URL: | http://cdn.superantispyware.com/SUPERAntiSpyware.exe |
Full analysis: | https://app.any.run/tasks/b40547f1-070f-459c-838b-d7eb5650614b |
Verdict: | Malicious activity |
Analysis date: | January 01, 2019, 13:26:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | CEBC0558BFA25E331E56CB86BF7A6286 |
SHA1: | 9326EBDD598E1A6D873D6A06BC8993D53224F1DE |
SHA256: | 21F2A7C9DD326DE2AF5426F2E4750938A74E3B8A92576763E596DA325CDA35AE |
SSDEEP: | 3:N1KdBLzVXLqWVjEednqSNVcSEXALN:CXzVbqKEe4SDEXuN |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2836 | "C:\Program Files\Internet Explorer\iexplore.exe" http://cdn.superantispyware.com/SUPERAntiSpyware.exe | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3388 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2836 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1820 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\SUPERAntiSpyware[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\SUPERAntiSpyware[1].exe | — | iexplore.exe |
User: admin Company: SUPERAntiSpyware Integrity Level: MEDIUM Description: SUPERAntiSpyware Free Edition Setup Exit code: 0 Version: 8, 0, 0, 1026 | ||||
2236 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\SUPERAntiSpyware[1].exe" /runasadmin | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\SUPERAntiSpyware[1].exe | SUPERAntiSpyware[1].exe | |
User: admin Company: SUPERAntiSpyware Integrity Level: HIGH Description: SUPERAntiSpyware Free Edition Setup Exit code: 0 Version: 8, 0, 0, 1026 | ||||
3268 | "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" -install -name:!SASCORE -display:"SAS Core Service" -description:"SUPERAntiSpyware Core Service" -pipe:sascoreservicepipe | C:\Program Files\SUPERAntiSpyware\SASCORE.EXE | — | SUPERAntiSpyware[1].exe |
User: admin Company: SUPERAntiSpyware.com Integrity Level: HIGH Description: Core Service Exit code: 0 Version: 6, 0, 0, 1082 | ||||
2292 | "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" | C:\Program Files\SUPERAntiSpyware\SASCORE.EXE | services.exe | |
User: SYSTEM Company: SUPERAntiSpyware.com Integrity Level: SYSTEM Description: Core Service Version: 6, 0, 0, 1082 | ||||
2832 | "C:\Windows\system32\REGSVR32.EXE" /s "C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL" | C:\Windows\system32\REGSVR32.EXE | — | SUPERAntiSpyware[1].exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3768 | "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" | C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe | SUPERAntiSpyware[1].exe | |
User: admin Company: SUPERAntiSpyware Integrity Level: MEDIUM Description: SUPERAntiSpyware Application Version: 8, 0, 0, 1026 | ||||
2960 | "C:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE" *8.0.1026!{06CD588E-4BD7-4ab9-9938-0949231C9484} | C:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE | — | SUPERAntiSpyware.exe |
User: admin Company: SUPERAntiSpyware.com Integrity Level: MEDIUM Description: SUPERAntiSpyware Update Application Exit code: 4294967295 Version: 1, 0, 0, 1080 | ||||
3508 | "C:\Windows\System32\cacls.exe" "C:\System Volume Information" /E /G everyone:F | C:\Windows\System32\cacls.exe | — | SUPERAntiSpyware.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Control ACLs Program Exit code: 5 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2836 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2836 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2836 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF751E650D3C9D4EB0.TMP | — | |
MD5:— | SHA256:— | |||
3388 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\SUPERAntiSpyware[1].exe | — | |
MD5:— | SHA256:— | |||
2836 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\SUPERAntiSpyware[1].exe | — | |
MD5:— | SHA256:— | |||
1820 | SUPERAntiSpyware[1].exe | C:\ProgramData\SUPERSetup\setupvars-journal | — | |
MD5:— | SHA256:— | |||
2836 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFD234161EF84DA469.TMP | — | |
MD5:— | SHA256:— | |||
2836 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E88CEE65-0DC8-11E9-BAD8-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
2836 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
3388 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019010120190102\index.dat | dat | |
MD5:81D543B866EFE748DF789F6A60848D88 | SHA256:29260D1837119780A3D0231C071CA0DE14741F11C3B55A81606FE4176195DC5D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2836 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3388 | iexplore.exe | GET | 200 | 93.184.221.133:80 | http://cdn.superantispyware.com/SUPERAntiSpyware.exe | US | executable | 35.4 Mb | whitelisted |
2236 | SUPERAntiSpyware[1].exe | GET | 200 | 74.201.114.183:80 | http://events.webflowmetrics.com/metrics.asmx/RecordEvent?sEventName=SASRPI_Install&sEventData=tag:SUPERAntiSpywareChrome.exe_Chrome_V5_NotShown:2|zo-sasref | US | xml | 80 b | suspicious |
3768 | SUPERAntiSpyware.exe | GET | 200 | 74.201.114.183:80 | http://events.webflowmetrics.com/metrics.asmx/RecordEvent?sEventName=SASRPI_TrialOffer&sEventData=tag:SUPERAntiSpyware.exe_V6_Accepted%7Czo-sasref | US | xml | 80 b | suspicious |
3768 | SUPERAntiSpyware.exe | POST | 200 | 74.201.114.185:80 | http://www.superantispyware.com/application.php | US | text | 16 b | suspicious |
3768 | SUPERAntiSpyware.exe | GET | 200 | 93.184.221.133:80 | http://cdn.superantispyware.com/appdata/sas/public/new.15243.SAS | US | binary | 29.4 Mb | whitelisted |
3768 | SUPERAntiSpyware.exe | GET | 200 | 93.184.221.133:80 | http://cdn.superantispyware.com/appdata/sas/public/20000002.XML | US | text | 188 b | whitelisted |
3768 | SUPERAntiSpyware.exe | GET | 200 | 93.184.221.133:80 | http://cdn.superantispyware.com/sascomponents/%7B06CD588E-4BD7-4AB9-9938-0949231C9484%7D.sas | US | binary | 2.49 Kb | whitelisted |
3768 | SUPERAntiSpyware.exe | POST | 200 | 74.201.114.185:80 | http://www.superantispyware.com/application.php | US | text | 125 b | suspicious |
3768 | SUPERAntiSpyware.exe | POST | 200 | 74.201.114.185:80 | http://www.superantispyware.com/application.php | US | text | 4 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2836 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3388 | iexplore.exe | 93.184.221.133:80 | cdn.superantispyware.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3768 | SUPERAntiSpyware.exe | 93.184.221.133:80 | cdn.superantispyware.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2236 | SUPERAntiSpyware[1].exe | 74.201.114.183:80 | events.webflowmetrics.com | Internap Network Services Corporation | US | unknown |
3768 | SUPERAntiSpyware.exe | 74.201.114.183:80 | events.webflowmetrics.com | Internap Network Services Corporation | US | unknown |
3768 | SUPERAntiSpyware.exe | 74.201.114.185:80 | www.superantispyware.com | Internap Network Services Corporation | US | unknown |
Domain | IP | Reputation |
---|---|---|
cdn.superantispyware.com |
| whitelisted |
www.bing.com |
| whitelisted |
events.webflowmetrics.com |
| suspicious |
www.superantispyware.com |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
3388 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
Process | Message |
---|---|
SUPERAntiSpyware.exe | start menu folder |
SUPERAntiSpyware.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\ |
SUPERAntiSpyware.exe | BANNER HAS NOT CHANGED |