URL: | http://getsoftkey.cf/getfile?id=7SAPmhBzICo&s=C0B24C23 |
Full analysis: | https://app.any.run/tasks/c14a4027-585d-4250-bada-decda591b49c |
Verdict: | No threats detected |
Analysis date: | August 31, 2019, 19:18:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 6926CE34D7D244DA9050D57B904D8283 |
SHA1: | FDDCB560A54033DBF98D4CB00BC5C3241E544D55 |
SHA256: | 39D090F9B0DD3FD88A36E3B0C65184E9F69B31506CDFA300527E82348216CDED |
SSDEEP: | 3:N1KZARNDROs0DIAOS2kIfsmKKYmFRgW:C+uDOLEmXrgW |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2744 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3304 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2744 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2744 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2744 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3304 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0UESZW6O\getfile[1].txt | — | |
MD5:— | SHA256:— | |||
2744 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon3[1].png | — | |
MD5:— | SHA256:— | |||
3304 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:8EB77E5ECAD1E1C7E6A66D0B33DF8B00 | SHA256:65139DF5D6F1951CDDC9CEA33EA97D4F01DEAA57248A7302C309790D783007D1 | |||
3304 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@getsoftkey[1].txt | text | |
MD5:70851E93C619A9ECBAA585CD06D34241 | SHA256:F742EE7C11205945DCC43E519C893D1CB8F753F2EAC8246B0E4880E953B5BF6F | |||
3304 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KUSVOZV0\button-download[1].jpg | image | |
MD5:C3D18B806E539F92FCC2B2F9175213FB | SHA256:A07CEFB0F80E64EF53AC3F1605B0596B37A6CCE9BFAF7EF51CA552E36FA8BEBB | |||
3304 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0UESZW6O\style-3[1].css | text | |
MD5:29767DEB21E4259E7CED74962C2B4F43 | SHA256:7658C57E55EB4CEAB6642B6E94EDE8892F8EDFDC6899F81C2B3029AACF3C76D1 | |||
3304 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:F36016547A94748F079DA07142EAC643 | SHA256:5E0AC7AACA56E3F2922E9410644E2FAD64BC84F87D0AAA889954A1943A33EAF3 | |||
3304 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:27745C585EC29FF79D6409CEAC97D844 | SHA256:6E297F59E90B03EC9501EC9376800D22142D7B47A46944C556B640034E38C4B4 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3304 | iexplore.exe | GET | 200 | 104.28.29.105:80 | http://getsoftkey.cf/getfile?id=7SAPmhBzICo&s=C0B24C23 | US | html | 1.52 Kb | suspicious |
3304 | iexplore.exe | GET | 200 | 104.28.29.105:80 | http://getsoftkey.cf/js/controller-3.js | US | text | 1.38 Kb | suspicious |
3304 | iexplore.exe | GET | 200 | 104.28.29.105:80 | http://getsoftkey.cf/content/images/button-download.jpg | US | image | 21.1 Kb | suspicious |
3304 | iexplore.exe | GET | 200 | 104.28.29.105:80 | http://getsoftkey.cf/content/images/back.jpg | US | image | 141 Kb | suspicious |
3304 | iexplore.exe | GET | 200 | 104.28.29.105:80 | http://getsoftkey.cf/content/style-3.css | US | text | 936 b | suspicious |
2744 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2744 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2744 | iexplore.exe | 104.28.29.105:80 | getsoftkey.cf | Cloudflare Inc | US | shared |
3304 | iexplore.exe | 104.28.29.105:80 | getsoftkey.cf | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
getsoftkey.cf |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO DNS Query for Suspicious .cf Domain |
3304 | iexplore.exe | Misc activity | SUSPICIOUS [PTsecurity] JS obfuscation (obfuscator.io) |
3304 | iexplore.exe | Misc activity | SUSPICIOUS [PTsecurity] Redirection JScript Obfuscated (seen Banload) |