URL: | http://gmai.com |
Full analysis: | https://app.any.run/tasks/99959628-e703-4848-9388-f179828caa84 |
Verdict: | Malicious activity |
Analysis date: | February 21, 2020, 16:22:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 6D1D7E61E08288963C2E2645E202DAC6 |
SHA1: | CB44D04F600B0DC3AEB2A2AA1A7B23C69C7DA1CB |
SHA256: | 1FBD5490CB622A22241BF6EC16F5CC381292FE3C96DF7E657C6EE94973F4EDB1 |
SSDEEP: | 3:N1KZIEdKIn:C2EdTn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3044 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://gmai.com" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3012 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3044 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3044 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\453HF2UZ.htm | html | |
MD5:599D97B2D5BB581FD838E87E2B23B5EA | SHA256:432AD8E40DE5D8F69E1DDA377ADD9E1DC2D48B32F895252A217F4CA788616B7E | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\8QU1CQCK.txt | text | |
MD5:E045B211D3E323EC1DCAB3EF34F83DE2 | SHA256:7198CED2E264F95430F48327FFB01D552CCB7E1563D735666F4DD04015A35EFD | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\style[1].css | text | |
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5 | SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\skenzo[1].css | text | |
MD5:258924C7D7C159A3861E9838F0B40012 | SHA256:DB30F3956434FA476F2F5A605696E792A57398E8DED3AF2FEB7913C731AD7AB8 | |||
3044 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:879E5829882D38A373A6C36F4AA76550 | SHA256:B4BF4B215E936310D9A3B2E7043C0D17650A9C80D88904E137A6147977267DB8 | |||
3044 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].ico | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\1UAOJV3W | text | |
MD5:32682312D17C7CBF18E73594F5570319 | SHA256:E55FB1A1D731153E943B68844AF12DCCE8BFAC917C98FFDEA64C80DA0607DD47 | |||
3012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\PGXAICWX.htm | html | |
MD5:E7BFB9316E89CE5212B1B2507DD8830A | SHA256:B5378A12E359A27A0C92F53FEFA2B4C21673781B7E76F54495D58AD72A927839 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3012 | iexplore.exe | GET | 200 | 185.53.179.29:80 | http://ww1.gmai.com/?subid1=66114654-54c6-11ea-80c3-8cfa5b12f8c3 | DE | html | 470 b | malicious |
3044 | iexplore.exe | GET | 200 | 185.53.179.29:80 | http://ww1.gmai.com/favicon.ico | DE | — | — | malicious |
3012 | iexplore.exe | GET | 200 | 99.84.87.7:80 | http://d1lxhc4jvstzrp.cloudfront.net/themes/assets/skenzo.css | US | text | 208 b | shared |
3012 | iexplore.exe | GET | 200 | 99.84.87.7:80 | http://d1lxhc4jvstzrp.cloudfront.net/themes/assets/style.css | US | text | 343 b | shared |
3012 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://iyfsearch.com/?dn=gmai.com&pid=9PO755G95 | VG | html | 196 b | suspicious |
3012 | iexplore.exe | GET | 302 | 81.17.18.198:80 | http://gmai.com/ | CH | text | 11 b | whitelisted |
3044 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3012 | iexplore.exe | 81.17.18.198:80 | gmai.com | Private Layer INC | CH | malicious |
3012 | iexplore.exe | 99.84.87.7:80 | d1lxhc4jvstzrp.cloudfront.net | AT&T Services, Inc. | US | unknown |
— | — | 185.53.179.29:80 | ww1.gmai.com | Team Internet AG | DE | malicious |
3044 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 81.17.18.198:443 | gmai.com | Private Layer INC | CH | malicious |
3044 | iexplore.exe | 185.53.179.29:80 | ww1.gmai.com | Team Internet AG | DE | malicious |
3012 | iexplore.exe | 208.91.196.46:80 | iyfsearch.com | Confluence Networks Inc | VG | malicious |
3044 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
gmai.com |
| whitelisted |
ww1.gmai.com |
| malicious |
d1lxhc4jvstzrp.cloudfront.net |
| shared |
iyfsearch.com |
| suspicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3012 | iexplore.exe | Misc activity | ADWARE [PTsecurity] InstantAccess |