URL: | http://config.collectionmpmusic.xyz//client.config/?app=pndr2&format=json&advert_key=ZWMwMDBhMDM2MjAwMGJmNzAwMDAwYmM2MDAwYmM2MDAwYmM2OWZhY2I0N2QzYw==&uid=5EAF457B393E37CC2E4C2301EA1AE19B-D52C01DA8E3F12CB3EBADF416DF8B2CAD48A1CD3&version=6.7.2&net_type=_&net_id=_ |
Full analysis: | https://app.any.run/tasks/33272d2a-ff19-4cf8-85aa-23ed247a58bc |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 10:53:59 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 233AF62291B74FBE086FB136A62692AB |
SHA1: | 2A7447335E657EB2FCAE12A37BB2DC4ADA1F98D0 |
SHA256: | 49E92654A1690B99469981B4B495DBD9B43875321DECEE3216B543B1B8FBF46A |
SSDEEP: | 6:CI8CZDLSeJDKXIERYxyyRXNfIXnXnXwK1rrROAeN9RjOXFLcbYn:jZDLV+X6PfIXnXnX18ASRY |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1940 | "C:\Program Files\Internet Explorer\iexplore.exe" http://config.collectionmpmusic.xyz//client.config/?app=pndr2&format=json&advert_key=ZWMwMDBhMDM2MjAwMGJmNzAwMDAwYmM2MDAwYmM2MDAwYmM2OWZhY2I0N2QzYw==&uid=5EAF457B393E37CC2E4C2301EA1AE19B-D52C01DA8E3F12CB3EBADF416DF8B2CAD48A1CD3&version=6.7.2&net_type=_&net_id=_ | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3996 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1940 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2100 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\client.json | C:\Windows\system32\rundll32.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\client.json.fkmwgn7.partial | — | |
MD5:— | SHA256:— | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF1D3A1BE0A76B86BC.TMP | — | |
MD5:— | SHA256:— | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\client.json.fkmwgn7.partial:Zone.Identifier | — | |
MD5:— | SHA256:— | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab2063.tmp | — | |
MD5:— | SHA256:— | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar2064.tmp | — | |
MD5:— | SHA256:— | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver2094.tmp | — | |
MD5:— | SHA256:— | |||
1940 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203 | binary | |
MD5:63442D4637ADC94FE0C772640BB856F8 | SHA256:5AB3C3DEE6D74B9BA3F961DEDD071D3F1EE8FC743A957141D71A9D828D02F6F0 | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{E6CAAF2D-A263-11EA-B44D-5254004A04AF}.dat | binary | |
MD5:73083E6A4921F5017C3783D0E4BEA858 | SHA256:11B87762B29A77EBC221A36E5ED6C76CF14C82B500565613EDA1F916AE001E53 | |||
3996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\client[1].json | text | |
MD5:A50F679BAF6206951EE0BD75BDB3F471 | SHA256:8F5EAD45445138140D6D2B05A9335E60F99A3A79FBF9390699B73EF1EC12E6A4 | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\client.json | text | |
MD5:A50F679BAF6206951EE0BD75BDB3F471 | SHA256:8F5EAD45445138140D6D2B05A9335E60F99A3A79FBF9390699B73EF1EC12E6A4 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3996 | iexplore.exe | GET | 200 | 5.149.249.226:80 | http://config.collectionmpmusic.xyz//client.config/?app=pndr2&format=json&advert_key=ZWMwMDBhMDM2MjAwMGJmNzAwMDAwYmM2MDAwYmM2MDAwYmM2OWZhY2I0N2QzYw==&uid=5EAF457B393E37CC2E4C2301EA1AE19B-D52C01DA8E3F12CB3EBADF416DF8B2CAD48A1CD3&version=6.7.2&net_type=_&net_id=_ | NL | text | 975 b | malicious |
1940 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
1940 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
1940 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1940 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3996 | iexplore.exe | 5.149.249.226:80 | config.collectionmpmusic.xyz | HZ Hosting Ltd | NL | malicious |
1940 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.collectionmpmusic.xyz |
| malicious |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3996 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
3996 | iexplore.exe | Misc activity | ADWARE [PTsecurity] Android.Adware.Downloader.CI |