URL: | http://box2012.temp.domains/~chwsolut/services.html |
Full analysis: | https://app.any.run/tasks/0c594c04-a894-4e7f-bf5f-db4d7437de62 |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 20:21:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 99E91541D62131B85181EF730964DB06 |
SHA1: | 8FA122A5C04B69DC23C980E642F304CA0576DF1C |
SHA256: | 42A1B5A13BD268ABBE8489088109A1C7B0A5E32ED267476D227435BAF352356A |
SSDEEP: | 3:N1KcA+KIXKS1aSWS7XAGQn:CcA+KIXx/TAGQ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2864 | "C:\Program Files\Internet Explorer\iexplore.exe" http://box2012.temp.domains/~chwsolut/services.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3516 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2864 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3632 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\849-layout[1].css | text | |
MD5:CEE165F8D348BE1DC2557C56434F6BBB | SHA256:EC0909A0A784320EF760F20B25998B9A2C673B8E65CB6F85CCA65FF932A5D464 | |||
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\services[1].html | html | |
MD5:01750AA5D6F488CA942F80D72B370174 | SHA256:DA2F03D5A6505A332A5AEBBF6AC5766C044722C21BB0780316245DB44280D149 | |||
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\style[1].css | text | |
MD5:0D3B750FEE57E1A962495944D39755B2 | SHA256:31955E986FA380B543ED7171A77AB2E2734150B1A7130C1A5537FCB5B16AE424 | |||
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\jssor[1].js | text | |
MD5:1397A8A69723F763949DE3A6014A85DE | SHA256:504984DF1C171AD985CA44AF299019CB992F679C7CE1CE989E3A45F177142A9F | |||
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\helper[1].js | text | |
MD5:0AF11E80E33169AB815F9AB2721C3745 | SHA256:F85F1CE135B6810B880273CD052B8A5CC1B4A96936A2AD9D8F0F83A8EE0B0CFA | |||
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\respond.min[1].js | html | |
MD5:9CCCBCD9BC6AED2BB14DF1013E185CE3 | SHA256:82069C15EDD6943DFAA59F5AC3F6ACC86FD44A28FE925E410CCDCADEC194A8BA | |||
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\wp-emoji-release.min[1].js | text | |
MD5:C17B309D8AB4B4E9653876D3C35C397D | SHA256:C533B791A8EEF65604F15D20433506E1614C693EEBA9DF749E8A7677E43B466C | |||
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bootstrap.min[1].css | text | |
MD5:2F624089C65F12185E79925BC5A7FC42 | SHA256:EECE6E0C65B7007AB0EB1B4998D36DAFE381449525824349128EFC3F86F4C91C | |||
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\font-awesome.min[1].css | text | |
MD5:0831CBA6A670E405168B84AA20798347 | SHA256:936FFCCDC35BC55221E669D0E76034AF76BA8C080C1B1149144DBBD3B5311829 | |||
3516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\underscore.min[1].js | text | |
MD5:0BD7146B45C933AD9BFE210A41CD79B1 | SHA256:EDE1815B17E451C16258034BCF89A7957256C67884AEFFFEFBB97020770FDC06 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3516 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-includes/css/dist/block-library/style.min.css?ver=5.1.1 | US | text | 5.07 Kb | suspicious |
3516 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/css/bootstrap.min.css?ver=5.1.1 | US | text | 24.4 Kb | suspicious |
3516 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/plugins/slider/js/jssor.js?ver=5.1.1 | US | text | 32.1 Kb | suspicious |
3516 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/uploads/bb-plugin/cache/849-layout.css?ver=1e5128d0462f9a847fa4408c45729b21 | US | text | 6.10 Kb | suspicious |
3516 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/plugins/slider/js/helper.js?ver=5.1.1 | US | text | 2.17 Kb | suspicious |
3516 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/style.css?ver=5.1.1 | US | text | 6.96 Kb | suspicious |
3516 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/css/font-awesome.min.css?ver=5.1.1 | US | text | 6.69 Kb | suspicious |
3516 | iexplore.exe | GET | 200 | 2.16.186.83:80 | http://a.vimeocdn.com/js/froogaloop2.min.js?ver=5.1.1 | unknown | text | 735 b | whitelisted |
3516 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/services.html | US | html | 7.07 Kb | suspicious |
3516 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-includes/js/wp-emoji-release.min.js?ver=5.1.1 | US | text | 4.79 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3516 | iexplore.exe | 172.217.18.174:80 | www.google-analytics.com | Google Inc. | US | whitelisted |
2864 | iexplore.exe | 74.220.219.168:80 | box2012.temp.domains | Unified Layer | US | suspicious |
3516 | iexplore.exe | 2.16.186.83:80 | a.vimeocdn.com | Akamai International B.V. | — | whitelisted |
2864 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3516 | iexplore.exe | 74.220.219.168:80 | box2012.temp.domains | Unified Layer | US | suspicious |
Domain | IP | Reputation |
---|---|---|
box2012.temp.domains |
| suspicious |
www.bing.com |
| whitelisted |
a.vimeocdn.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
chwsolutions.com |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
3516 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions |
3516 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions |
3516 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions |