download: | index.html |
Full analysis: | https://app.any.run/tasks/ab478b50-c493-47c7-9526-401dde016a56 |
Verdict: | Malicious activity |
Analysis date: | February 21, 2020, 18:35:51 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators |
MD5: | C50AA3E723AE7778BBE713A1E1C3D9D8 |
SHA1: | 52A6D9FB3F811FCCDC17686F9229B187C4B3DFBF |
SHA256: | 583DF0F2A1FC08CE8D190F38E6DBBC859C5376FDF8AF81D6F3B8F45783AB8B77 |
SSDEEP: | 384:W+vrQXieV/CwscWC8FjxL+eq+6n8tqJt41VYP2h1d/qvFFvUbGdp8no0RQa4B+lK:WXiAuhryHHt43G8XXFBHE |
.html | | | HyperText Markup Language (100) |
---|
viewport: | width=device-width, initial-scale=1 |
---|---|
HTTPEquivXUACompatible: | IE=edge |
Title: | LOUIS VUITTON Outlets |
Description: | LOUIS VUITTON Outlets |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2952 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3112 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2952 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2816 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2952 CREDAT:144390 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2340 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2952 CREDAT:398593 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\bootstrap.min[1].css | text | |
MD5:736A02DCFE63B1518EAFCE38458AA860 | SHA256:E9A910706B5173F97B91A7735AC329E16F08C8F4001F73405843ECDA080D70F2 | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\stylesheet[1].css | text | |
MD5:14A00B5CAB9E2AF183A3CBF54BA7C4DD | SHA256:46F1A3CE31A57167937E119EEFA91BE3666CDFDF34547F557A9593D4F7A69537 | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\owl.carousel[1].css | text | |
MD5:77D4A6743002B35EF36AF74D6AADF1A1 | SHA256:ABFE00030C88CC24133BA14D537C987275F00D92A6971D683590E787E12FE924 | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\bootstrap.min[1].css | text | |
MD5:736A02DCFE63B1518EAFCE38458AA860 | SHA256:E9A910706B5173F97B91A7735AC329E16F08C8F4001F73405843ECDA080D70F2 | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\font-awesome.min[1].css | text | |
MD5:B3A7BE0EBC63F653346DCFAABADF94F0 | SHA256:8EA3141CBB9DFF3217A9586B2F0E60952E9491ACF11F7370285F346B22DAA4D0 | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\css[1].css | text | |
MD5:AF295E1236B929C0829E01C8961DCF52 | SHA256:99AA57BD15A22388367A98420E33298BB795FA9FAE4D384C6BEFC88EF76FD88F | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\m40780-1-200x200[1].jpg | image | |
MD5:C02F19F268A4B249E7274DA0C80E7942 | SHA256:4735385FCB38B2A0B56281B2806EBD114B977779A6E4E4C4F3BA4F64C294531C | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\11124f-2280x760[1].jpg | image | |
MD5:141B6321AA44C2B97684DE1847BAE775 | SHA256:CED904F935404BF0B5C929BF6172F6F79AEB421DB6E92BA0634E1E97A1BEC9C3 | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\n41358-1-200x200[1].jpg | image | |
MD5:AC4962D9823294563F5E3EA646073446 | SHA256:225CD9564F987C57B07C706A763AF39A188A5451F03195F79A4C4F50CAA7554C | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\m41066-1-200x200[1].jpg | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3112 | iexplore.exe | GET | 200 | 216.58.208.42:80 | http://fonts.googleapis.com/css?family=Open+Sans:400,400i,300,700 | US | text | 284 b | whitelisted |
2816 | iexplore.exe | GET | 200 | 104.24.106.14:80 | http://www.aaabagsonsale.top/catalog/view/javascript/font-awesome/css/font-awesome.min.css | US | text | 5.79 Kb | suspicious |
2816 | iexplore.exe | GET | 200 | 104.24.106.14:80 | http://www.aaabagsonsale.top/catalog/view/theme/default/stylesheet/stylesheet.css | US | text | 3.42 Kb | suspicious |
2816 | iexplore.exe | GET | 200 | 104.24.106.14:80 | http://www.aaabagsonsale.top/image/cache/catalog/1/112/9-200x200.jpg | US | image | 8.51 Kb | suspicious |
2816 | iexplore.exe | GET | 200 | 104.24.106.14:80 | http://www.aaabagsonsale.top/image/cache/catalog/2019-11-08_19-32-19-76565-2280x760-2280x760.jpg | US | image | 345 Kb | suspicious |
2816 | iexplore.exe | GET | 200 | 104.24.106.14:80 | http://www.aaabagsonsale.top/image/cache/catalog/lv/m40780-1-200x200.jpg | US | image | 9.98 Kb | suspicious |
2816 | iexplore.exe | GET | 200 | 104.24.106.14:80 | http://www.aaabagsonsale.top/image/cache/catalog/lv/652n41605-1-200x200.jpg | US | image | 11.7 Kb | suspicious |
3112 | iexplore.exe | GET | 200 | 104.24.106.14:80 | http://www.aaabagsonsale.top/image/cache/catalog/11124f-2280x760.jpg | US | image | 616 Kb | suspicious |
2816 | iexplore.exe | GET | 200 | 104.24.106.14:80 | http://www.aaabagsonsale.top/catalog/view/javascript/bootstrap/css/bootstrap.min.css | US | text | 20.2 Kb | suspicious |
2816 | iexplore.exe | GET | 200 | 104.24.106.14:80 | http://www.aaabagsonsale.top/image/cache/catalog/lv/n41358-1-200x200.jpg | US | image | 10.8 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3112 | iexplore.exe | 220.242.182.12:443 | js.users.51.la | — | CN | suspicious |
3112 | iexplore.exe | 104.24.106.14:80 | www.aaabagsonsale.top | Cloudflare Inc | US | shared |
2816 | iexplore.exe | 220.242.182.12:443 | js.users.51.la | — | CN | suspicious |
3112 | iexplore.exe | 216.58.208.42:80 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2816 | iexplore.exe | 104.24.106.14:80 | www.aaabagsonsale.top | Cloudflare Inc | US | shared |
2952 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2816 | iexplore.exe | 172.217.16.163:80 | fonts.gstatic.com | Google Inc. | US | whitelisted |
2816 | iexplore.exe | 216.58.208.42:80 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2816 | iexplore.exe | 104.24.107.14:80 | www.aaabagsonsale.top | Cloudflare Inc | US | unknown |
3112 | iexplore.exe | 104.24.107.14:80 | www.aaabagsonsale.top | Cloudflare Inc | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.aaabagsonsale.top |
| suspicious |
fonts.googleapis.com |
| whitelisted |
js.users.51.la |
| whitelisted |
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
ocsp.globalsign.com |
| whitelisted |
ocsp2.globalsign.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.top domain - Likely Hostile |
2816 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |
2340 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |
2340 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |
2340 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |
2340 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |
2340 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |
2340 | iexplore.exe | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |
2340 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |