAT:137473 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3612 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3612 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3612 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF9D78BBDE5549839D.TMP | — | |
MD5:— | SHA256:— | |||
2696 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613\index.dat | dat | |
MD5:7FB9A17070A447919AD8E1D957370B0C | SHA256:37C646FC8D79CA400C6A9F9DDEDE8B83CC4988E7680FAF4620E84C360C0DBE7E | |||
3612 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A6877EEC-8CB6-11E9-A09E-5254004A04AF}.dat | binary | |
MD5:C8991744CEF47A03D5EEE968923550CB | SHA256:F98EC40F6606BFA201193AA2F8BF9FC4BC8F25ABE7DAA506355E38A418D3F1DD | |||
2452 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@joygut[1].txt | text | |
MD5:1FC1F9E57721BEF1ED18BF38F5611B86 | SHA256:066046446F01420C115F6935C126C08C3443D8B28839F7A90C8421CDD8252671 | |||
2452 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:325B57E4A2862ED4DFD4975DD8B43E02 | SHA256:18EA38644D42354239D88DA0D8E83DA888C7D74C8B978C70165451E95BB9C401 | |||
2452 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:50885696BDDE26BAE8A6396555975994 | SHA256:1156CB732C054C19D2A437D48FDEC42E13A440381C7CFC0069185CD4258D5C41 | |||
2452 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZYC81QKA\sl[1].htm | html | |
MD5:6BBCEC5ADC6D60AD4254B0D0BCE430F7 | SHA256:307F34896FFFBF3EF9B0AF3CB4E2CCC879AF5AF44E499CFD3C6E09DECB89AC31 | |||
2696 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\unnamed[1].jpg | image | |
MD5:869B8910938688BE94C2348DD2CE2096 | SHA256:575ECD5E8EDDCBA54AD43E4A396EE2E629F923011D3441F29D672360F131FBCE |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2452 | iexplore.exe | GET | 302 | 104.31.90.103:80 | http://vip.joygut.club/tracker?s_id=7&aff_id=225 | US | — | — | suspicious |
2452 | iexplore.exe | GET | 200 | 104.31.90.103:80 | http://en.cryptogroup-app.vip.joygut.club/images/step2.png | US | image | 3.98 Kb | suspicious |
2452 | iexplore.exe | GET | 200 | 104.31.90.103:80 | http://en.cryptogroup-app.vip.joygut.club/images/bitgo.png | US | image | 2.30 Kb | suspicious |
2452 | iexplore.exe | GET | 200 | 104.31.90.103:80 | http://en.cryptogroup-app.vip.joygut.club/images/preloader_Youtube.gif | US | image | 4.83 Kb | suspicious |
2452 | iexplore.exe | GET | 200 | 104.31.90.103:80 | http://en.cryptogroup-app.vip.joygut.club/images/logo.png | US | image | 11.5 Kb | suspicious |
2452 | iexplore.exe | GET | 200 | 104.31.90.103:80 | http://en.cryptogroup-app.vip.joygut.club/images/step1.png | US | image | 4.27 Kb | suspicious |
2452 | iexplore.exe | GET | 200 | 104.31.90.103:80 | http://en.cryptogroup-app.vip.joygut.club/css/main.css | US | text | 3.84 Kb | suspicious |
2452 | iexplore.exe | GET | 200 | 104.31.90.103:80 | http://en.cryptogroup-app.vip.joygut.club/images/norton.png | US | image | 2.58 Kb | suspicious |
2452 | iexplore.exe | GET | 200 | 149.129.217.62:80 | http://finanso.top/sl.html | SG | html | 131 b | suspicious |
2452 | iexplore.exe | GET | 200 | 104.31.90.103:80 | http://en.cryptogroup-app.vip.joygut.club/images/footer-logo.png | US | image | 10.5 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3612 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2696 | iexplore.exe | 172.217.22.99:443 | www.gstatic.com | Google Inc. | US | whitelisted |
2696 | iexplore.exe | 216.58.205.233:443 | resources.blogblog.com | Google Inc. | US | unknown |
2696 | iexplore.exe | 172.217.16.169:443 | www.blogger.com | Google Inc. | US | whitelisted |
3612 | iexplore.exe | 149.129.217.62:80 | finanso.top | — | SG | suspicious |
2452 | iexplore.exe | 104.31.90.103:80 | vip.joygut.club | Cloudflare Inc | US | shared |
2452 | iexplore.exe | 149.129.217.62:80 | finanso.top | — | SG | suspicious |
2696 | iexplore.exe | 172.217.16.129:443 | themes.googleusercontent.com | Google Inc. | US | whitelisted |
3612 | iexplore.exe | 104.31.90.103:80 | vip.joygut.club | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
resources.blogblog.com |
| whitelisted |
themes.googleusercontent.com |
| whitelisted |
www.blogger.com |
| shared |
finanso.top |
| suspicious |
vip.joygut.club |
| suspicious |
en.cryptogroup-app.vip.joygut.club |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.top domain - Likely Hostile |
2452 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |