URL: | http://www.cashcow.ai |
Full analysis: | https://app.any.run/tasks/ce4aa1a6-77ba-4533-af6d-4081d159a641 |
Verdict: | Malicious activity |
Analysis date: | January 11, 2019, 10:44:22 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | CD668746A9B20B1DCBE78BC23A988F27 |
SHA1: | ECC256A9FA32EAF9D96B2C9D70659F865A885A92 |
SHA256: | 1E749D10643D8F6C5D5A782146608FC295BEE9F179AA5F5FE1290CBC69698F81 |
SSDEEP: | 3:N1KJS4ae5:Cc4ae5 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2980 | "C:\Program Files\Internet Explorer\iexplore.exe" http://www.cashcow.ai | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3496 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2980 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2332 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2980 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2980 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cashcow_ai[1].txt | — | |
MD5:— | SHA256:— | |||
3496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\css[1].txt | text | |
MD5:A07D40C2638223F60172DD8B3EDF9C95 | SHA256:2C73517E426BF2463AE52FB6DAE6B1499255E3F31AC95805578BA975ECAD3674 | |||
3496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\css[1].txt | text | |
MD5:4C7DAD4090D0A72B34CC1BCD13885C73 | SHA256:4CD4BD4AF907718DD6B740F3A4710FA82BD3EA724274EEFDE8D3DDB54DAB894F | |||
3496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\js[1] | text | |
MD5:64D1C7DB02A491C37691238C85DF897A | SHA256:AB6A6C9644B354A21F0ED79BDD686111352F0CEAAFE26BF89374842E0BC698BB | |||
3496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\footer[1].css | text | |
MD5:D717D796DA73531C411AA01A65885EE8 | SHA256:5B9265E98F31F4B709A9321243967B8A3E969373EAE6DF49E887E50148D75B9C | |||
3496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\newstyle[1].css | text | |
MD5:2FFCB9CA81EBF9798BD15F458EB233BF | SHA256:AA3D44F7FC0548C98FA3C4249993FE30B69485E1F83599D2C0969D71581E6F8D | |||
3496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\custome[1].css | text | |
MD5:9516C1CC8B601536DEA767BAE1B7BAF8 | SHA256:1341754D3C56F645A1A75B5A1C000E96C36B32DB1D55BFCFBC3D4F853BA9E81A | |||
3496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\slider[1].css | text | |
MD5:F30986BE1AA5ED04CE4A44DF88A47789 | SHA256:4D372B91D4B656B87BBB32F752897CB62C3C6581CE0A4EEF4F35EB61EBBFEA01 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3496 | iexplore.exe | GET | 200 | 35.154.9.197:80 | http://www.cashcow.ai/ | IN | html | 73.6 Kb | malicious |
3496 | iexplore.exe | GET | 200 | 35.154.9.197:80 | http://www.cashcow.ai/css/creative.min.css | IN | text | 1.71 Kb | malicious |
3496 | iexplore.exe | GET | 200 | 35.154.9.197:80 | http://www.cashcow.ai/css/footer.css | IN | text | 390 b | malicious |
3496 | iexplore.exe | GET | 200 | 35.154.9.197:80 | http://www.cashcow.ai/vendor/font-awesome/css/font-awesome.min.css | IN | text | 6.51 Kb | malicious |
3496 | iexplore.exe | GET | 200 | 35.154.9.197:80 | http://www.cashcow.ai/css/custome.css | IN | text | 3.60 Kb | malicious |
3496 | iexplore.exe | GET | 200 | 35.154.9.197:80 | http://www.cashcow.ai/css/slider.css | IN | text | 1.96 Kb | malicious |
3496 | iexplore.exe | GET | 200 | 35.154.9.197:80 | http://www.cashcow.ai/img/phone-call.png | IN | image | 1.78 Kb | malicious |
3496 | iexplore.exe | GET | 200 | 35.154.9.197:80 | http://www.cashcow.ai/img/hl.jpg | IN | image | 39.5 Kb | malicious |
3496 | iexplore.exe | GET | 200 | 35.154.9.197:80 | http://www.cashcow.ai/img/press/thehindubusinessline.png | IN | image | 80.5 Kb | malicious |
3496 | iexplore.exe | GET | 200 | 35.154.9.197:80 | http://www.cashcow.ai/img/lap.jpg | IN | image | 29.9 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3496 | iexplore.exe | 172.217.22.42:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3496 | iexplore.exe | 104.31.7.153:443 | www.jqueryscript.net | Cloudflare Inc | US | shared |
3496 | iexplore.exe | 35.154.9.197:80 | www.cashcow.ai | Amazon.com, Inc. | IN | malicious |
3496 | iexplore.exe | 172.217.23.170:443 | maps.googleapis.com | Google Inc. | US | whitelisted |
2980 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3496 | iexplore.exe | 31.13.90.6:443 | connect.facebook.net | Facebook, Inc. | IE | whitelisted |
3496 | iexplore.exe | 172.217.21.227:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
3496 | iexplore.exe | 104.19.195.151:443 | cdnjs.cloudflare.com | Cloudflare Inc | US | shared |
3496 | iexplore.exe | 172.217.16.136:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
3496 | iexplore.exe | 216.58.206.14:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.cashcow.ai |
| malicious |
www.bing.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
www.jqueryscript.net |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
connect.facebook.net |
| whitelisted |
cdn.materialdesignicons.com |
| malicious |
cdnjs.cloudflare.com |
| whitelisted |
maps.googleapis.com |
| whitelisted |