URL: | http://www.klockan.info/ |
Full analysis: | https://app.any.run/tasks/8d60bf67-e8e9-4fea-8f9f-8eaec1c1b43c |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 08:47:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | D083AEDA0BFF5201C2C1D66843B168B9 |
SHA1: | FC75C5CB5EFD5E64E6AD050D61F60F5FD635A8D2 |
SHA256: | 3BF978B7B1B74EA27F48B65812DBBFB024C1349DCE3A7163B3B1B36AD2777186 |
SSDEEP: | 3:N1KJS49gGNn:Cc4r |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2520 | "C:\Program Files\Internet Explorer\iexplore.exe" http://www.klockan.info/ | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1348 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2520 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2520 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\all[1].js | text | |
MD5:353BCD5D30DA8739E15C8750743D4DAE | SHA256:3B8B226F5D303C2D1CEE5AB5464E24A53669BFD055F54141F16268646A51136E | |||
1348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\webhost[1].gif | image | |
MD5:A6789FC117F9285D712047DC848E71F8 | SHA256:416EA4373F09A5B230E0FB79DAD557BCF106BE5E9845E48D8CA488DDA3BF1E2A | |||
1348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\style[1].css | text | |
MD5:D26CEFB255FDBCE79F592D6FC2E8C52C | SHA256:5F3B21C39758C3CA4F6002725AA16D8F354C3A9F4B825E00A6A48B813C13E4E0 | |||
1348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\0N5KY8HW.htm | html | |
MD5:8A83DCF215F9EE66F9E4CA000B8ACB17 | SHA256:90D53B7750B19B4A83BCA3A40A4103FA770AB663C4D04A7EE7B307D74D7B494C | |||
1348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\boldr.min[1].js | text | |
MD5:C6DF74E10473DC8F2814F821455423E2 | SHA256:1712A62DF8A3E83BCF582ED6B1E3E0BFD26EBD145D7E060611FC80FC48843700 | |||
1348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\boldr.min[1].css | text | |
MD5:F08142054C545307EE0041DB39E4C95E | SHA256:00AE56D9C2716345EE1FAF0E67C5871EFD9901E462C879F7809046E8DDCBBEE8 | |||
1348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\css[1].css | text | |
MD5:8A2D3C0869BBE76B761F04C85107AAE0 | SHA256:CB652E72FA7B3BE0A66A76009C74FE3BB86EACCF849559B4B489C5972658DF89 | |||
2520 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].ico | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
1348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT | smt | |
MD5:0392ADA071EB68355BED625D8F9695F3 | SHA256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1348 | iexplore.exe | GET | 200 | 157.240.20.19:80 | http://connect.facebook.net/sv_SE/all.js | US | text | 1.74 Kb | whitelisted |
1348 | iexplore.exe | GET | 200 | 195.74.38.68:80 | http://www.klockan.info/ | SE | html | 20.2 Kb | whitelisted |
1348 | iexplore.exe | GET | 200 | 172.217.18.2:80 | http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | US | text | 44.1 Kb | whitelisted |
1348 | iexplore.exe | GET | 200 | 195.74.38.68:80 | http://www.klockan.info/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 | SE | text | 9.82 Kb | whitelisted |
1348 | iexplore.exe | GET | 200 | 195.74.38.68:80 | http://www.klockan.info/wp-content/themes/boldr-lite/js/boldr.min.js?ver=1.2.17 | SE | text | 2.72 Kb | whitelisted |
1348 | iexplore.exe | GET | 200 | 195.74.38.68:80 | http://www.klockan.info/wp-content/themes/boldr-lite/style.css?ver=1.2.17 | SE | text | 1.95 Kb | whitelisted |
1348 | iexplore.exe | GET | 200 | 195.74.38.68:80 | http://www.klockan.info/wp-content/uploads/2013/10/webhost.gif | SE | image | 77.7 Kb | whitelisted |
1348 | iexplore.exe | GET | 200 | 195.74.38.68:80 | http://www.klockan.info/wp-content/themes/boldr-lite/css/boldr.min.css?ver=1.2.17 | SE | text | 26.5 Kb | whitelisted |
1348 | iexplore.exe | GET | 200 | 195.74.38.68:80 | http://www.klockan.info/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1 | SE | text | 129 b | whitelisted |
1348 | iexplore.exe | GET | 200 | 216.58.212.170:80 | http://fonts.googleapis.com/css?family=Oswald:400italic,700italic,400,700|PT+Sans:400italic,700italic,400,700&subset=latin,latin-ext | US | text | 348 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1348 | iexplore.exe | 216.58.212.170:80 | fonts.googleapis.com | Google Inc. | US | whitelisted |
— | — | 157.240.20.19:80 | connect.facebook.net | Facebook, Inc. | US | whitelisted |
1348 | iexplore.exe | 172.217.18.2:80 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1348 | iexplore.exe | 172.217.23.110:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
1348 | iexplore.exe | 195.74.38.68:80 | www.klockan.info | Binero AB | SE | malicious |
1348 | iexplore.exe | 172.217.18.2:443 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
1348 | iexplore.exe | 172.217.18.162:443 | googleads.g.doubleclick.net | Google Inc. | US | whitelisted |
1348 | iexplore.exe | 104.22.71.197:443 | static.addtoany.com | Cloudflare Inc | US | suspicious |
1348 | iexplore.exe | 172.217.16.163:80 | fonts.gstatic.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.klockan.info |
| whitelisted |
www.google-analytics.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
pagead2.googlesyndication.com |
| whitelisted |
connect.facebook.net |
| whitelisted |
www.cache.klockan.info |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
static.addtoany.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
1348 | iexplore.exe | A Network Trojan was detected | MALWARE [PTsecurity] Coinhive/DeepMiner JavaScript Miner |