URL: | http://amznamzn.com |
Full analysis: | https://app.any.run/tasks/ca81e615-a608-4767-a17c-c8b4903e58a6 |
Verdict: | Malicious activity |
Analysis date: | June 19, 2019, 14:57:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 0D00BC5250440853D228D028685A6BB1 |
SHA1: | B3171E68CF80BC375A7E5A6E1548C4C64F25F3FD |
SHA256: | 56CA1B95AEDD2F331A677BD4DEE42C10387127A2028556399F95FD3EE469FDF7 |
SSDEEP: | 3:N1KfoEI3K:ChI3K |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3300 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1244 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3300 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3300 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3300 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OS036TR2\ww1_amznamzn_com[1].txt | — | |
MD5:— | SHA256:— | |||
1244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OS036TR2\style[1].css | — | |
MD5:— | SHA256:— | |||
1244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HOZ3FH7C\iyfsearch_com[1].txt | — | |
MD5:— | SHA256:— | |||
1244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\38PVBA3I\style[1].css | text | |
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5 | SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B | |||
1244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:0F4328B5F91EE694C6909FAF25A87445 | SHA256:59C363C2EEA145C74BB7D619F2DD0710591B30770FFD3C6F5B42A4CA88D78E45 | |||
1244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\70PMALGG\min[1].js | text | |
MD5:5563332AD6AF63C9C94CEF15761BE544 | SHA256:4EFEC11A42893D4DF0249174CBE5AFAE24A5734F5DED35C5E84C56BF9F473EC2 | |||
1244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OS036TR2\skenzo[1].css | text | |
MD5:258924C7D7C159A3861E9838F0B40012 | SHA256:DB30F3956434FA476F2F5A605696E792A57398E8DED3AF2FEB7913C731AD7AB8 | |||
1244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HOZ3FH7C\iyfsearch_com[1].htm | html | |
MD5:8CA131090FF3E3684530D58A831C6122 | SHA256:BE642ED28ABB10861FCF2D202F9F2E912C11FDDD34789D4225DD6E42075CD09A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1244 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://iyfsearch.com/?dn=amznamzn.com&pid=9PO755G95 | VG | html | 6.62 Kb | suspicious |
1244 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i4.cdn-image.com/__media__/js/min.js?v2.2 | unknown | text | 2.97 Kb | whitelisted |
1244 | iexplore.exe | GET | 200 | 52.85.182.166:80 | http://d1lxhc4jvstzrp.cloudfront.net/themes/assets/skenzo.css | US | text | 208 b | shared |
1244 | iexplore.exe | GET | 200 | 185.53.179.29:80 | http://ww1.amznamzn.com/?subid1=a9f5d452-92a2-11e9-bf96-772747e0358e | DE | html | 473 b | malicious |
3300 | iexplore.exe | GET | 200 | 185.53.179.29:80 | http://ww1.amznamzn.com/favicon.ico | DE | — | — | malicious |
3300 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
1244 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://iyfsearch.com/px.js?ch=2 | VG | text | 346 b | suspicious |
1244 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot? | unknown | eot | 110 Kb | whitelisted |
1244 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://iyfsearch.com/sk-logabpstatus.php?a=MnJXZkZHYmJKeTJoK1p6OVBSMWdXQXd3L3JQNHRaMnplSFZPUHJOOEtzajFzME1CWTlVM3hsYmRmSkQzUitsYXAzOEI0eHhFNzcwcE01Wm0xTW9TbU5VOUt6S2FhSjFhVXJrbElWQ1RtSWM9&b=false | VG | text | 346 b | suspicious |
1244 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot? | unknown | eot | 33.8 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 2.16.186.64:80 | i4.cdn-image.com | Akamai International B.V. | — | whitelisted |
1244 | iexplore.exe | 2.16.186.106:80 | i4.cdn-image.com | Akamai International B.V. | — | whitelisted |
1244 | iexplore.exe | 208.91.196.46:80 | iyfsearch.com | Confluence Networks Inc | VG | malicious |
3300 | iexplore.exe | 185.53.179.29:80 | ww1.amznamzn.com | Team Internet AG | DE | malicious |
1244 | iexplore.exe | 185.53.179.29:80 | ww1.amznamzn.com | Team Internet AG | DE | malicious |
1244 | iexplore.exe | 2.16.186.64:80 | i4.cdn-image.com | Akamai International B.V. | — | whitelisted |
1244 | iexplore.exe | 5.79.79.209:80 | amznamzn.com | LeaseWeb Netherlands B.V. | NL | malicious |
3300 | iexplore.exe | 208.91.196.46:80 | iyfsearch.com | Confluence Networks Inc | VG | malicious |
1244 | iexplore.exe | 52.85.182.166:80 | d1lxhc4jvstzrp.cloudfront.net | Amazon.com, Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
amznamzn.com |
| malicious |
ww1.amznamzn.com |
| malicious |
d1lxhc4jvstzrp.cloudfront.net |
| shared |
iyfsearch.com |
| suspicious |
i4.cdn-image.com |
| whitelisted |
i1.cdn-image.com |
| whitelisted |
i2.cdn-image.com |
| whitelisted |
i3.cdn-image.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
1244 | iexplore.exe | Misc activity | ADWARE [PTsecurity] InstantAccess |