URL: | https://brawl-stars.en.softonic.com/ |
Full analysis: | https://app.any.run/tasks/9a394a3f-a512-470b-976e-bb862b4dbe2d |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 08:02:34 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 7929DB20BDC041B51CF01603A66DAA72 |
SHA1: | B214D1B9B61F7E6BDAA29053FF57E0C75CD3FBE2 |
SHA256: | 4987EC24D9445B240EC34AC46CED8E0A4CDAE30280514158A6AD728A40664517 |
SSDEEP: | 3:N8a/2HLGK3:2OSLGK3 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2544 | "C:\Program Files\Internet Explorer\iexplore.exe" https://brawl-stars.en.softonic.com/ | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3596 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2544 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3240 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\com.supercell.brawlstars_1.0.12065.123.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\com.supercell.brawlstars_1.0.12065.123.exe | — | iexplore.exe | |||||||||||
User: admin Company: Tencent Integrity Level: MEDIUM Description: Tencent Gaming Buddy - Install Exit code: 3221226540 Version: 1.0.12065.123 Modules
| |||||||||||||||
956 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\com.supercell.brawlstars_1.0.12065.123.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\com.supercell.brawlstars_1.0.12065.123.exe | iexplore.exe | ||||||||||||
User: admin Company: Tencent Integrity Level: HIGH Description: Tencent Gaming Buddy - Install Version: 1.0.12065.123 Modules
| |||||||||||||||
3840 | C:\Users\admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe | C:\Users\admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe | com.supercell.brawlstars_1.0.12065.123.exe | ||||||||||||
User: admin Company: Tencent Integrity Level: HIGH Description: 腾讯游戏云加速下载引擎(旋风Inside) Version: 2, 0, 15, 26 Modules
| |||||||||||||||
1544 | "C:\Windows\System32\icacls.exe" C:\Users\admin\AppData\Roaming\Tencent\Config\ /t /setintegritylevel low | C:\Windows\System32\icacls.exe | — | TenioDL.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3596 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab79CC.tmp | — | |
MD5:— | SHA256:— | |||
3596 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar79CD.tmp | — | |
MD5:— | SHA256:— | |||
3596 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3538626A1FCCCA43C7E18F220BDD9B02 | der | |
MD5:46B40EE3B6EF42D0D0D6A36BEF383CB2 | SHA256:2C238D7DD9A5F633C5E1AC96A42B36F9F7CB35A0AE660F77DD6C19A7B0BD151B | |||
3596 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B | der | |
MD5:FCAB8978DFC89E03C4605B91B9F1C6D0 | SHA256:E8D004CDEAA061C2574F2EA588FD7F923D7D8A810B1CE7BA59BA877CF18F4A03 | |||
3596 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\I62BBKP0.txt | text | |
MD5:56F1656B1329762A076A0BBFC43BBD3F | SHA256:58CE7BF8E3130DE4D8D872E1C0BE1400FD28858747D590B44A90D81CAF5E126A | |||
3596 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\45040AF7C7D072CACDA5FF0A66591DBD | der | |
MD5:164E0420BCD55C84B740AC2987D1F259 | SHA256:0C1D8AEFB26477D6F3A91579F62BEDF70A3D15F61AE77A2D1144E43F642DD898 | |||
3596 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | binary | |
MD5:1AB984C5A4C014A2D7AD3508AF16DC5A | SHA256:D5C688D6A433627FB40B1327BD6BF228B5A8C6BC86F91E4FB7292EB516A30F45 | |||
3596 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\45040AF7C7D072CACDA5FF0A66591DBD | binary | |
MD5:B4093F78028EA5EDB42F078066D918B7 | SHA256:8742BD04FAE68001AE328F1DF7E066DF53E4D4C428B868B9549D1DD3BBA99ED2 | |||
3596 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\4IT734EV.htm | html | |
MD5:E973AD2E591F2F5B2398EFF81D5A7248 | SHA256:105C4A1C026E881D8B746BA9BA2B0005164A1D36B37B3DED7F9251B808D56BAF | |||
3596 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B | binary | |
MD5:91A8A90977C47DF3E4D6825C45CA91C6 | SHA256:6523778B2113C61ED691C442364B7DDE6B70FDAA56B82FB98D533FF5274118EE |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3596 | iexplore.exe | GET | 200 | 52.222.149.182:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
3596 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D | US | der | 471 b | whitelisted |
3596 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl | US | der | 922 b | whitelisted |
3596 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
3596 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
3596 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
3596 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
3596 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3596 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEFRVTJ0uA2JgqrS%2FqKflP9g%3D | US | der | 471 b | whitelisted |
3596 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDfMYPZCGzPzwgAAAAAMgoG | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3596 | iexplore.exe | 151.139.128.14:80 | ocsp.usertrust.com | Highwinds Network Group, Inc. | US | suspicious |
3596 | iexplore.exe | 172.217.22.74:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3596 | iexplore.exe | 151.101.2.133:443 | sc.sftcdn.net | Fastly | US | malicious |
3596 | iexplore.exe | 172.217.23.98:443 | www.googletagservices.com | Google Inc. | US | whitelisted |
3596 | iexplore.exe | 151.101.2.97:443 | images.sftcdn.net | Fastly | US | unknown |
3596 | iexplore.exe | 34.102.141.129:443 | en.softonic.com | — | US | unknown |
3596 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3596 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3596 | iexplore.exe | 172.217.23.131:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3596 | iexplore.exe | 52.222.149.182:80 | o.ss2.us | Amazon.com, Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
brawl-stars.en.softonic.com |
| malicious |
ocsp.usertrust.com |
| whitelisted |
crl.usertrust.com |
| whitelisted |
ocsp.sectigo.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
sc.sftcdn.net |
| whitelisted |
www.googletagservices.com |
| whitelisted |
images.sftcdn.net |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3840 | TenioDL.exe | Generic Protocol Command Decode | ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) |
3840 | TenioDL.exe | Generic Protocol Command Decode | ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) |
3840 | TenioDL.exe | Generic Protocol Command Decode | ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) |
3840 | TenioDL.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
Process | Message |
---|---|
com.supercell.brawlstars_1.0.12065.123.exe | [Downloader] GetLogicalDrives 4
|
com.supercell.brawlstars_1.0.12065.123.exe | [Downloader] DriverType C: = 3
|
com.supercell.brawlstars_1.0.12065.123.exe | [Downloader] GetLogicalDrives 4
|
com.supercell.brawlstars_1.0.12065.123.exe | [Downloader] DriverType C: = 3
|