download: | z.htm |
Full analysis: | https://app.any.run/tasks/6fac9324-8529-42a3-9e73-2aa1405b5a3a |
Verdict: | Malicious activity |
Analysis date: | December 06, 2019, 12:20:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with no line terminators |
MD5: | 263FBB1919FF93B840A987CEB1190C84 |
SHA1: | 3E5BA0A6D9BD46495EE935924743D8BE78E1A5FB |
SHA256: | 2DF7700FB4DC5B8188E9D88A41D62CC418FFE4CD9E54ADE1E54442895D6F9BF7 |
SSDEEP: | 3:nmNjJMzVJu+1i+mTYwWKMGhHsKb:GMRJVi+mUYHP |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2172 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\z.htm | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3316 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2172 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2740 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2172 CREDAT:137473 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2172 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2172 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2172 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF45F960BB6183BE30.TMP | — | |
MD5:— | SHA256:— | |||
2740 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:5B232087B9DEF1EC56025F279153E8E3 | SHA256:3D0E4A7BB75EE5555796D011F9D9BCDD27DE7D47D362E8D5DB52717C92115C47 | |||
2740 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:8E202E988A71FE373C4B9ABDB9BF71A1 | SHA256:E93C3EAFBA240464EAB2BD49C7F92FC63F5A19F0D30684A93B0B6FEC381F74E8 | |||
2740 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z6L0G31N\login[1].htm | html | |
MD5:DE8E35DD44D07668CA4C90788552BE91 | SHA256:10E238B87390D3664E6EAB979928AD2E36D836E4812EFA310E9C9BA5A52C07B4 | |||
3316 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120620191207\index.dat | dat | |
MD5:CB76F209E92479B4740C00BDF59ADA45 | SHA256:5C6E63F39A7E0028B9E3EF1A4BE9E7A0B6ADA9612B71F208C6F3125F4E572211 | |||
2172 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{DD424E2E-1822-11EA-AB41-5254004A04AF}.dat | binary | |
MD5:FF02BC1C818119FDCACAFE220999481D | SHA256:002DB465A1E9F01DB3E689E235D8856FB26D92D22A0D11FEBC10BF20DADFA727 | |||
2172 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
2740 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120620191207\index.dat | dat | |
MD5:2B24FED68EF9A8352763D48BCB121A1F | SHA256:B53653054CD3E841F8A50CB757F733CCCC690A80F4427E90CCE29D247F563DF5 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2172 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2740 | iexplore.exe | 103.43.46.23:80 | magabut.com | PT Infinys System Indonesia | ID | malicious |
2172 | iexplore.exe | 3.234.120.183:443 | mail.zimbra.com | — | US | unknown |
2740 | iexplore.exe | 3.234.120.183:443 | mail.zimbra.com | — | US | unknown |
2172 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
magabut.com |
| malicious |
mail.zimbra.com |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
2740 | iexplore.exe | A Network Trojan was detected | MALWARE [PTsecurity] Google Drive Phishing Landing |