URL: | http://box2012.temp.domains/~chwsolut/services.html |
Full analysis: | https://app.any.run/tasks/a8f66ebb-f653-4786-8208-ce967a8ded12 |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 20:25:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 99E91541D62131B85181EF730964DB06 |
SHA1: | 8FA122A5C04B69DC23C980E642F304CA0576DF1C |
SHA256: | 42A1B5A13BD268ABBE8489088109A1C7B0A5E32ED267476D227435BAF352356A |
SSDEEP: | 3:N1KcA+KIXKS1aSWS7XAGQn:CcA+KIXx/TAGQ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2980 | "C:\Program Files\Internet Explorer\iexplore.exe" http://box2012.temp.domains/~chwsolut/services.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3536 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2980 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3692 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\helper[1].js | text | |
MD5:0AF11E80E33169AB815F9AB2721C3745 | SHA256:F85F1CE135B6810B880273CD052B8A5CC1B4A96936A2AD9D8F0F83A8EE0B0CFA | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\style[1].css | text | |
MD5:0D3B750FEE57E1A962495944D39755B2 | SHA256:31955E986FA380B543ED7171A77AB2E2734150B1A7130C1A5537FCB5B16AE424 | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\services[1].html | html | |
MD5:01750AA5D6F488CA942F80D72B370174 | SHA256:DA2F03D5A6505A332A5AEBBF6AC5766C044722C21BB0780316245DB44280D149 | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jssor[1].js | text | |
MD5:1397A8A69723F763949DE3A6014A85DE | SHA256:504984DF1C171AD985CA44AF299019CB992F679C7CE1CE989E3A45F177142A9F | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\849-layout[1].css | text | |
MD5:CEE165F8D348BE1DC2557C56434F6BBB | SHA256:EC0909A0A784320EF760F20B25998B9A2C673B8E65CB6F85CCA65FF932A5D464 | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\html5shiv.min[1].js | html | |
MD5:3044234175AC91F49B03FF999C592B85 | SHA256:E0EAC80838C161F29E7C46D54FBC044D12CD164BAAE13255E562C6BE3AA91809 | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\wp-api.min[1].js | text | |
MD5:8CF9672DAECA232B3C1F93B1E8D130B0 | SHA256:8EEE3A7A8051FA72DF3A50680C86C633AB465CFC6666AAF042A969F7BEF8F858 | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bootstrap.min[1].js | text | |
MD5:C5B5B2FA19BD66FF23211D9F844E0131 | SHA256:2979F9A6E32FC42C3E7406339EE9FE76B31D1B52059776A02B4A7FA6A4FD280A | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\api-request.min[1].js | text | |
MD5:B1AE1AA42EAF4DF3FDC59777F5EC7437 | SHA256:B5FB36601292E67E640378A8FB54EFFE16945559858910D4B6B771A2666A2E00 | |||
3536 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\analytics[1].js | text | |
MD5:0EA40A4CB2873A89CBE597EAEA860826 | SHA256:3E552578C7D450B023F2CD9D28F830BE4335C3ACC6C4AB6DADDA0769F09E5F22 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3536 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/style.css?ver=5.1.1 | US | text | 6.96 Kb | suspicious |
3536 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/plugins/slider/js/jssor.js?ver=5.1.1 | US | text | 32.1 Kb | suspicious |
3536 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/uploads/bb-plugin/cache/849-layout.css?ver=1e5128d0462f9a847fa4408c45729b21 | US | text | 6.10 Kb | suspicious |
3536 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/services.html | US | html | 7.21 Kb | suspicious |
3536 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/plugins/slider/js/helper.js?ver=5.1.1 | US | text | 2.17 Kb | suspicious |
3536 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/js/html5shiv.min.js | US | html | 1.34 Kb | suspicious |
3536 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/js/bootstrap.min.js?ver=5.1.1 | US | text | 11.5 Kb | suspicious |
3536 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-includes/js/jquery/jquery.js?ver=1.12.4 | US | text | 38.4 Kb | suspicious |
3536 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-includes/js/wp-emoji-release.min.js?ver=5.1.1 | US | text | 4.79 Kb | suspicious |
3536 | iexplore.exe | GET | 200 | 74.220.219.168:80 | http://box2012.temp.domains/~chwsolut/wp-content/themes/dazzling/inc/js/respond.min.js | US | html | 2.24 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2980 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2980 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3536 | iexplore.exe | 172.217.18.110:80 | www.google-analytics.com | Google Inc. | US | whitelisted |
3536 | iexplore.exe | 2.16.186.49:80 | a.vimeocdn.com | Akamai International B.V. | — | whitelisted |
2980 | iexplore.exe | 74.220.219.168:80 | box2012.temp.domains | Unified Layer | US | suspicious |
3536 | iexplore.exe | 74.220.219.168:80 | box2012.temp.domains | Unified Layer | US | suspicious |
Domain | IP | Reputation |
---|---|---|
box2012.temp.domains |
| suspicious |
www.bing.com |
| whitelisted |
a.vimeocdn.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
chwsolutions.com |
| suspicious |