download: | index.html |
Full analysis: | https://app.any.run/tasks/347d1a1f-f3aa-4257-abaf-9b1d1a91fadb |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 09:20:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with no line terminators |
MD5: | C3F6F89DC9671729C90C8AE67303531E |
SHA1: | 9C3860A412CA7D4D962913FC5458F57E855389AE |
SHA256: | 3F11450B0935DF95010E84339B3C832DD28796671F3FD79E1C86FECBAF6A2895 |
SSDEEP: | 3:nmNjJMzVJu+1zWNVYpOZGiAHen:GMRJVCNOMZGj+n |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2508 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3184 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2508 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2796 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2508 CREDAT:137473 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2508 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GKK7R3DC\04r9s3ju4nnv722cyhl7y8mm[1].php | — | |
MD5:— | SHA256:— | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFBACBC76BF922D28B.TMP | — | |
MD5:— | SHA256:— | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KRO87KRN\04r9s3ju4nnv722cyhl7y8mm[1].htm | html | |
MD5:55843CDD1B01E2E6FFC8D9109E94401A | SHA256:E01C0D4542871CA5E0FF4C3E05C19C139D5A65DBB5D5BDC61E6D8F77DE0497AB | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{EC7978B0-EE63-11E9-AB41-5254004A04AF}.dat | binary | |
MD5:D23FB7936E67A9E88EE871A35A1E35FB | SHA256:7FF1D3DFB26516F18A1B5CA26074F7BC31E1FC11228FCACC300ABA2FED04249C | |||
3184 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019101420191015\index.dat | dat | |
MD5:F900612C21ED32797BDEE01162AAF4A9 | SHA256:A29DC8D3D5D854553C363AC617C995B6F420E806391879321F5F755D59F47698 | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:EDCF93ABBCBE7F782C3DAF424ED539D3 | SHA256:81CCB9462044D288A28B87799E1A6F03DDB2B3B42317C26BD1981F388459D5EF | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:063AA4D37E611A03D009B32D3307284D | SHA256:6A343B8E260386325F9E73B01C91701F5F16C7C98804D58F11F7E1DAAAE4084A | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GKK7R3DC\style[1].css | text | |
MD5:FB32F05CD594DD7C0DCFA5E2E97F0B95 | SHA256:667942DB88E2022DEE361B2F1114F6AD152EDE3BF081A7282DE291133D79EA70 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2508 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2508 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2796 | iexplore.exe | 40.117.153.183:443 | mentnorproject.servepics.com | Microsoft Corporation | US | unknown |
2796 | iexplore.exe | 172.217.18.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
mentnorproject.servepics.com |
| unknown |
fonts.googleapis.com |
| whitelisted |