URL: | http://www.alamo-warszawa.eu |
Full analysis: | https://app.any.run/tasks/e23f648d-4ab6-4e60-92ee-c055f57d7b37 |
Verdict: | Malicious activity |
Analysis date: | July 11, 2019, 15:49:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | BBA6EE703687C63394914B9E8D1FE92E |
SHA1: | BF8B00BC13324B51869F058443CB3D584748A8E8 |
SHA256: | 2DF88C704ABA19F54F43BA3991CDA01C892BBA22725BB132E25F9487E4578186 |
SSDEEP: | 3:N1KJS4B48s:Cc4I |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2892 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3176 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2892 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3676 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2892 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2892 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3176 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt | — | |
MD5:— | SHA256:— | |||
3176 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:03BD06FCB2262D9D8CE3376516169B49 | SHA256:55114778945C585332B000783754FC3B0281850218A15BF28849EAAEFAAB82EF | |||
3176 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:C734BEAF82C5945A91763D98899F4239 | SHA256:B1D5D61DC86C7D3583A12504EBFB20B8D5D92F7CC196940C3588D1CF36CDDBB6 | |||
3176 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt | text | |
MD5:4FBF117F7BB7FFE3B5E4061AAAE82462 | SHA256:8C55541FD3E0C88EB106A9025EB6E61AF28545B498C59D8D27CB0093BB74440D | |||
3176 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2T7L0FR8\spcjs[1].php | text | |
MD5:A6D886F9DEB9382FB2372CD259E5C237 | SHA256:2EA7A83ECBBD4B9C58D0336AC4CF56CB9ED00D126DEFE8B4024DBB6DA3F88FCC | |||
3176 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2T7L0FR8\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
3176 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AYU4AO10\index_creation[1].htm | html | |
MD5:73CD396A458C2715719E7CA3A1B4A0DB | SHA256:C8CF70AC6345D1F0B54A316275AC297FADC7FDC28ADD5A02A1863F9F291C3832 | |||
3176 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\651SJIML\alamo-warszawa_eu[1].htm | html | |
MD5:9780287092895269BF1249FA2B9AB0E3 | SHA256:7AB9A961788C1550B1598D3C7BF78526EB7AB3B3C0401A6F4BE9EACAE79F20E1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3176 | iexplore.exe | GET | 200 | 85.128.128.104:80 | http://www.alamo-warszawa.eu/ | PL | html | 6.13 Kb | malicious |
3176 | iexplore.exe | GET | 200 | 85.128.128.104:80 | http://newkf.nazwa.pl/templates/blackdown-template-08.2011/css/style.css | PL | text | 2.20 Kb | malicious |
3176 | iexplore.exe | GET | 200 | 85.128.128.104:80 | http://newkf.nazwa.pl/templates/blackdown-template-08.2011/css/style.css | PL | text | 2.20 Kb | malicious |
3176 | iexplore.exe | GET | 200 | 85.128.129.85:80 | http://content.netart.pl/www/delivery/spcjs.php?id=5&target=_top | PL | text | 2.25 Kb | unknown |
3176 | iexplore.exe | GET | 200 | 85.128.128.104:80 | http://newkf.nazwa.pl/templates/blackdown-template-08.2011/images/bg.gif | PL | image | 274 b | malicious |
3176 | iexplore.exe | GET | — | 85.128.128.37:80 | http://dm.netart.pl//blackdown/2019/04/program_partnerski.png | PL | — | — | unknown |
3176 | iexplore.exe | GET | 200 | 85.128.128.104:80 | http://newkf.nazwa.pl/templates/blackdown-template-08.2011/images/bg_head.gif | PL | image | 111 b | malicious |
3176 | iexplore.exe | GET | 200 | 85.128.129.85:80 | http://content.netart.pl/www/delivery/spc.php?zones=5&source=&r=9772301&target=_top&charset=windows-1252&loc=http%3A//newkf.nazwa.pl/index_creation.php%3Fsource%3Dblackdown-kf&referer=http%3A//www.alamo-warszawa.eu/ | PL | text | 826 b | unknown |
3176 | iexplore.exe | GET | 200 | 172.217.22.78:80 | http://www.google-analytics.com/ga.js | US | text | 16.7 Kb | whitelisted |
3176 | iexplore.exe | GET | 200 | 85.128.128.104:80 | http://newkf.nazwa.pl/index_creation.php?source=blackdown-kf | PL | html | 524 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3176 | iexplore.exe | 172.217.22.78:80 | www.google-analytics.com | Google Inc. | US | whitelisted |
2892 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2892 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3176 | iexplore.exe | 85.128.128.104:80 | www.alamo-warszawa.eu | Nazwa.pl Sp.z.o.o. | PL | malicious |
— | — | 85.128.128.104:80 | www.alamo-warszawa.eu | Nazwa.pl Sp.z.o.o. | PL | malicious |
3176 | iexplore.exe | 85.128.128.37:80 | dm.netart.pl | Nazwa.pl Sp.z.o.o. | PL | unknown |
3176 | iexplore.exe | 85.128.129.85:80 | content.netart.pl | Nazwa.pl Sp.z.o.o. | PL | unknown |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.alamo-warszawa.eu |
| malicious |
newkf.nazwa.pl |
| unknown |
www.google-analytics.com |
| whitelisted |
content.netart.pl |
| unknown |
dm.netart.pl |
| unknown |