download: | index.html |
Full analysis: | https://app.any.run/tasks/609535cf-3479-4686-8288-5404857eab47 |
Verdict: | Malicious activity |
Analysis date: | July 11, 2019, 22:17:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines, with CRLF, LF line terminators |
MD5: | 302A8C7ACC5CCBD06BBC3E12CD6C5FC3 |
SHA1: | 8C6A407E1F699E5242445A9F71C30B01F8BAC818 |
SHA256: | 56CAECDE0634DCE506B72ADA2C03479CF2EA956E71474695AC20C6E5569E08EA |
SSDEEP: | 384:8TOFvFB+mpPG6nnzFLvBQzeQIyBFVHOnOhQtQXL8qctF78JZ:8MdB39pBQ6QIFhTjI3 |
.htm/html | | | HyperText Markup Language with DOCTYPE (80.6) |
---|---|---|
.html | | | HyperText Markup Language (19.3) |
viewport: | width=device-width, initial-scale=0.75, maximum-scale=1.0, user-scalable=yes |
---|---|
googleSiteVerification: | jkUAIOE8owUXu8UXIhRLB9oHJsWBfOgJbZzncqHoF4A |
Description: | Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time. |
Title: | Pastebin.com - #1 paste tool since 2002! |
ContentType: | text/html; charset=utf-8 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3080 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html.htm | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3448 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3080 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2124 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3080 CREDAT:137473 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2524 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3080 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3080 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3448 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\js[1] | text | |
MD5:E145D79F48199DE331BCFF3A527BF750 | SHA256:26291B01952A8BC2B3D017887EABE8333921C10BA35123168D857FF61E392515 | |||
2124 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:7EAFDC92FBBA00C0ADDEA71AF0E964C1 | SHA256:BB6FF5801CC9D2E612AB2E8363EFB0F5CA59660B4B120F1B58F25F61DA7944A2 | |||
2124 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:7BBD525BA6B548250E091FA2151C48E4 | SHA256:8F2F7EC895440B77F9ADA57D0A2EFABA9F35D0565969D4F3619C374CBD025021 | |||
3080 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:C8C656C2506BA690F6609CAAC5C16F8D | SHA256:4152AB6B575C9D9DA18120C08C17BB95CE050F4FF9C31700E671D0974875B276 | |||
2124 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@pastebin[1].txt | text | |
MD5:9317946368DAC6F983E1E353C729A7CC | SHA256:89BFAC6DD0046501247C671B82ABAD5CCDB2F59CA3F49FD258B69673C84002F3 | |||
3080 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
2124 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\pastebin_com[1].txt | — | |
MD5:— | SHA256:— | |||
2124 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N72PDJAZ\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2124 | iexplore.exe | GET | 301 | 104.20.208.21:80 | http://pastebin.com/ | US | — | — | shared |
3080 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3080 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
4 | System | 204.11.109.77:445 | tags.expo9.exponential.com | Exponential Interactive, Inc. | US | unknown |
4 | System | 204.11.109.78:139 | tags.expo9.exponential.com | Exponential Interactive, Inc. | US | unknown |
2124 | iexplore.exe | 104.20.208.21:443 | pastebin.com | Cloudflare Inc | US | shared |
4 | System | 204.11.109.75:445 | tags.expo9.exponential.com | Exponential Interactive, Inc. | US | unknown |
4 | System | 204.11.109.76:445 | tags.expo9.exponential.com | Exponential Interactive, Inc. | US | unknown |
3448 | iexplore.exe | 216.58.207.40:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
2124 | iexplore.exe | 204.11.109.75:443 | tags.expo9.exponential.com | Exponential Interactive, Inc. | US | unknown |
4 | System | 204.11.109.78:445 | tags.expo9.exponential.com | Exponential Interactive, Inc. | US | unknown |
2124 | iexplore.exe | 104.20.208.21:80 | pastebin.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
www.googletagmanager.com |
| whitelisted |
www.bing.com |
| whitelisted |
tags.expo9.exponential.com |
| whitelisted |
pastebin.com |
| shared |
www.google-analytics.com |
| whitelisted |
stats.g.doubleclick.net |
| whitelisted |
s.tribalfusion.com |
| shared |
m.servedby-buysellads.com |
| whitelisted |
d2na2p72vtqyok.cloudfront.net |
| whitelisted |
dns.msftncsi.com |
| shared |