download: | index.html |
Full analysis: | https://app.any.run/tasks/dd5988b6-c9d7-4544-901a-96a0effd093b |
Verdict: | Malicious activity |
Analysis date: | March 21, 2019, 14:26:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines |
MD5: | B10F518A97ABA067F69F5E355F87FB99 |
SHA1: | 98345CC2D262AC9E02CC67CB6D1F3372F1B1B9F5 |
SHA256: | 5DBD2DE34EB40487496E1C58277459BE0F14403CA0090007C099E48F84A91014 |
SSDEEP: | 384:9GbohIjRQzb/I0v2hR9gNk88mXfugQJEE:9oohIjazb/I0u1gD8AUt |
.html | | | HyperText Markup Language (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
128 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2716 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:128 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2076 | "C:\Program Files\Internet Explorer\iexplore.exe" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2396 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2076 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
716 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 | ||||
3152 | "C:\Program Files\Google\Update\1.3.33.23\GoogleUpdateWebPlugin.exe" "https:%2F%2Fwww.google.com%2F" "%2Finstall%20%22appguid=%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid=%7B2303C001-BE25-CEBA-2BE7-468B3168CB20%7D%26lang=en%26browser=2%26usagestats=1%26appname=Google%2520Chrome%26needsadmin=true%26ap=stable-arch_x86-statsdef_1%26installdataindex=defaultbrowser%22" /installsource oneclick | C:\Program Files\Google\Update\1.3.33.23\GoogleUpdateWebPlugin.exe | — | iexplore.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Update Exit code: 0 Version: 1.3.33.23 | ||||
1660 | "C:\Program Files\Google\Update\1.3.33.23\GoogleUpdateWebPlugin.exe" "https:%2F%2Fwww.google.com%2F" "%2Finstall%20%22appguid=%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid=%7B2303C001-BE25-CEBA-2BE7-468B3168CB20%7D%26lang=en%26browser=2%26usagestats=1%26appname=Google%2520Chrome%26needsadmin=true%26ap=stable-arch_x86-statsdef_1%26installdataindex=defaultbrowser%22" /installsource oneclick | C:\Program Files\Google\Update\1.3.33.23\GoogleUpdateWebPlugin.exe | — | iexplore.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Update Exit code: 0 Version: 1.3.33.23 | ||||
540 | "C:\Program Files\Google\Update\GoogleUpdate.exe" /pi "https:%2F%2Fwww.google.com%2F" "%2Finstall%20%22appguid=%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid=%7B2303C001-BE25-CEBA-2BE7-468B3168CB20%7D%26lang=en%26browser=2%26usagestats=1%26appname=Google%2520Chrome%26needsadmin=true%26ap=stable-arch_x86-statsdef_1%26installdataindex=defaultbrowser%22" /installsource oneclick | C:\Program Files\Google\Update\GoogleUpdate.exe | GoogleUpdateWebPlugin.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Installer Exit code: 0 Version: 1.3.33.23 | ||||
1376 | "C:\Users\admin\AppData\Local\Temp\{344267BA-41C6-4B6F-B07A-E951EFD1AF8B}\GoogleUpdate.exe" /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={2303C001-BE25-CEBA-2BE7-468B3168CB20}&lang=en&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=true&ap=stable-arch_x86-statsdef_1&installdataindex=defaultbrowser" /installsource oneclick | C:\Users\admin\AppData\Local\Temp\{344267BA-41C6-4B6F-B07A-E951EFD1AF8B}\GoogleUpdate.exe | — | GoogleUpdate.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Installer Version: 1.3.33.23 | ||||
2708 | "C:\Users\admin\AppData\Local\Temp\{344267BA-41C6-4B6F-B07A-E951EFD1AF8B}\GoogleUpdateSetup.exe" /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={2303C001-BE25-CEBA-2BE7-468B3168CB20}&lang=en&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=true&ap=stable-arch_x86-statsdef_1&installdataindex=defaultbrowser" /installsource oneclick /installelevated /nomitag | C:\Users\admin\AppData\Local\Temp\{344267BA-41C6-4B6F-B07A-E951EFD1AF8B}\GoogleUpdateSetup.exe | GoogleUpdate.exe | |
User: admin Company: Google Inc. Integrity Level: HIGH Description: Google Update Setup Version: 1.3.33.23 |
PID | Process | Filename | Type | |
---|---|---|---|---|
128 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
128 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2716 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab9F73.tmp | — | |
MD5:— | SHA256:— | |||
2716 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab9F74.tmp | — | |
MD5:— | SHA256:— | |||
2716 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar9F75.tmp | — | |
MD5:— | SHA256:— | |||
2716 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar9F76.tmp | — | |
MD5:— | SHA256:— | |||
2716 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab9F87.tmp | — | |
MD5:— | SHA256:— | |||
2716 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar9F88.tmp | — | |
MD5:— | SHA256:— | |||
2716 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab9F98.tmp | — | |
MD5:— | SHA256:— | |||
2716 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar9F99.tmp | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | HEAD | 302 | 216.58.207.78:80 | http://redirector.gvt1.com/edgedl/release2/chrome/GGX-dnQvK4Q_73.0.3683.86/73.0.3683.86_chrome_installer.exe | US | — | — | whitelisted |
— | — | HEAD | 200 | 173.194.160.71:80 | http://r2---sn-1gi7znes.gvt1.com/edgedl/release2/chrome/GGX-dnQvK4Q_73.0.3683.86/73.0.3683.86_chrome_installer.exe?mip=136.0.0.150&pl=20&shardbypass=yes&redirect_counter=1&cm2rm=sn-oun-1gie7l&req_id=ac497e3aa6cf5cea&cms_redirect=yes&mm=42&mn=sn-1gi7znes&ms=onc&mt=1553177791&mv=u | US | — | — | whitelisted |
— | — | HEAD | 302 | 217.146.165.205:80 | http://r2---sn-oun-1gie.gvt1.com/edgedl/release2/chrome/GGX-dnQvK4Q_73.0.3683.86/73.0.3683.86_chrome_installer.exe?cms_redirect=yes&mip=136.0.0.150&mm=28&mn=sn-oun-1gie&ms=nvh&mt=1553177509&mv=u&pl=20&shardbypass=yes | CH | — | — | whitelisted |
2716 | iexplore.exe | GET | 200 | 205.185.216.10:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 55.2 Kb | whitelisted |
— | — | GET | — | 173.194.160.71:80 | http://r2---sn-1gi7znes.gvt1.com/edgedl/release2/chrome/GGX-dnQvK4Q_73.0.3683.86/73.0.3683.86_chrome_installer.exe?mip=136.0.0.150&pl=20&shardbypass=yes&redirect_counter=1&cm2rm=sn-oun-1gie7l&req_id=ac497e3aa6cf5cea&cms_redirect=yes&mm=42&mn=sn-1gi7znes&ms=onc&mt=1553177791&mv=u | US | — | — | whitelisted |
2396 | iexplore.exe | GET | 302 | 54.208.77.124:80 | http://sdna.org/ | US | html | 194 b | malicious |
2716 | iexplore.exe | GET | 200 | 205.185.216.10:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 55.2 Kb | whitelisted |
2076 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
128 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
2160 | chrome.exe | GET | 302 | 216.58.207.78:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 502 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2076 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
128 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
4 | System | 104.109.68.8:445 | img1.wsimg.com | Akamai International B.V. | NL | whitelisted |
2716 | iexplore.exe | 104.109.68.8:443 | img1.wsimg.com | Akamai International B.V. | NL | whitelisted |
2396 | iexplore.exe | 54.208.77.124:80 | sdna.org | Amazon.com, Inc. | US | malicious |
2716 | iexplore.exe | 205.185.216.10:80 | www.download.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2396 | iexplore.exe | 104.109.68.8:443 | img1.wsimg.com | Akamai International B.V. | NL | whitelisted |
2396 | iexplore.exe | 184.30.213.149:443 | ch.godaddy.com | Akamai International B.V. | NL | whitelisted |
— | — | 104.109.68.8:137 | img1.wsimg.com | Akamai International B.V. | NL | whitelisted |
2396 | iexplore.exe | 205.185.216.10:80 | www.download.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
img1.wsimg.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.download.windowsupdate.com |
| whitelisted |
sdna.org |
| malicious |
www.afternic.com |
| whitelisted |
www.godaddy.com |
| whitelisted |
ch.godaddy.com |
| unknown |
www.google.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
ssl.google-analytics.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |