URL: | http://parkingcrew.net/jsparkcaf.php?regcn=035524&_v=2&_h=mylifestylemiami.com&_t=1558352994837 |
Full analysis: | https://app.any.run/tasks/0a64dc48-2cdd-4757-9808-840d3a8454d1 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 12:25:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | CC154541F7563B8C314099328E532410 |
SHA1: | 90939AD8E06E13CCF79BE35FD6344DC96207BDAC |
SHA256: | 49CDE2DD93ACF7E85EAB91D071232C100D23B28F68D237E9B77DCA0670A55A4F |
SSDEEP: | 3:N1KOEX3yXRUSEWwQCCfT6KI4K0MjKIm+eZhWSn:COQybEWwQbf2T4aTQn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2944 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3232 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2944 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3040 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2944 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFF5FDD95E8E05233C.TMP | — | |
MD5:— | SHA256:— | |||
3232 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bing[2].txt | — | |
MD5:— | SHA256:— | |||
3232 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZ5AMCH6\search[1].txt | — | |
MD5:— | SHA256:— | |||
3232 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HCLSX9W0\jsparkcaf[1].php | html | |
MD5:9FC0989A83F37A8536745AC1C15DF555 | SHA256:1EBEE3307060AA9963684E24DF18BBC770955FBCD8693BAD58318FBE3B96B245 | |||
2944 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{6D28F36A-7AFA-11E9-B3B3-5254004A04AF}.dat | binary | |
MD5:E312AE747E4558A979825E537D84677C | SHA256:0D11D9FC363CF157E5DD047D120079EEAA4960FF339D55B47C69F06C861CE7E2 | |||
3232 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PJ9MWZEI\9a358300[1].js | text | |
MD5:26D5C5DD7C280FA90F88A152BB557441 | SHA256:63BF2C3D1A4B69EC7D9681BEF931C76713DA9C94CC5C1CF9D9F8B142917C9362 | |||
3232 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019052020190521\index.dat | dat | |
MD5:2D90ABB8B982CD3750D00DD3E19F36C8 | SHA256:816B9A57419A835A6B26FB1548C2C8DB65181D948551F5B2C5F76BF225AAC8A4 | |||
3232 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:C034F308220CBC7264ABD4EE7955F842 | SHA256:23965B680E52C0E01551CFC8E4A6F8A6F1FB3E29F1DF61894CE3C2CE03494EC3 | |||
3232 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZ5AMCH6\search[1].htm | html | |
MD5:131C3174FCAD6AC586A4E7774EB7D705 | SHA256:6F2F6C7E90EB1F4A44A3232857FBFF6F98406D1399635118396283469F0B2E54 | |||
3232 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:3FE93BAEE3FE0603E7A2870723C0C06F | SHA256:ADBF434E6BC20E6E171A95ADD215C614CD3523B7A55DB7179BF0035E48141036 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3232 | iexplore.exe | GET | 301 | 2.16.186.24:80 | http://shell.windows.com/fileassoc/fileassoc.asp?Ext=php | unknown | — | — | whitelisted |
3232 | iexplore.exe | GET | 302 | 23.38.36.63:80 | http://go.microsoft.com/fwlink/?LinkId=57426&Ext=php | NL | — | — | whitelisted |
3232 | iexplore.exe | GET | 200 | 185.53.179.29:80 | http://parkingcrew.net/jsparkcaf.php?regcn=035524&_v=2&_h=mylifestylemiami.com&_t=1558352994837 | DE | html | 2.55 Kb | whitelisted |
2944 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
2944 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3232 | iexplore.exe | GET | 200 | 52.85.182.11:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
3232 | iexplore.exe | GET | 200 | 195.138.255.19:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | DE | compressed | 56.1 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3232 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2944 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3232 | iexplore.exe | 185.53.179.29:80 | parkingcrew.net | Team Internet AG | DE | malicious |
— | — | 23.38.36.63:80 | go.microsoft.com | Akamai Technologies, Inc. | NL | whitelisted |
3232 | iexplore.exe | 2.16.186.24:80 | shell.windows.com | Akamai International B.V. | — | whitelisted |
3232 | iexplore.exe | 157.55.134.138:443 | login.live.com | Microsoft Corporation | US | whitelisted |
3232 | iexplore.exe | 172.217.22.110:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
2944 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2944 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3232 | iexplore.exe | 172.217.22.2:443 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
parkingcrew.net |
| whitelisted |
go.microsoft.com |
| whitelisted |
shell.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
www.wikihow.com |
| whitelisted |
pagead2.googlesyndication.com |
| whitelisted |
www.googletagservices.com |
| whitelisted |
c.amazon-adsystem.com |
| whitelisted |
x.ss2.us |
| whitelisted |