URL: | http://fpgmcei.com/office/ |
Full analysis: | https://app.any.run/tasks/2b139b36-ea8e-4785-ab77-7ca3c8931800 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2019, 20:20:34 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 6B07012591F09CE28468467121959A66 |
SHA1: | 1331DA99A8F093759E1807B35DB8FB06DBB4A615 |
SHA256: | 52C22A6B32E8A835BBBD42FA864B655BB2888CB25BBAAE8C0D9A286B6527A1C8 |
SSDEEP: | 3:N1KY23YQXK:CYdQXK |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2964 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3116 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2964 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\office[1].txt | — | |
MD5:— | SHA256:— | |||
3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\login[1].php | — | |
MD5:— | SHA256:— | |||
2964 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\index2[1].php | — | |
MD5:— | SHA256:— | |||
3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\submit[1].php | — | |
MD5:— | SHA256:— | |||
3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\error[1].php | — | |
MD5:— | SHA256:— | |||
3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\office[1].htm | text | |
MD5:8B71F05A0EB0438FE35805CC67C53EFF | SHA256:9374F357B1A2AF4AE544AAE03DE58B4E3920DFC5C2BF88838D6583F3118E67BD | |||
3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\img_logoAndName_white2.2x[1].png | image | |
MD5:A1E74B1365360ED95B7CE68C872C22D9 | SHA256:FECC828829DA6210BB82420A178E0DA7D341E0393C126F07F4165A26E22FB4B3 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon2[1].ico | image | |
MD5:394D4D0163254B8B4D398B264449E933 | SHA256:37837975CAEC11FF40EF908DC6767AAF9D5C0768C34C1C7A84FEC3A27B31E3DD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3116 | iexplore.exe | GET | 200 | 155.254.18.233:80 | http://fpgmcei.com/office/ | US | text | 134 b | suspicious |
3116 | iexplore.exe | POST | 200 | 155.254.18.233:80 | http://fpgmcei.com/office/index2.php | US | html | 3.58 Kb | suspicious |
3116 | iexplore.exe | GET | 200 | 155.254.18.233:80 | http://fpgmcei.com/office/login.php?check&nocache=page2&alt.done=rem&docs&=gifpdf&hzayrtFkdluQTGbnGx | US | html | 3.31 Kb | suspicious |
3116 | iexplore.exe | GET | 200 | 155.254.18.233:80 | http://fpgmcei.com/office/error.php | US | html | 838 b | suspicious |
3116 | iexplore.exe | POST | 200 | 155.254.18.233:80 | http://fpgmcei.com/office/submit.php | US | html | 82 b | suspicious |
2964 | iexplore.exe | GET | 404 | 155.254.18.233:80 | http://fpgmcei.com/favicon.ico | US | html | 248 b | suspicious |
3116 | iexplore.exe | GET | 301 | 212.224.112.82:80 | http://ppt4web.ru/assets/2c736062/img/loading.gif | DE | html | 184 b | unknown |
2964 | iexplore.exe | GET | 404 | 155.254.18.233:80 | http://fpgmcei.com/favicon.ico | US | html | 248 b | suspicious |
2964 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2964 | iexplore.exe | 155.254.18.233:80 | fpgmcei.com | Cascade Divide Colo, Inc. | US | suspicious |
3116 | iexplore.exe | 87.248.214.12:443 | s.smartsheet.com | Limelight Networks, Inc. | IT | unknown |
3116 | iexplore.exe | 13.107.42.13:443 | onedrive.live.com | Microsoft Corporation | US | malicious |
3116 | iexplore.exe | 155.254.18.233:80 | fpgmcei.com | Cascade Divide Colo, Inc. | US | suspicious |
3116 | iexplore.exe | 212.224.112.82:443 | ppt4web.ru | First Colo GmbH | DE | unknown |
3116 | iexplore.exe | 212.224.112.82:80 | ppt4web.ru | First Colo GmbH | DE | unknown |
3116 | iexplore.exe | 204.141.99.67:443 | app.smartsheet.com | NTT America, Inc. | US | unknown |
2964 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2964 | iexplore.exe | 204.141.99.67:443 | app.smartsheet.com | NTT America, Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
fpgmcei.com |
| suspicious |
app.smartsheet.com |
| whitelisted |
s.smartsheet.com |
| whitelisted |
ppt4web.ru |
| unknown |
onedrive.live.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
3116 | iexplore.exe | Potentially Bad Traffic | ET CURRENT_EVENTS Smartsheet Phishing Landing 2018-01-29 |