URL: | http://shzldx.com |
Full analysis: | https://app.any.run/tasks/5d77ae4a-b841-4dd4-b1ac-12d8f7198c00 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 20:28:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 651BF8097378780F4719BB01CC0A9250 |
SHA1: | 2539FA48F4871B6C61415F60EC91E2DD6FEE78C7 |
SHA256: | 46D66A667C5B18E598F599588614B1BDBCF357BD6A7B337EB76D2223476CB3F5 |
SSDEEP: | 3:N1KNNXIT:CfIT |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2288 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://shzldx.com" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
760 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2288 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (2288) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2288) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: 59270464 | |||
(PID) Process: | (2288) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30937441 | |||
(PID) Process: | (2288) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 359277964 | |||
(PID) Process: | (2288) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30937441 | |||
(PID) Process: | (2288) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2288) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2288) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2288) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2288) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | — | |
MD5:— | SHA256:— | |||
760 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\7dc71d5b5c798e095ce8b078e88c5edd[1].jpg | — | |
MD5:— | SHA256:— | |||
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 | — | |
MD5:— | SHA256:— | |||
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2928076A6C14BC3FFC9EB3344A04B2F6 | — | |
MD5:— | SHA256:— | |||
760 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\shang[1].js | html | |
MD5:39655781258448DB6CE033E35192094D | SHA256:144014EC55B97B551651DEF76BF413C6F8D2A3B1EF4C6F95E94F1D136E899A18 | |||
760 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\RQ9S7RGC.htm | html | |
MD5:6C305E2F96AA4A465DB854A12EB3A83B | SHA256:F9E57632BE618B39848548B6D2E6D15A975F3B657B3E37766F68509E243A1A75 | |||
760 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\comment[1].css | text | |
MD5:59AB5FBAF8572B0E9CA2DA6D604694C8 | SHA256:A05D2D7B82002A4EB06AAFEAF9A1CE05354B8CD2F986EF6290436A89C24F3857 | |||
760 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\common[1].js | text | |
MD5:F6F4E15C1F509F7C70099C7100CB8531 | SHA256:7ABE6DF66C6AE161000F96CF263C49C2189BD7BF8F0AA06A600DB797695A71FB | |||
760 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\index[1].htm | html | |
MD5:F3A782D4E6306291E010E1DE0A89C47A | SHA256:2911D5C52CD9C37725DDB6539ADB00C1E78C5EDBBAD545B17180F19538BBD63F | |||
760 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\f[1].txt | html | |
MD5:084BFF17E1BAD58D4224F8DA36084C6D | SHA256:4A65C7A66042B58A6C7BC4F46EB4F8EFDD03E303CB8E3447FD6BAA00893052DD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
760 | iexplore.exe | GET | 200 | 172.67.174.126:80 | http://kyingyuanz62.com/template/16/js/home.js | US | — | — | malicious |
— | — | GET | 301 | 104.252.139.138:80 | http://shzldx.com/ | US | — | — | malicious |
760 | iexplore.exe | GET | 200 | 104.252.139.138:80 | http://www.shzldx.com/index.php | US | html | 543 b | malicious |
760 | iexplore.exe | GET | 200 | 172.67.173.238:80 | http://hengfuguang.com/top/shang.js | US | compressed | 555 b | suspicious |
760 | iexplore.exe | GET | 200 | 172.67.174.126:80 | http://kyingyuanz62.com/ | US | html | 4.26 Kb | malicious |
760 | iexplore.exe | GET | 200 | 172.67.174.126:80 | http://kyingyuanz62.com/template/16/css/comment.css | US | compressed | 2.89 Kb | malicious |
760 | iexplore.exe | GET | 200 | 104.252.139.138:80 | http://www.shzldx.com/tj.js | US | compressed | 707 b | malicious |
760 | iexplore.exe | GET | 200 | 104.252.139.138:80 | http://www.shzldx.com/common.js | US | text | 707 b | malicious |
760 | iexplore.exe | GET | 200 | 172.67.174.126:80 | http://kyingyuanz62.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js | US | html | 655 b | malicious |
760 | iexplore.exe | GET | 404 | 172.67.173.238:80 | http://hengfuguang.com/top/zhong.js | US | html | 109 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
760 | iexplore.exe | 104.252.139.138:80 | shzldx.com | EGIHosting | US | malicious |
— | — | 104.252.139.138:80 | shzldx.com | EGIHosting | US | malicious |
2288 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
760 | iexplore.exe | 172.67.174.126:80 | kyingyuanz62.com | — | US | malicious |
760 | iexplore.exe | 172.67.38.245:443 | fmtu.netfhtu.com | — | US | unknown |
760 | iexplore.exe | 172.67.173.238:80 | hengfuguang.com | — | US | suspicious |
760 | iexplore.exe | 104.21.76.152:443 | yadiren.com | Cloudflare Inc | US | unknown |
760 | iexplore.exe | 172.67.173.238:443 | hengfuguang.com | — | US | suspicious |
760 | iexplore.exe | 120.52.95.243:443 | js.users.51.la | China Unicom IP network | CN | malicious |
760 | iexplore.exe | 47.75.19.234:443 | u0054.com | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
shzldx.com |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.shzldx.com |
| malicious |
kyingyuanz62.com |
| unknown |
hengfuguang.com |
| suspicious |
yadiren.com |
| unknown |
fmtu.netfhtu.com |
| malicious |
js.users.51.la |
| whitelisted |
www.govlaibing.cn |
| unknown |