URL: | https://zfrmz.eu/Tf4ke56QISpJLxIw4Hto |
Full analysis: | https://app.any.run/tasks/f50433fb-0d38-45bf-8c97-4b3114703267 |
Verdict: | Malicious activity |
Analysis date: | June 18, 2019, 19:06:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | FDB6069736C915C482FE8B55050231AB |
SHA1: | 40B7440BC9F2DD0DCB38DDFC6FB8D5412949B923 |
SHA256: | 56AB3517C5BC2AEFD641654D6772FAB5F8135599B90E37B275999B12EF76EF91 |
SSDEEP: | 3:N8tIfLA9oAQh7:2tbdS |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2960 | "C:\Program Files\Internet Explorer\iexplore.exe" https://zfrmz.eu/Tf4ke56QISpJLxIw4Hto | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3504 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2960 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2960 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2960 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3504 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:B5334F3EAAAEFAE26412A9B554B03B0E | SHA256:117AA2D4A441D39B005E808385C81B8992C6BC0175E5749FB1FC39E66122B3D6 | |||
3504 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78FK0ALB\zohocustom[1].css | text | |
MD5:3744E4345AA32228496CE26333E04190 | SHA256:9596FF37B74C5611EC74FE10D39743654AC6DB037C9F265D2F8A16CBB405F925 | |||
3504 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWK6IMFF\gtm[1].js | text | |
MD5:01245E246DA49EED5CD9EBA0A2E24E9F | SHA256:EF9F22C3DA601FD61D918FC5E69210345D7D09A62325FA52608BF37DC1C0FE1F | |||
3504 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2S90LTPA\41112[1].css | text | |
MD5:32CF2029F791E34BE2AD53C0587DFAD6 | SHA256:76692A9A3E11BE6DC2683B0A11B388E0400D4757746F17FC70E1F8E139914B9E | |||
3504 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:E454BC44702ECC1484A89D56D448BECE | SHA256:CAD5FFA7767B9BE6DCC2058C677424196D8AA2E3A076BCA5FC71861EBE9F36B7 | |||
3504 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19VJNGQ5\zoho-small-logo_3[1].png | image | |
MD5:B29940ED045A9BE6388DC7EF6140018B | SHA256:EA4F2FC0530A90CF099D7693526C6B5BCAFCA173ECE99C1E262F07C75DB27405 | |||
3504 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWK6IMFF\getipinfo[1].txt | text | |
MD5:AECBCEA837D75B37BCFCA6551F3325DC | SHA256:5B40C4A50CE16636B5F400C5197F17C1C218BAA67B6DB1BEC304DD1076614FA5 | |||
3504 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19VJNGQ5\zohocustom[1].css | text | |
MD5:3744E4345AA32228496CE26333E04190 | SHA256:9596FF37B74C5611EC74FE10D39743654AC6DB037C9F265D2F8A16CBB405F925 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2960 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2960 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3504 | iexplore.exe | 216.58.207.72:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
3504 | iexplore.exe | 87.252.213.235:443 | zfrmz.eu | Telecitygroup International Limited | GB | unknown |
3504 | iexplore.exe | 87.252.213.52:443 | www.zoho.eu | Telecitygroup International Limited | GB | unknown |
3504 | iexplore.exe | 74.125.206.82:443 | html5shiv.googlecode.com | Google Inc. | US | whitelisted |
3504 | iexplore.exe | 87.252.213.14:443 | iplocation.zoho.eu | Telecitygroup International Limited | GB | unknown |
3504 | iexplore.exe | 216.52.72.155:443 | www.zoho.com | ZOHO | US | unknown |
3504 | iexplore.exe | 52.222.167.125:443 | fonts.zohowebstatic.com | Amazon.com, Inc. | US | unknown |
3504 | iexplore.exe | 52.222.167.85:443 | webfonts.zohowebstatic.com | Amazon.com, Inc. | US | malicious |
3504 | iexplore.exe | 52.222.167.99:443 | widgets.zohosalesiq.com | Amazon.com, Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
zfrmz.eu |
| unknown |
www.bing.com |
| whitelisted |
iplocation.zoho.eu |
| unknown |
www.zoho.eu |
| suspicious |
html5shiv.googlecode.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
fonts.zohowebstatic.com |
| whitelisted |
webfonts.zohowebstatic.com |
| shared |
www.zoho.com |
| suspicious |
widgets.zohosalesiq.com |
| whitelisted |