URL: | http://benefiitcenter.com |
Full analysis: | https://app.any.run/tasks/e7e2825b-5713-4bb9-bb15-bd401518b1d6 |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 14:23:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | A445B823BCA2406AF67BE8B5D21FA8D5 |
SHA1: | DE16BF7ED6A77BF8C4616531A881E9FC43AC36E0 |
SHA256: | 3FE100AE07714D46FB8BA6E0D0C69AC4101427D7DBBAFFFDD111C5760B2320C7 |
SSDEEP: | 3:N1KcusbmbGKI:CcXKK |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1316 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://benefiitcenter.com" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3168 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1316 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3872 | "C:\Program Files\Internet Explorer\iexplore.exe" | C:\Program Files\Internet Explorer\iexplore.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1936 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1316 CREDAT:71938 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1316 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
1316 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3168 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5T28OD3W\benefiitcenter_com[1].txt | — | |
MD5:— | SHA256:— | |||
3168 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5T28OD3W\click[1].txt | — | |
MD5:— | SHA256:— | |||
3168 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@dprtb[1].txt | — | |
MD5:— | SHA256:— | |||
3168 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4CRK5UNH\3b929666-ee8e-11e9-b1f2-12e8766b6f22[1].txt | — | |
MD5:— | SHA256:— | |||
3168 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4CRK5UNH\zcredirect[1].txt | — | |
MD5:— | SHA256:— | |||
3168 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:C26444ECE323C464BDB98781FAC4917D | SHA256:A04AF9F3FEB8E554C0EB84588A9FB86A11AAB1184F4DAF7D44FD4E24BF29C420 | |||
3168 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:0114B896E0E9E9DD1EFE0BEE2743D9D1 | SHA256:B84696284DC62D0F75E3C58553BAF85E4D447BF0AD2857AF8F5FE5062E90BCF0 | |||
3168 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4CRK5UNH\3b929666-ee8e-11e9-b1f2-12e8766b6f22[1].htm | html | |
MD5:BCE764BE7CB8EB9D09054357D52524E4 | SHA256:76C8F13DDE40FE81C8E82DA0BD826F2FE3463EB964389ECDD7A49034A5CFD1EF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3168 | iexplore.exe | GET | 200 | 209.15.13.136:80 | http://dprtb.com/click?data=LWtadGlxelZkQjI5MGFSSDlIRWtkeC1GUThycWE4YThRX0NvSVBXcWQ5TU5kdFdhOVBOMThRRnRXajAwR0gzejhvTnBld1pNR1lqVURjM0hTWlQzWmFXUU1aR01ROVFhT3FrMzE4MDcyR0x2VkQyajZyaWRKMmxRZmlzWU5TX0dzUnYyYjZSdzl4d1ZMSkRvZ2xvQzl2TVJ5MmxkTHdTdU5ES2t5Vko3S2ZFMQ2&id=a2f6fa44-a3c0-4eea-8e78-1a3616fdb579 | CA | html | 2.10 Kb | malicious |
3168 | iexplore.exe | GET | — | 200.63.47.3:80 | http://benefiitcenter.com/ | PA | — | — | malicious |
3168 | iexplore.exe | GET | 200 | 52.45.49.150:80 | http://usd.odysseus-nua.com/zcvisitor/3b929666-ee8e-11e9-b1f2-12e8766b6f22?campaignid=ca281f10-afb1-11e9-9750-12077332b422 | US | html | 1010 b | malicious |
3168 | iexplore.exe | GET | 200 | 52.45.49.150:80 | http://usd.odysseus-nua.com/zcredirect?visitid=3b929666-ee8e-11e9-b1f2-12e8766b6f22&type=js&browserWidth=1276&browserHeight=560&iframeDetected=false | US | html | 956 b | malicious |
1316 | iexplore.exe | GET | 404 | 52.45.49.150:80 | http://usd.odysseus-nua.com/favicon.ico | US | html | 940 b | malicious |
1316 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3168 | iexplore.exe | POST | 302 | 209.15.13.136:80 | http://dprtb.com/Redirect/ | CA | html | 239 b | malicious |
3168 | iexplore.exe | GET | 302 | 200.63.47.3:80 | http://benefiitcenter.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTU3MTA3MDIyNCwiaWF0IjoxNTcxMDYzMDI0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIybjZvaXZxYTFwOTY1b2Vpcm8wYjc2ODEiLCJuYmYiOjE1NzEwNjMwMjQsInRzIjoxNTcxMDYzMDI0ODE4NDI3fQ.Ru1UCQW1oZxH8M_CZJFBPk2uBYUps5NehAm7ySkEx6g&sid=3aa4375e-ee8e-11e9-b0ca-6fc1272ed034 | PA | text | 11 b | malicious |
1316 | iexplore.exe | GET | 404 | 209.15.13.136:80 | http://dprtb.com/favicon.ico | CA | html | 1.22 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1316 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1316 | iexplore.exe | 209.15.13.136:80 | dprtb.com | Peer 1 Network (USA) Inc. | CA | malicious |
3168 | iexplore.exe | 209.15.13.136:80 | dprtb.com | Peer 1 Network (USA) Inc. | CA | malicious |
3168 | iexplore.exe | 52.45.49.150:80 | usd.odysseus-nua.com | Amazon.com, Inc. | US | malicious |
3168 | iexplore.exe | 200.63.47.3:80 | benefiitcenter.com | Panamaserver.com | PA | malicious |
3168 | iexplore.exe | 188.214.132.74:443 | deskoffersdmitr.com | UAB Cherry Servers | LT | suspicious |
1316 | iexplore.exe | 52.45.49.150:80 | usd.odysseus-nua.com | Amazon.com, Inc. | US | malicious |
3168 | iexplore.exe | 95.216.12.18:443 | secure.torsontieri.com | Hetzner Online GmbH | DE | unknown |
Domain | IP | Reputation |
---|---|---|
benefiitcenter.com |
| malicious |
www.bing.com |
| whitelisted |
dprtb.com |
| unknown |
usd.odysseus-nua.com |
| unknown |
secure.torsontieri.com |
| malicious |
deskoffersdmitr.com |
| unknown |