download: | index.html |
Full analysis: | https://app.any.run/tasks/704113aa-4480-4e94-8289-03f404864eff |
Verdict: | Malicious activity |
Analysis date: | August 18, 2019, 06:29:09 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | 38BA37386419FDB1FC3B93E7CBBAC543 |
SHA1: | 45D49C96782861161650AB2B5071D8EFC8897A23 |
SHA256: | 2DBC51E3CFC77B35AA6EFB705394F2DE9FE199D0B0BCDE2751F05266A8759712 |
SSDEEP: | 768:wPYhgn/DX3PLCj5qZMgGXbr+v65ntYQlV7UVBTz5Klp0z7Ha8KaVHNTPE+VQbx2:wPzn/DX3PLCdbr+v6oY4zIlp0X68KajT |
.html | | | HyperText Markup Language (100) |
---|
Title: | Lurkmore |
---|---|
Generator: | MediaWiki 1.19.24 |
Description: | Здравствуйте. Это Луркоморье — русский луркмоар. Вы можете редактировать любую статью, так же как и в Википедии. Но, в отличие от википедии, мы не ставим своей целью написать обо всем на свете сразу и не руководствуемся мифическими критериями «значимости» и «энциклопедичности». Само получается. |
ResourceLoaderDynamicStyles: | - |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3352 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1073807364 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3820 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3352 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3280 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3352 CREDAT:137473 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3476 | "C:\Windows\system32\taskmgr.exe" /4 | C:\Windows\system32\taskmgr.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Task Manager Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4060 | "C:\Windows\System32\control.exe" SYSTEM | C:\Windows\System32\control.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Control Panel Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1524 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Exit code: 1073807364 Version: 26,0,0,131 | ||||
2400 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3352 CREDAT:6422 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
4036 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Desktop\Wishmaster.jpg | C:\Windows\system32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2824 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Wishmaster.jpg" | C:\Program Files\WinRAR\WinRAR.exe | rundll32.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 1073807364 Version: 5.60.0 | ||||
1584 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2824.5104\wishmaster.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2824.5104\wishmaster.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3352 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3352 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QU1UU192\lurkmore_to[1].txt | — | |
MD5:— | SHA256:— | |||
3352 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:7C62A9C99516C351FA5E04FAAD289BEA | SHA256:66D371B477D712DEA787F07F52599521340432064FAF44D67501DDB7F4AAD2EA | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:B9612A1C3F4670B545B4E73142EDA770 | SHA256:F2753699F10A23BC07F81E9E5489D42635E7C1686F57ED3B5BF7A629ABA7BECC | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@rareru[1].txt | text | |
MD5:B3D9F9930086084AF4996D72B379C714 | SHA256:8757C6E833679F3A0478A4BB7F5D96B5A1CEE42D3FEB32F856C75305B526D741 | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QU71T5GQ\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M3R401CH\expand_nor[1] | image | |
MD5:897AD8408A1CB6A37F8C8A1756C6E3FA | SHA256:1D0059946A9C05B0747FE7208A96BE14B5EE888F33FBF3EAB2D9A01518EB3569 | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:FBF116EC374018F5663473EBC41857FB | SHA256:5984810E0FE5605D8B19F2E6DFCDAA1BF7E5231756E11A0C4FD6A77EBCCD7F4D | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0A7I78I2\f[1].txt | text | |
MD5:0340C49045A23003CE6F672194A5F3EA | SHA256:FEF51D7A7FC11A0D1E061D01EA7A43F41465B33A4720EFFF8CDB6641BC0FB36F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3280 | iexplore.exe | GET | 200 | 77.88.21.90:80 | http://an.yandex.ru/system/context.js | RU | text | 16.3 Kb | whitelisted |
3280 | iexplore.exe | GET | 200 | 188.42.196.32:80 | http://lurkmore.to/ | LU | html | 13.2 Kb | whitelisted |
3280 | iexplore.exe | GET | 200 | 188.42.196.32:80 | http://lurkmore.to/load.php?debug=false&lang=ru&modules=jquery-new%2Cmediawiki%2Cprettyphoto&only=scripts&skin=ventus&version=20160802T095348Z | LU | html | 43.3 Kb | whitelisted |
3280 | iexplore.exe | GET | 200 | 216.58.205.226:80 | http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | US | text | 34.0 Kb | whitelisted |
3280 | iexplore.exe | GET | 200 | 188.42.196.32:80 | http://lurkmore.to/skins/common/common.css | LU | text | 17.7 Kb | whitelisted |
3280 | iexplore.exe | GET | 200 | 178.154.131.215:80 | http://yastatic.net/pcode/adfox/header-bidding.js | RU | text | 37.3 Kb | whitelisted |
3352 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3280 | iexplore.exe | GET | 200 | 188.42.196.32:80 | http://lurkmore.to/load.php?debug=false&lang=ru&modules=mediawiki.legacy.commonPrint%2Cshared&only=styles&skin=ventus&* | LU | text | 13.0 Kb | whitelisted |
3280 | iexplore.exe | GET | 200 | 188.42.196.32:80 | http://lurkmore.to/skins/ventus/main.css?303 | LU | text | 16.1 Kb | whitelisted |
3280 | iexplore.exe | GET | 302 | 188.42.191.196:80 | http://ads.betweendigital.com/sspmatch-js?randsalt=3324089784 | LU | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 216.58.205.226:139 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
4 | System | 188.42.196.32:445 | lurkmore.to | Servers.com, Inc. | LU | suspicious |
3352 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
4 | System | 216.58.205.226:445 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
— | — | 188.42.196.32:137 | lurkmore.to | Servers.com, Inc. | LU | suspicious |
3280 | iexplore.exe | 188.42.196.32:80 | lurkmore.to | Servers.com, Inc. | LU | suspicious |
3280 | iexplore.exe | 216.58.205.226:80 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
3280 | iexplore.exe | 178.154.131.215:80 | yastatic.net | YANDEX LLC | RU | whitelisted |
3280 | iexplore.exe | 77.88.21.90:80 | an.yandex.ru | YANDEX LLC | RU | whitelisted |
4 | System | 77.88.21.90:445 | an.yandex.ru | YANDEX LLC | RU | whitelisted |
Domain | IP | Reputation |
---|---|---|
lurkmore.to |
| whitelisted |
www.bing.com |
| whitelisted |
pagead2.googlesyndication.com |
| whitelisted |
an.yandex.ru |
| whitelisted |
yastatic.net |
| whitelisted |
abc.rareru.ru |
| unknown |
ax.rareru.ru |
| unknown |
ad.mail.ru |
| whitelisted |
ads.betweendigital.com |
| whitelisted |
counter.yadro.ru |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |