URL: | https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini.exe |
Full analysis: | https://app.any.run/tasks/3e742e77-3a24-4847-aaa7-c672b29b7ce3 |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 13:02:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | A3B42EC5A10723CA4EC441F2D883FE28 |
SHA1: | 3CDB2CD9A3285AECF35384AB2D9966805483BBB4 |
SHA256: | 5146EA8932371E8D7F5F30CFDCB38D21F48B1F003BF3D858C89B91C922AB15B6 |
SSDEEP: | 3:N8/WTVwTAAFKsyAQw6yHN:2UuFDTQPyHN |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2632 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3640 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2632 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2916 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe | — | iexplore.exe |
User: admin Company: Qihoo 360 Technology Co. Ltd. Integrity Level: MEDIUM Description: 360 Total Security Online Installer Exit code: 3221226540 Version: 6, 6, 0, 1053 | ||||
3492 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe | iexplore.exe | |
User: admin Company: Qihoo 360 Technology Co. Ltd. Integrity Level: HIGH Description: 360 Total Security Online Installer Version: 6, 6, 0, 1053 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2632 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2632 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFBCA295DC12D54E33.TMP | — | |
MD5:— | SHA256:— | |||
3492 | 360TS_Setup_Mini[1].exe | C:\Users\admin\AppData\Local\Temp\{16317D66-02BD-47d2-8D7A-89467AB3D728}.tmp | — | |
MD5:— | SHA256:— | |||
3492 | 360TS_Setup_Mini[1].exe | C:\Users\admin\AppData\Local\Temp\[email protected] | — | |
MD5:— | SHA256:— | |||
3492 | 360TS_Setup_Mini[1].exe | C:\Users\admin\AppData\Local\Temp\[email protected] | — | |
MD5:— | SHA256:— | |||
3492 | 360TS_Setup_Mini[1].exe | C:\Users\admin\AppData\Local\Temp\[email protected]\setup.ini | — | |
MD5:— | SHA256:— | |||
2632 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF0910F29DF0E404A0.TMP | — | |
MD5:— | SHA256:— | |||
2632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A56A6E93-BDCA-11E9-9885-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
2632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A56A6E94-BDCA-11E9-9885-5254004A04AF}.dat | binary | |
MD5:DD7CBB5B82CFD57ECF3FF98665A15319 | SHA256:28C8796653A54F85A6BAA9143866F8F74D7710FC128CAD8824B682DD3A6A80B0 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3492 | 360TS_Setup_Mini[1].exe | GET | 200 | 18.184.178.29:80 | http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=cfe1ce9b8f5123cc37f394accff90c49&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=655&tdl=655&tds=655&terr=0&tes=Status|1,ErrorCode|0,DnCount|3,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|655,P2PS|0,PDMode|2&tfl=655&tp=t&tst=1&ttdl=655&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS | US | — | — | suspicious |
3492 | 360TS_Setup_Mini[1].exe | GET | — | 104.192.108.21:80 | http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe | US | — | — | malicious |
3492 | 360TS_Setup_Mini[1].exe | GET | 200 | 18.184.178.29:80 | http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1053&pid=101&os=6.1&mid=cfe1ce9b8f5123cc37f394accff90c49&state=153 | US | — | — | suspicious |
3492 | 360TS_Setup_Mini[1].exe | GET | — | 104.192.108.21:80 | http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe | US | — | — | malicious |
3492 | 360TS_Setup_Mini[1].exe | GET | — | 104.192.108.21:80 | http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe | US | — | — | malicious |
3492 | 360TS_Setup_Mini[1].exe | GET | — | 104.192.108.21:80 | http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe | US | — | — | malicious |
3492 | 360TS_Setup_Mini[1].exe | GET | — | 104.192.108.21:80 | http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe | US | — | — | malicious |
3492 | 360TS_Setup_Mini[1].exe | GET | 200 | 13.35.254.218:80 | http://sd.p.360safe.com/12B38B9A9007822577C031E4F55CF2105EBA139A.trt | US | torrent | 13.0 Kb | whitelisted |
3492 | 360TS_Setup_Mini[1].exe | GET | — | 104.192.108.21:80 | http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe | US | — | — | malicious |
3492 | 360TS_Setup_Mini[1].exe | GET | — | 104.192.108.21:80 | http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe | US | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2632 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3492 | 360TS_Setup_Mini[1].exe | 54.76.174.118:80 | tr.p.360safe.com | Amazon.com, Inc. | IE | unknown |
— | — | 52.214.9.152:3478 | — | Amazon.com, Inc. | IE | unknown |
3492 | 360TS_Setup_Mini[1].exe | 200.84.136.220:8090 | — | CANTV Servicios, Venezuela | VE | unknown |
— | — | 197.57.145.179:22918 | — | TE-AS | EG | unknown |
3492 | 360TS_Setup_Mini[1].exe | 54.77.42.29:3478 | st.p.360safe.com | Amazon.com, Inc. | IE | unknown |
3492 | 360TS_Setup_Mini[1].exe | 186.93.117.97:10097 | — | CANTV Servicios, Venezuela | VE | unknown |
3640 | iexplore.exe | 5.254.23.114:443 | free.360totalsecurity.com | — | RO | malicious |
3492 | 360TS_Setup_Mini[1].exe | 18.184.178.29:80 | s.360safe.com | — | US | suspicious |
3492 | 360TS_Setup_Mini[1].exe | 82.145.215.152:443 | orion.ts.360.com | Opera Software AS | — | unknown |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
free.360totalsecurity.com |
| whitelisted |
st.p.360safe.com |
| unknown |
s.360safe.com |
| suspicious |
orion.ts.360.com |
| unknown |
iup.360safe.com |
| malicious |
tr.p.360safe.com |
| unknown |
int.down.360safe.com |
| malicious |
sd.p.360safe.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3492 | 360TS_Setup_Mini[1].exe | Generic Protocol Command Decode | ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) |
3492 | 360TS_Setup_Mini[1].exe | Generic Protocol Command Decode | ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) |
3492 | 360TS_Setup_Mini[1].exe | Generic Protocol Command Decode | ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) |
— | — | Generic Protocol Command Decode | ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) |
— | — | Generic Protocol Command Decode | ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) |
3492 | 360TS_Setup_Mini[1].exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |