URL: | http://ppapa.com.au/our-locations/ |
Full analysis: | https://app.any.run/tasks/2d29be9a-165e-4e8e-a399-6f3d361db862 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 22:40:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 7644447E51CBDE718CBD6BE9AAAC74C0 |
SHA1: | 3F3FDA4CDA2A31B630BFBF02F2AF2969D5B22279 |
SHA256: | 3AE50CD00B7CA986FE1709A67C6C67941A82546692C8F7AADAA304415F3DDECF |
SSDEEP: | 3:N1KOVVLGKIl2Y1K:COVQ8Y1K |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1704 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://ppapa.com.au/our-locations/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
572 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1704 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30937459 | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30937459 | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\our-locations[1].htm | html | |
MD5:489A7D0FD8B27D65A5DFBC8C9D76C3BE | SHA256:88890C00EE1CCD61B32830B861B1FD6A16ABBC36D5988CF8B5B62B97AE85566A | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\css[1].css | text | |
MD5:3E7047827F47A309C5ADFD32B533482D | SHA256:7047C3951E856ADD43A1D0DBB134D2F5FEE067E082C689C1AFD474CADC8B83A3 | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\style_dynamic_responsive[1].css | text | |
MD5:587A2457E39DFCAF65D234D7AFD9C084 | SHA256:EA8FF8CDD1893487DE15D11862A6D3F58E817ED56FD841DFF9EFADFA3BAB9F79 | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style_dynamic[1].css | text | |
MD5:CCB04ACAF7B99CA776A2D5AF22B5C372 | SHA256:C3099A8468C7E7FB9E21AE30F50A3CBE5BEDD3720ABB715BB2173A0B483C9D3F | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\style[1].css | text | |
MD5:004C47F7CC9A926B6541131943481A96 | SHA256:2E50F0B028E1491FB83A25BB220A13AB4A3E42AC7F7C276F6689117F8D9F6BB5 | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\settings[1].css | text | |
MD5:3562402588E3BD6410012CF058D1948C | SHA256:23A57AED407545BD964231BCB511674996BDD28A4F2A57CA66BCA72DE0BF3D2D | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\layerslider[1].css | text | |
MD5:6ACFFAF4F6C42554546D13D60E7FA294 | SHA256:39EADD1CBAB3247462A6E2C98E375D19E3E6E9B7A52BCF5996F396B83E82FC85 | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\stylesheet.min[1].css | text | |
MD5:F22058AA318D92ACD562EB295CBC2D10 | SHA256:2D3F90C4E24F60F2EB1398E89B4C39E4DC5E8C44ADB22721DF0BE6F18B565174 | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\custom_css[1].css | text | |
MD5:7E0DD9AF2907A1DE2A230DACEEF23AC3 | SHA256:6587CA9A00CFA84545CFC6977E5578B688D98D6FF91A772B7EF4F27A973FDF0F | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\styles[1].css | text | |
MD5:43D043E2433BC44C66086EC97B4FB69B | SHA256:53565A8E2BDAC87D2418E760BC4A473959D607159BD4F5E649566664FBAEE53D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
572 | iexplore.exe | GET | 200 | 142.250.186.106:80 | http://fonts.googleapis.com/css?family=Lato:100,300,regular,700,900%7COpen+Sans:300%7CIndie+Flower:regular%7COswald:300,regular,700&subset=latin%2Clatin-ext | US | text | 431 b | whitelisted |
572 | iexplore.exe | GET | 200 | 139.99.186.24:80 | http://ppapa.com.au/wp-content/themes/bridge/css/print.css?ver=5.3.11 | AU | compressed | 285 b | suspicious |
572 | iexplore.exe | GET | 200 | 139.99.186.24:80 | http://ppapa.com.au/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8 | AU | compressed | 11.1 Kb | suspicious |
572 | iexplore.exe | GET | 200 | 139.99.186.24:80 | http://ppapa.com.au/wp-content/plugins/LayerSlider/static/layerslider/css/layerslider.css?ver=6.9.2 | AU | compressed | 5.09 Kb | suspicious |
572 | iexplore.exe | GET | 200 | 139.99.186.24:80 | http://ppapa.com.au/wp-content/themes/bridge/css/style_dynamic.css?ver=1575855893 | AU | compressed | 7.69 Kb | suspicious |
572 | iexplore.exe | GET | 200 | 139.99.186.24:80 | http://ppapa.com.au/wp-content/plugins/instagram-feed/css/sb-instagram-2-1.min.css?ver=2.1.5 | AU | compressed | 3.04 Kb | suspicious |
572 | iexplore.exe | GET | 200 | 139.99.186.24:80 | http://ppapa.com.au/wp-includes/css/dist/block-library/style.min.css?ver=5.3.11 | AU | compressed | 7.37 Kb | suspicious |
572 | iexplore.exe | GET | 200 | 139.99.186.24:80 | http://ppapa.com.au/wp-content/themes/bridge/css/linea-icons/style.css?ver=5.3.11 | AU | compressed | 9.44 Kb | suspicious |
572 | iexplore.exe | GET | 200 | 139.99.186.24:80 | http://ppapa.com.au/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.1 | AU | compressed | 57.9 Kb | suspicious |
572 | iexplore.exe | GET | 200 | 139.99.186.24:80 | http://ppapa.com.au/wp-content/themes/bridge/css/responsive.min.css?ver=5.3.11 | AU | compressed | 16.4 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1704 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
572 | iexplore.exe | 20.191.246.109:443 | widget.dimmi.com.au | Microsoft Corporation | US | unknown |
572 | iexplore.exe | 139.99.186.24:80 | ppapa.com.au | OVH SAS | AU | suspicious |
— | — | 95.140.236.128:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | GB | malicious |
572 | iexplore.exe | 142.250.186.106:80 | fonts.googleapis.com | Google Inc. | US | whitelisted |
572 | iexplore.exe | 95.140.236.128:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | GB | malicious |
572 | iexplore.exe | 142.250.181.238:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
572 | iexplore.exe | 192.124.249.23:80 | ocsp.godaddy.com | Sucuri | US | suspicious |
572 | iexplore.exe | 13.70.123.149:443 | widget.thefork.com.au | Microsoft Corporation | AU | unknown |
572 | iexplore.exe | 142.251.5.155:443 | stats.g.doubleclick.net | Google Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
ppapa.com.au |
| suspicious |
fonts.googleapis.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
widget.dimmi.com.au |
| unknown |
www.dimmi.com.au |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |
widget.thefork.com.au |
| unknown |
www.google-analytics.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
572 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
572 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
572 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
572 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
572 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
572 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |