URL: | http://botannews.com/JX/NETFLIX_Checker_Account__By_X-KILLER_(2).7z |
Full analysis: | https://app.any.run/tasks/5afaa4bf-c195-430c-9d8d-5466f2a7315d |
Verdict: | Malicious activity |
Analysis date: | November 29, 2021, 04:48:12 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 9595FF63642B0942CBE48CD4A19505FD |
SHA1: | 42E7F4311F7BF24D8BD359216651C3775DD9305A |
SHA256: | 59585C64E35769394FED01BE2E1EFEA72F35FE2901E330C60BA217515397F1AF |
SSDEEP: | 3:N1Kcf/AlLGGlHcEKsQLRBGJ2Ls:CcwlUEjevG4Ls |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3276 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://botannews.com/JX/NETFLIX_Checker_Account__By_X-KILLER_(2).7z" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
572 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3276 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2732 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3276 CREDAT:2495751 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2216 | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Integrity Level: MEDIUM Description: Adobe� Flash� Player Installer/Uninstaller 32.0 r0 Exit code: 0 Version: 32,0,0,453 Modules
|
(PID) Process: | (3276) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (3276) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (3276) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30926044 | |||
(PID) Process: | (3276) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (3276) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30926044 | |||
(PID) Process: | (3276) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3276) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3276) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3276) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (3276) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\NETFLIX_Checker_Account__By_X-KILLER_(2)[1].htm | html | |
MD5:BAEC0DDD0532F1BC6B6D77C7A919BC3E | SHA256:78B30F4214275FFF0D5F12406566AB7C9DBEC645EB0A0E94F09A3E3AE3A7B2FB | |||
572 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\KIFXNKAM.txt | text | |
MD5:34CD832695E5102694890936E64601DE | SHA256:583C29064214BCF6477B506B71FB4F568606F4B0D630EA59E75E79932766A0D9 | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\socialsider-v1.0[1].css | text | |
MD5:615432B34216CE48AA41B027C9B08F6A | SHA256:F5AF895F7BEB65666327D0629ED30CEBE00DDDEBABBE9D25BE29106234E827A5 | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\custom[1].css | text | |
MD5:76ABA44FECBC5383ABD385540997E4D7 | SHA256:AEE1473684074D8D262B2240921B5450F5D528948EE36741FEB42D63D6DD727D | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\settings[1].css | text | |
MD5:BC105D9115ACC4F705A4F1C29BFDE6DC | SHA256:7FF5C077DF3ECC1BDA2076B20FE146FD3E1130ED39F4B2EC0E49FCEC3DB683E7 | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\All-stylesheets[1].css | text | |
MD5:0317F0C3C8EF4BFDA620908A7C05988B | SHA256:35E93B818DFF2F3AC20CE42E50D2A6EB9E7412605421DECAA95CA9BF604A9DBC | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\flow[1].css | text | |
MD5:169AFD815E1838D7D572F7514AC3A297 | SHA256:CF69BE4C880936352B9E7CDE48459749A82D8A4B0BFE9BE2EB9E74E199181E26 | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\jquery-1.11.0.min[1].js | text | |
MD5:8FC25E27D42774AEAE6EDBC0A18B72AA | SHA256:B294E973896F8F874E90A8EB1A8908AC790980D034C4C4BDF0FC3D37B8ABF682 | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\file-upload[1].css | text | |
MD5:CB955FDB824B31E9B744B6AEF1F99DFE | SHA256:B6264C4C05C786E5215A5FA9FEB5A99A81C924BC26B3E962EEFF230750A2D134 | |||
572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\responsive[1].css | text | |
MD5:7F090C009C854FDA38795874DD7CFCF3 | SHA256:244C04A213BDB0E13F0D9FA71AF6760886AD9D533F80C1F60E21F632096F5E33 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
572 | iexplore.exe | GET | 200 | 172.67.200.29:80 | http://botannews.com/JX/NETFLIX_Checker_Account__By_X-KILLER_(2).7z | US | html | 24.7 Kb | malicious |
572 | iexplore.exe | GET | 200 | 172.67.200.29:80 | http://botannews.com/themes/flow/frontend_assets/css/All-stylesheets.css | US | text | 180 b | malicious |
572 | iexplore.exe | GET | 200 | 172.67.200.29:80 | http://botannews.com/themes/flow/frontend_assets/socialsider-v1.0/_css/socialsider-v1.0.css | US | text | 4.00 Kb | malicious |
572 | iexplore.exe | GET | 200 | 172.67.200.29:80 | http://botannews.com/themes/flow/frontend_assets/css/isotope/isotope-style.css | US | text | 850 b | malicious |
572 | iexplore.exe | GET | 200 | 172.67.200.29:80 | http://botannews.com/themes/flow/js/jquery.tmpl.min.js | US | text | 561 b | malicious |
572 | iexplore.exe | GET | 200 | 172.67.200.29:80 | http://botannews.com/themes/flow/js/jquery-ui.js | US | text | 104 Kb | malicious |
572 | iexplore.exe | GET | 200 | 172.67.200.29:80 | http://botannews.com/themes/flow/frontend_assets/fonts/font-awesome/css/font-awesome.css | US | text | 4.08 Kb | malicious |
572 | iexplore.exe | GET | 200 | 172.67.200.29:80 | http://botannews.com/themes/flow/frontend_assets/css/stylesheet.css | US | text | 4.12 Kb | malicious |
572 | iexplore.exe | GET | 200 | 172.67.200.29:80 | http://botannews.com/themes/flow/frontend_assets/css/custom.css | US | text | 3.22 Kb | malicious |
572 | iexplore.exe | GET | 200 | 172.67.200.29:80 | http://botannews.com/themes/flow/frontend_assets/css/bootstrap/bootstrap.min.css | US | text | 17.4 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
572 | iexplore.exe | 104.19.131.80:443 | jsc.adskeeper.co.uk | Cloudflare Inc | US | unknown |
572 | iexplore.exe | 104.21.68.54:443 | cdn.popmyads.com | Cloudflare Inc | US | unknown |
572 | iexplore.exe | 95.100.146.72:80 | ctldl.windowsupdate.com | Akamai Technologies, Inc. | — | suspicious |
572 | iexplore.exe | 142.250.185.168:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
572 | iexplore.exe | 172.67.200.29:80 | botannews.com | — | US | unknown |
572 | iexplore.exe | 104.20.229.67:443 | www.statcounter.com | Cloudflare Inc | US | unknown |
572 | iexplore.exe | 151.139.128.14:80 | ocsp.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
572 | iexplore.exe | 172.67.187.188:443 | cdn.popmyads.com | — | US | unknown |
572 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
572 | iexplore.exe | 142.250.185.99:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
botannews.com |
| malicious |
cdn.popmyads.com |
| malicious |
jsc.adskeeper.co.uk |
| whitelisted |
www.statcounter.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
popmyads.com |
| malicious |