download:

index.html

Full analysis: https://app.any.run/tasks/c89e4fdb-22d7-4364-a67f-872af1486abc
Verdict: No threats detected
Analysis date: November 01, 2018, 01:54:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines
MD5:

59D37926F8481380580AB2CFD7CAF46C

SHA1:

FB0F028C791FEA310188899C1C198A1620CC2D03

SHA256:

4E6D6C57633FBFB1E3C7B74FA3E9A73C904C7B14A190C9F8664EE3FBA3C7BA09

SSDEEP:

192:70DluR5Ibb4OYD2fD/dqy4vPlij+WHJwEVjlyW0p/iWAX7Oxy77LvCNOpruvtqOg:70ZuqE6znA/urlzvCbn/XDy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 3416)
      • iexplore.exe (PID: 2284)
    • Changes internet zones settings

      • iexplore.exe (PID: 1000)
    • Application launched itself

      • iexplore.exe (PID: 1000)
    • Creates files in the user directory

      • iexplore.exe (PID: 3416)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3280)
      • iexplore.exe (PID: 2284)
      • iexplore.exe (PID: 1000)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2644)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3416)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3416)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2284)
      • iexplore.exe (PID: 3416)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2284)
      • iexplore.exe (PID: 3416)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)

EXIF

HTML

twitterImage: http://www.rojadirectaonline.blog/Rojadirectaonline.png
twitterDescription: rojdirecta, rojodirecto, Rojadirecta Tv Online, La Liga Santander 2018/19, Champions League, Barcelona, PSG, Bayern Munich, Real Madrid, Atlético Madrid y Mónaco vs Juventus en Directo Online Gratis, http://rojadirecta.com/, www.rojadirecta.org, roja direct, roja tv, futbol en vivo gratis por, www.tarjetaroja.com ver partidos, targetaroja, rojadirecto.com, http://www.rojadirecta.com/, rojadirecta.com ver partidos gratis, roja directa .com, rojadiecta, rojadirectagratis, rojadirecta partidos gratis, www.rojadirecta.com, roja directa futbol en vivo.
twitterTitle: ROJADIRECTA: Tarjeta Roja TV - Pirlo Tv - Futbol en Vivo
twitterSite: @Roja Directa
twitterCard: summary
viewport: width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0
yandexVerification: fb53d7f6b8ca1d30
Distribution: global
ContentLanguage: es
CacheControl: max-age = 3600
Refresh: 2000
GoogleBot: index
Robots: index,follow
Author: Roja Directa
Keywords: tarjeta roja, tarjetaroja, rojadirecta, roja tarjeta, laroja, Champions League, Barcelona, PSG, Bayern Munich, Real Madrid, Atlético Madrid y Mónaco vs Juventus, ver Justin TV, PirloTv, Ronaldo7, Ver Futbol Online, Futbol en vivo, Futbol por Internet, TarjetarojaTv, ver en vivo, tv online, Tarjetaroja, Tarjetaroja Tv, Roja Directa, Rojadirecta, Futbol online, Futbol en directo, Deportes online, resultados de Futbol. Television en vivo por internet, CMD en vivo, directv, La liga BBVA, Brasil 2014, TV en vivo, deportes, en vivo, psg, barca, online, Liga MX, 2015, ao vivo, jogo, assistir, watch live, Copa Pilsener
Description: roja directa online, Tarjeta Roja Tv, ROJADIRECTA, rojadirecta tv, Elitegol, VipGoal, rojadirecta.es, rojadirecta.me, PirloTv, Partido en Vivo, Tv por Internet, Barcelona, Bayern Munich, Real Madrid, Juventus.
Title: ROJADIRECTA: Tarjeta Roja TV - Pirlo Tv
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs flashutil32_26_0_0_131_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1000"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3416"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1000 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2284"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1000 CREDAT:268545C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3280C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Exit code:
0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2644C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Exit code:
0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
1 095
Read events
924
Write events
166
Delete events
5

Modification events

(PID) Process:(1000) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1000) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(1000) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(1000) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(1000) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1000) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(1000) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{32ACBBC7-DD79-11E8-BFAB-5254004AAD11}
Value:
0
(PID) Process:(1000) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(1000) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
3
(PID) Process:(1000) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E2070B0004000100010037001900B703
Executable files
0
Suspicious files
10
Text files
148
Unknown types
9

Dropped files

PID
Process
Filename
Type
3416iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\ar[1].pngimage
MD5:274646372791B670A10B89BB74901A09
SHA256:B20CE9E8734F777F970BA7D95A4C96209E0509074BAD3F30DED6CC6B781BA716
3416iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\mx[1].pngimage
MD5:28AE4E1B4F84903ADBFC6B9F7ECDBAD2
SHA256:BAEBE66571868F3AB7DED5D96BEDEDC776EED6DB25104A7345FA42427E54A463
1000iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
3416iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\de[1].pngimage
MD5:7D8BD12BB225596AE97F95952EF75D14
SHA256:8CEC56B4E5D7CCCBC4BCC8F03FE820726F9CE277C8483B0BB78C31AE916E69BA
3416iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\pt[1].pngimage
MD5:65C0C1D0924EE4C65B3073C2EDED9E77
SHA256:33B78C435922B9765E2F49BA66DE9612C78F640E0C3FC50D7091771C19259C68
3416iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\rojadirectaonline[1].pngimage
MD5:9A32A43E106DA762259176697BA94392
SHA256:15624A0B65E99D4B2F417FC32BB45D25027CDE9AED810EE97B54A3FC55583C58
3416iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\suda[1].pngimage
MD5:95F3C4CA9F9B7C445CFEAFF8A6B26234
SHA256:3C9614880739F54BC474D441BDE0621CDB34A5C588DD6997F9B95BE37BFA125A
3416iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@google[1].txttext
MD5:8CC0C6C147385D074B2FCDB95F621DCC
SHA256:85754D749D62CB8FBA7663F9DF24F9A991D4A305DF250B079229415DD367AAD5
3416iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\fr[1].pngimage
MD5:59622B0C3A6384324C3272DA50E5E849
SHA256:216B0A05E64F0F25A2937A9ECB6490D991E48D0E567D10D7425DF8DBE21F56D0
3416iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\ec[1].pngimage
MD5:F60B51921F9951075F1BD6FB7405C1B8
SHA256:1DA1F44EC3AA66448561D7FC4532BD75F82999CCAB2F2268C7226578D4361C33
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
82
TCP/UDP connections
111
DNS requests
48
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3416
iexplore.exe
GET
307
67.202.94.86:80
http://whos.amung.us/swidget/al3jk83qjo.png
US
whitelisted
3416
iexplore.exe
GET
204
208.100.17.184:80
http://ic.tynt.com/b/p?id=dozu_eBdKr6jrIaKkv7mNO&lm=0&ts=1541037353956&dn=TI&iso=1&img=http%3A%2F%2Fwww.rojadirectaonline.blog%2FRojadirectaonline.png&ct=ROJADIRECTA%20Online&t=ROJADIRECTA%3A%20Tarjeta%20Roja%20TV%20-%20Pirlo%20Tv&cu=http%3A%2F%2Fwww.rojadirectaonline.blog%2F
US
whitelisted
3416
iexplore.exe
GET
307
67.202.94.86:80
http://whos.amung.us/swidget/al3jk83qjo.png
US
whitelisted
3416
iexplore.exe
GET
67.202.94.86:80
http://whos.amung.us/swidget/al3jk83qjo.png
US
whitelisted
3416
iexplore.exe
GET
204
208.100.17.184:80
http://ic.tynt.com/b/p?id=dozu_eBdKr6jrIaKkv7mNO&lm=0&ts=1541037353956&dn=TI&iso=1&img=http%3A%2F%2Fwww.rojadirectaonline.blog%2FRojadirectaonline.png&ct=ROJADIRECTA%20Online
US
whitelisted
3416
iexplore.exe
GET
204
208.100.17.184:80
http://ic.tynt.com/b/p?id=dozu_eBdKr6jrIaKkv7mNO&lm=0&ts=1541037353956&dn=TI&iso=1&img=http%3A%2F%2Fwww.rojadirectaonline.blog%2FRojadirectaonline.png
US
whitelisted
3416
iexplore.exe
GET
204
208.100.17.184:80
http://ic.tynt.com/b/p?id=dozu_eBdKr6jrIaKkv7mNO&lm=0&ts=1541037353956&dn=TI&iso=1&img=http%3A%2F%2Fwww.rojadirectaonline.blog%2FRojadirectaonline.png&ct=ROJADIRECTA%20Online&t=ROJADIRECTA%3A%20Tarjeta%20Roja%20TV%20-%20Pirlo%20Tv
US
whitelisted
3416
iexplore.exe
GET
200
104.16.87.26:80
http://cdn.tynt.com/ti.js
US
html
15.3 Kb
whitelisted
3416
iexplore.exe
GET
204
208.100.17.184:80
http://ic.tynt.com/b/p?id=dozu_eBdKr6jrIaKkv7mNO&lm=0&ts=1541037353956&dn=TI&iso=1
US
whitelisted
3416
iexplore.exe
GET
200
185.225.208.133:80
http://widgets.amung.us/small/20/2038.png
unknown
image
340 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3416
iexplore.exe
216.58.205.78:443
apis.google.com
Google Inc.
US
whitelisted
4
System
216.58.205.137:445
www.blogblog.com
Google Inc.
US
unknown
216.58.205.137:137
www.blogblog.com
Google Inc.
US
unknown
3416
iexplore.exe
178.162.223.114:443
img.webme.com
Leaseweb Deutschland GmbH
DE
unknown
3416
iexplore.exe
46.229.169.130:443
webstatsdomain.org
DataWeb Global Group B.V.
US
unknown
3416
iexplore.exe
216.58.205.72:443
www.googletagmanager.com
Google Inc.
US
unknown
3416
iexplore.exe
172.64.97.22:80
www.rojadirectaonline.blog
Cloudflare Inc
US
shared
1000
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3416
iexplore.exe
176.56.226.176:80
www.rojadirecta.me
RouteLabel V.O.F.
NL
unknown
3416
iexplore.exe
104.16.87.26:80
cdn.tynt.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
apis.google.com
  • 216.58.205.78
whitelisted
www.googletagmanager.com
  • 216.58.205.72
whitelisted
www.rojadirectaonline.blog
  • 172.64.97.22
  • 172.64.96.22
unknown
img.webme.com
  • 178.162.223.114
unknown
webstatsdomain.org
  • 46.229.169.130
whitelisted
www.blogblog.com
  • 216.58.205.137
whitelisted
www.rojadirecta.me
  • 176.56.226.176
  • 176.56.229.7
  • 205.204.81.154
unknown
whos.amung.us
  • 67.202.94.86
  • 67.202.94.93
  • 67.202.94.94
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
widgets.amung.us
  • 185.225.208.133
whitelisted

Threats

No threats detected
No debug info