URL: | http://www.splunk.com/page/sign_up/splunk_cloud_invite?responsive=1&redirecturl=http%3A%2F%2Fwww.splunk.com%2Fpage%2Frainmakr_invite%3Fresponsive%3D1%26invid%3Da740b000000GqaRAAS%26r%3Dapex%2FRMEC_WelcomePage%3Finvid%3Da740b000000GqaRAAS |
Full analysis: | https://app.any.run/tasks/4a10c13e-d748-4c08-a406-608b60bcc853 |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 21:10:52 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 8F4BCF2D5624F42AAC6D8C1AC311F44E |
SHA1: | 687AC433ED30BFF4A9F9CB27554CB193C2F649A1 |
SHA256: | 630072A22CA023B4F61C172711BFFEF069AC73F89E80D917D4E39CE7518179CD |
SSDEEP: | 6:Cc4HDJ3wBPXAmYxR5YN3Hsz4qeZAbsKRjMLkd:LBPXoR5g3sU+T |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2160 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1920 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2160 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3504 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2160 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2160 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1920 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@splunk[1].txt | — | |
MD5:— | SHA256:— | |||
1920 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OHX96OPU\splunk_cloud_invite[1].txt | — | |
MD5:— | SHA256:— | |||
1920 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:6D046AFE1288E2449A8867FE36088AB4 | SHA256:FAE58F43490E2AF29E61C1B3A457DFA110B1DD7ADED0262E8FB82822421A9015 | |||
1920 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OHX96OPU\splunk_cloud_invite[1].htm | html | |
MD5:6980D26A020F67A53FBF08F4156B0DA2 | SHA256:4185A2DCB26FCC01F50A0F9E0D9C3BB5DEF454AD93EA516A10FDB538CFA7A569 | |||
1920 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:24C13D2CA8068BBFB22A1FDBEC947939 | SHA256:040F7C27D6DA6C2B31AC69437073F655C1AA7C260088386C3D4A152318AE8B5E | |||
1920 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27EU5Z2R\global,common,placeholder[1].js | text | |
MD5:C9D3DDD53081A54AC25D0E80A17B22A6 | SHA256:8CDFA909E14D7784DAB65948E015A532ACD305BACC68BFD45ACC79B70A1F6DD0 | |||
1920 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27EU5Z2R\jquery.responsive,bootstrap,jquery.validate,jquery.validate.bootstrap.popover.min,bootstrap-select,mobile-detect[1].js | text | |
MD5:06095D6B47BDABC9768E080A04DC2B2B | SHA256:F19D37BE4289B7F73134AA2F427592FFEA31421A10489BA75A24C0BA496A6F38 | |||
1920 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\27EU5Z2R\bootstrap,splunk,bootstrap-select,style_checkbox[1].css | text | |
MD5:F094518B235FA504BEF0CAFDD9DDE62B | SHA256:3B6EB6857858EECFFEC4D257F8342895441B94964ABFB70FA94BF2483760533A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1920 | iexplore.exe | GET | 200 | 2.16.106.233:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | unknown | compressed | 56.6 Kb | whitelisted |
1920 | iexplore.exe | GET | 301 | 2.20.190.189:80 | http://www.splunk.com/page/sign_up/splunk_cloud_invite?responsive=1&redirecturl=http%3A%2F%2Fwww.splunk.com%2Fpage%2Frainmakr_invite%3Fresponsive%3D1%26invid%3Da740b000000GqaRAAS%26r%3Dapex%2FRMEC_WelcomePage%3Finvid%3Da740b000000GqaRAAS | unknown | — | — | whitelisted |
1920 | iexplore.exe | GET | 200 | 2.16.106.233:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | unknown | compressed | 56.6 Kb | whitelisted |
1920 | iexplore.exe | GET | 200 | 2.16.106.186:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | unknown | compressed | 56.6 Kb | whitelisted |
1920 | iexplore.exe | GET | 200 | 204.13.202.71:80 | http://ssl.trustwave.com/issuers/STCA.crt | US | der | 956 b | whitelisted |
1920 | iexplore.exe | GET | 200 | 52.85.22.168:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
1920 | iexplore.exe | GET | 200 | 52.85.22.248:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
2160 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2160 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1920 | iexplore.exe | 54.213.131.81:443 | account.splunk.com | Amazon.com, Inc. | US | unknown |
1920 | iexplore.exe | 209.167.231.15:443 | secure.eloqua.com | Oracle Corporation | US | suspicious |
1920 | iexplore.exe | 172.217.22.34:443 | www.googleadservices.com | Google Inc. | US | whitelisted |
1920 | iexplore.exe | 64.233.167.154:443 | stats.g.doubleclick.net | Google Inc. | US | whitelisted |
1920 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1920 | iexplore.exe | 172.217.16.200:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
1920 | iexplore.exe | 104.20.21.239:443 | rum-static.pingdom.net | Cloudflare Inc | US | shared |
1920 | iexplore.exe | 185.60.216.19:443 | connect.facebook.net | Facebook, Inc. | IE | whitelisted |
1920 | iexplore.exe | 2.20.190.189:80 | www.splunk.com | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.splunk.com |
| whitelisted |
account.splunk.com |
| unknown |
secure.eloqua.com |
| suspicious |
www.googleadservices.com |
| whitelisted |
ssl.google-analytics.com |
| whitelisted |
stats.g.doubleclick.net |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
rum-static.pingdom.net |
| whitelisted |
script.crazyegg.com |
| whitelisted |