URL: | https://gmai.com |
Full analysis: | https://app.any.run/tasks/dc56c3a7-f625-4743-a2ec-ff4858c03e8b |
Verdict: | Malicious activity |
Analysis date: | January 17, 2019, 19:23:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | D0E23C9421E902196883325515300C97 |
SHA1: | B59292F7949B03D0E4A4538741F68757AB1E5ED7 |
SHA256: | 296CFC0320A58473E9CF14933E5363144B18ECECB5AC5FE344A777C9191A2A65 |
SSDEEP: | 3:N8pgKIn:2CTn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2976 | "C:\Program Files\Internet Explorer\iexplore.exe" https://gmai.com | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3500 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2976 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3536 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2976 CREDAT:6403 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2508 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2976 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2976 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\gmai_com[1].txt | — | |
MD5:— | SHA256:— | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ww1_gmai_com[1].txt | — | |
MD5:— | SHA256:— | |||
2976 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:570D6E2476082DE020AB1E4E0C1BD16B | SHA256:F42FC64BF7D604DA926E08B027696F851F6E371D1923EC5AC23CD1A287921129 | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\nmads_caf_20170727[1].js | text | |
MD5:ADF1C9B6C49F96778479BC88BD15A515 | SHA256:15E49655B52776DAC5EB6A9E3CED19338B7E1A7137DB37B54B03B6677F8ABF91 | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\api[1].js | text | |
MD5:FC094EA0898B63FDD2C7B67BA258B656 | SHA256:B0B0F39165B09D765210E96C07DA29C9649B05263B65BB5F9E6AC7E41488514C | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\nm_ga_bottom[1].js | text | |
MD5:1B73190474553D00CDF09A21D3E01B23 | SHA256:D9B75B983115220E79E3B3BCDD6E5C29EA7F0C3DF6A82ACBD405BAED54BD616F | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\nm_ga_top_20170727[1].js | text | |
MD5:AA6050E3599AF6A665217A0913ED2A9D | SHA256:728F68A2ACBA52654D4DCDA32B558E5A100DE53B1D63953A75539F765FA2D180 | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ww1_gmai_com[1].htm | html | |
MD5:ADBCB1E90A327DA09B572AEB312DC042 | SHA256:E00247F8926673B7E41BC28CD2E127164CFC477C87E60C3002CD8981DC573340 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3536 | iexplore.exe | GET | 200 | 85.17.25.202:80 | http://gmai.com/ | NL | html | 286 b | whitelisted |
3536 | iexplore.exe | GET | 200 | 184.168.221.104:80 | http://ww1.gmai.com/ | US | html | 5.86 Kb | malicious |
3536 | iexplore.exe | GET | 200 | 216.58.206.14:80 | http://www.google-analytics.com/ga.js | US | text | 16.7 Kb | whitelisted |
2976 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3536 | iexplore.exe | GET | 302 | 85.17.25.202:80 | http://gmai.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqcyI6MX0.fADWc9hUOlh58R9UzufQBROmie3I7c7vE835oE6YmU4&uuid=80f98504-1a8d-11e9-9d62-617f4bf48eee | NL | text | 11 b | whitelisted |
3536 | iexplore.exe | GET | 200 | 216.58.206.14:80 | http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1310851595&utmhn=ww1.gmai.com&utmcs=utf-8&utmsr=1280x720&utmvp=1276x560&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=26.0%20r0&utmdt=gmai.com&utmhid=1721146013&utmr=-&utmp=%2F&utmht=1547753069057&utmac=UA-2201473-4&utmcc=__utma%3D82782096.2102420221.1547753068.1547753068.1547753068.1%3B%2B__utmz%3D82782096.1547753068.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1129671623&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ | US | image | 35 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2976 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3536 | iexplore.exe | 184.168.221.104:80 | ww1.gmai.com | GoDaddy.com, LLC | US | malicious |
3536 | iexplore.exe | 172.217.21.228:443 | www.google.com | Google Inc. | US | whitelisted |
3536 | iexplore.exe | 52.85.74.250:443 | d24cze5sab2jwg.cloudfront.net | Amazon.com, Inc. | US | unknown |
3500 | iexplore.exe | 85.17.25.202:443 | gmai.com | LeaseWeb Netherlands B.V. | NL | unknown |
3536 | iexplore.exe | 85.17.25.202:80 | gmai.com | LeaseWeb Netherlands B.V. | NL | unknown |
3536 | iexplore.exe | 216.58.206.14:80 | www.google-analytics.com | Google Inc. | US | whitelisted |
3536 | iexplore.exe | 172.217.23.138:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3536 | iexplore.exe | 172.217.18.3:443 | www.gstatic.com | Google Inc. | US | whitelisted |
2976 | iexplore.exe | 52.85.74.250:443 | d24cze5sab2jwg.cloudfront.net | Amazon.com, Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
gmai.com |
| whitelisted |
www.bing.com |
| whitelisted |
ww1.gmai.com |
| malicious |
www.google.com |
| whitelisted |
d24cze5sab2jwg.cloudfront.net |
| whitelisted |
www.gstatic.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |