URL: | https://aka.ms/getsfbv2 |
Full analysis: | https://app.any.run/tasks/6eb3e19b-8f1e-4600-9a6a-9123a5034e83 |
Verdict: | Malicious activity |
Analysis date: | January 18, 2019, 08:50:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 0E90D406487624645E97D78C9C7A9F06 |
SHA1: | 0163DA0F98DFB5625F3C049734CE96C95265E013 |
SHA256: | 4256EF39859129C48938356DAD9E7CE021BD751ECCEB193176945B48EF44E130 |
SSDEEP: | 3:N8O8WKCPn:2O8NU |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3340 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3708 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3340 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3340 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3340 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\style[2].css | text | |
MD5:EA79C44E17FA5ED68C16ADD017D86465 | SHA256:7EB7AE8085AEDBBB4C409F2FE586A9D06305D08ED41104A16F2F421B60965711 | |||
3708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\meversion[1] | text | |
MD5:8268B422408A3DA2481B579F9FB6873F | SHA256:84214CA31D97FC3A1EB4AF717ABCC4AD383EEB19B63808FFEEB0915632D0B17F | |||
3708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:A1589414EEE21A23C72F197E588F1E6C | SHA256:2F5C08F3E03B5D02E7C86DFA7FBBF05D7E4CD0B256B0A640A1A23794AF182AE4 | |||
3708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\style[2].css | text | |
MD5:6DC04143F015A1765FBAE63DC6054475 | SHA256:9B05B6A9C4BF5C29EBDCD1090EEC5F34B772A5CF2341E23935EB7CB593DB3BE0 | |||
3708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\override[1].css | text | |
MD5:D83CD3BAD39DC39B8C22B2CAD04B8C6D | SHA256:3D8A9440C1CC7C677F56EC1869AC1CD7C36851DFB9430B7D554137BDB5A75387 | |||
3708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\style[3].css | text | |
MD5:DC741A7356F1EFA77E9D4DA841E680CC | SHA256:C66089168FCDA3C21D6ED94D1C189D3A84ECBA9A41C0E65867158E52E2FA83F0 | |||
3708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\style[1].css | text | |
MD5:AF5074A87E88581B6CC68B7B65BD07EB | SHA256:7888FC579A6CC21E748B7875E0846007D5C4601053D9728B134436C58AC3A79A | |||
3708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\download-app[1].htm | html | |
MD5:51B6D5148D48E9F0AE10BF471471BA60 | SHA256:820E652F68893E2EF106AC0A93DE3209F5BE8CB464576DEA0D018C52E4739E0B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3340 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3708 | iexplore.exe | 152.199.19.160:443 | ajax.aspnetcdn.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3340 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3708 | iexplore.exe | 23.211.8.203:443 | query.prod.cms.rt.microsoft.com | Akamai Technologies, Inc. | NL | whitelisted |
3708 | iexplore.exe | 104.111.224.164:443 | products.office.com | Akamai International B.V. | NL | whitelisted |
3708 | iexplore.exe | 23.38.36.63:443 | aka.ms | Akamai Technologies, Inc. | NL | whitelisted |
3708 | iexplore.exe | 23.54.112.217:443 | c.s-microsoft.com | Akamai International B.V. | NL | whitelisted |
3708 | iexplore.exe | 2.16.186.8:443 | statics-uhf-eus.akamaized.net | Akamai International B.V. | — | whitelisted |
3708 | iexplore.exe | 104.111.216.162:443 | mem.gfx.ms | Akamai International B.V. | NL | whitelisted |
3708 | iexplore.exe | 31.13.90.36:443 | www.facebook.com | Facebook, Inc. | IE | whitelisted |
3708 | iexplore.exe | 2.16.186.40:443 | img-prod-cms-rt-microsoft-com.akamaized.net | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
aka.ms |
| whitelisted |
products.office.com |
| whitelisted |
ajax.aspnetcdn.com |
| whitelisted |
query.prod.cms.rt.microsoft.com |
| whitelisted |
c.s-microsoft.com |
| whitelisted |
statics-uhf-eus.akamaized.net |
| whitelisted |
mem.gfx.ms |
| whitelisted |
www.microsoft.com |
| whitelisted |
cdn.optimizely.com |
| whitelisted |