URL: | http://profile.pinyin.sogou.com/download.php?filename=configmd5.bin |
Full analysis: | https://app.any.run/tasks/d0b1e0a8-a3fd-4b0c-9ae5-225f55145f1b |
Verdict: | Malicious activity |
Analysis date: | January 22, 2019, 23:22:49 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | CAE34F2D43BCD27CBDFBABEF7087CDC9 |
SHA1: | CD71B24730AB4EE2FFAAD3C833FDDC870FC2CE37 |
SHA256: | 5C538CB85FB69313AB21A1188005181B133767A349D43FE04680DF99EFB9305D |
SSDEEP: | 3:N1KOXY9GfeKK8KrOLWaDI8q:COXoGeKBKrOLlI8q |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2936 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3060 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2936 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2268 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 | ||||
1208 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2936 CREDAT:203009 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3000 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2936 CREDAT:203010 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2936 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2936 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3060 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@sogou[1].txt | — | |
MD5:— | SHA256:— | |||
3060 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\sogou_com[1].txt | — | |
MD5:— | SHA256:— | |||
3060 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@sogou[2].txt | text | |
MD5:D5C07759F31E62CBB5DB82FC503572D5 | SHA256:26B7B9D22DFEA0FB47F69A0CFE45C84CB5816C0064CA592DDDCFDEB41C1E137F | |||
3060 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt | text | |
MD5:E9BFC8685A37609743B0F96F475DC177 | SHA256:28968B12D10C525A1F8B38B5C86EA7AB88730B5C2F8683E44B9F832054E3A8C4 | |||
3060 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019012220190123\index.dat | dat | |
MD5:70B35BFB855EC6978DD7C4AF48C5332E | SHA256:EE7409C8523D4F1E5017AF24E69BDF49ED47E37037D4B623D0B27CC8019944F3 | |||
3060 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\sogou_com[1].htm | html | |
MD5:C06DA70335A7B2900D53CEEA6074FD08 | SHA256:48C770D748A9C776CFE7733289AB5A7B9305473A585BA36153149AF316966BD9 | |||
3060 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\profile_pinyin_sogou_com[1].htm | html | |
MD5:2C443F127339E0F69BB5EF8509716453 | SHA256:FF43E13F64CEE7BE3A4BFA272C08233E14EE01AD3482F2EBFF3C0A1CEB6D8078 | |||
2936 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:BD74CE3A62DE719E0A8D73BE42004150 | SHA256:9FEF52402AD14DEE6AB3B34FEB7A915C1A510E2DEC02972909996669AF9C846F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3060 | iexplore.exe | GET | 403 | 49.51.130.237:80 | http://profile.pinyin.sogou.com/download.php?filename=configmd5.bin | CN | — | — | malicious |
1208 | iexplore.exe | GET | 301 | 203.205.128.160:80 | http://baike.sogou.com/v64825136.htm?fromTitle=test%EF%BC%88Test%EF%BC%88%E6%91%94%E8%A7%92%E6%89%8B%EF%BC%89%EF%BC%89 | CN | html | 192 b | malicious |
1208 | iexplore.exe | GET | 301 | 203.205.128.160:80 | http://baike.sogou.com/v64825136.htm?fromTitle=test%EF%BC%88Test%EF%BC%88%E6%91%94%E8%A7%92%E6%89%8B%EF%BC%89%EF%BC%89 | CN | html | 192 b | malicious |
1208 | iexplore.exe | GET | 301 | 203.205.128.160:80 | http://baike.sogou.com/v64825136.htm?fromTitle=test%EF%BC%88Test%EF%BC%88%E6%91%94%E8%A7%92%E6%89%8B%EF%BC%89%EF%BC%89 | CN | html | 192 b | malicious |
3060 | iexplore.exe | GET | 301 | 118.191.216.42:80 | http://sogou.com/ | CN | html | 178 b | malicious |
2936 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3060 | iexplore.exe | GET | 200 | 49.51.130.237:80 | http://profile.pinyin.sogou.com/ | CN | html | 65 b | malicious |
1208 | iexplore.exe | GET | 200 | 175.100.207.204:80 | http://tv.sohu.com/commonfrag/vrs_flashPlayer.inc | HK | text | 58 b | malicious |
2936 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
1208 | iexplore.exe | GET | 302 | 119.28.109.132:80 | http://www.sogou.com/ | CN | html | 154 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2936 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3060 | iexplore.exe | 119.28.109.132:80 | sogou.com | Tencent Building, Kejizhongyi Avenue | CN | malicious |
3060 | iexplore.exe | 49.51.130.237:80 | profile.pinyin.sogou.com | Tencent Building, Kejizhongyi Avenue | CN | malicious |
3060 | iexplore.exe | 49.51.130.237:443 | profile.pinyin.sogou.com | Tencent Building, Kejizhongyi Avenue | CN | malicious |
2936 | iexplore.exe | 49.51.130.237:80 | profile.pinyin.sogou.com | Tencent Building, Kejizhongyi Avenue | CN | malicious |
3060 | iexplore.exe | 118.191.216.42:80 | sogou.com | — | CN | malicious |
3060 | iexplore.exe | 119.28.109.132:443 | sogou.com | Tencent Building, Kejizhongyi Avenue | CN | malicious |
2936 | iexplore.exe | 119.28.109.132:443 | sogou.com | Tencent Building, Kejizhongyi Avenue | CN | malicious |
3060 | iexplore.exe | 14.215.138.25:443 | tajs.qq.com | China Telecom (Group) | CN | suspicious |
3060 | iexplore.exe | 203.205.224.26:443 | dlweb.sogoucdn.com | Tencent Building, Kejizhongyi Avenue | CN | suspicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
profile.pinyin.sogou.com |
| malicious |
sogou.com |
| malicious |
www.sogou.com |
| whitelisted |
dlweb.sogoucdn.com |
| suspicious |
account.sogou.com |
| malicious |
pb6.sogou.com |
| unknown |
pb.sogou.com |
| unknown |
tajs.qq.com |
| whitelisted |
res.iciba.com |
| suspicious |