URL: | http://colegeboard.org |
Full analysis: | https://app.any.run/tasks/680ed15c-aefd-459e-9dca-1777b5467177 |
Verdict: | Malicious activity |
Analysis date: | June 18, 2019, 22:26:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | D2A482E26A8F2F0ED2C364CA40066AEE |
SHA1: | DC9629115CEC24FBE5EED520C1B4D6F5FFD15753 |
SHA256: | 6718711B1D2B4A2B7F526C499502AA27E52B2A0F6A69D2AB9C95CDFFDAD27CEA |
SSDEEP: | 3:N1KdKJACg+S:CIOd |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
900 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1708 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:900 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
900 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
900 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X2FOZE18\ww1_colegeboard_org[1].txt | — | |
MD5:— | SHA256:— | |||
1708 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:78F49AB023C07B726FF9B6300AF24D3F | SHA256:CD3AC43B79B8F654CAB6BBA089154D76FA2165E497903DA50AEBEEC5E189C7C0 | |||
1708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:3C662A8FF4AB2C827C40D58C6998F46C | SHA256:84D482F328D1AC71C40940D489FD8C17C5FA2047BCFB63DC73CF9966BDC69164 | |||
1708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X2FOZE18\ww1_colegeboard_org[1].htm | html | |
MD5:477C343F15C1D0369195E7F51967A674 | SHA256:E4660F89FF82DC78D9BB5BC11688CBD0DBE3D8FD6B07145B2130E8458698C8A5 | |||
1708 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@colegeboard[1].txt | text | |
MD5:B86BCA65245574D7C2AC0751E060FC23 | SHA256:3C4040D435F830AD910D03F7EDA31E6291BF87535A902582E25C5A24BBF9C87F | |||
1708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:2E09FFDE360A1D44E73D9B41A8F91A11 | SHA256:96C036B069E1F7FA7697D1C8676855791F09F92D0E56D6139E2CC5CB75BD4DC9 | |||
900 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061820190619\index.dat | dat | |
MD5:5C34C948FC8D2B83A2DCA230607308DA | SHA256:7B5FD265BC2C4B56A0D1ED04C95D496E90F74BE8091E3EF9FAE8BC8E8ED9E95B | |||
1708 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@colegeboard[2].txt | text | |
MD5:5B4A393CC39156C50A7563DC80ECB576 | SHA256:8C8ADB9842DA8EB47B77538E99C11A6C4D8AD32FB7088E5195FB3D6DF5C77F47 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1708 | iexplore.exe | GET | 302 | 103.224.212.183:80 | http://colegeboard.org/ | AU | — | — | unknown |
1708 | iexplore.exe | GET | 200 | 91.195.240.126:80 | http://ww1.colegeboard.org/ | DE | html | 19.6 Kb | malicious |
1708 | iexplore.exe | GET | 200 | 91.195.240.126:80 | http://ww1.colegeboard.org/search/tsc.php?200=MTA1MTU5NzEz&21=MTg1LjkyLjI1LjE2Nw==&681=MTU2MDg5Njc3OWM5ZDRmYzYxYzc0NmUxNWJkNjYxZDczOTdmMDQ3N2I5&crc=b10859dcad6998fd19957268a883400e30231aca&cv=1 | DE | compressed | 19.6 Kb | malicious |
1708 | iexplore.exe | GET | 200 | 172.217.18.164:80 | http://www.google.com/adsense/domains/caf.js | US | text | 55.7 Kb | whitelisted |
1708 | iexplore.exe | GET | 200 | 205.234.175.175:80 | http://img.sedoparking.com/js/jquery-1.11.3.custom.min.js | US | text | 24.5 Kb | whitelisted |
900 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
900 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1708 | iexplore.exe | 103.224.212.183:80 | colegeboard.org | Trellian Pty. Limited | AU | unknown |
1708 | iexplore.exe | 172.217.18.164:80 | www.google.com | Google Inc. | US | whitelisted |
1708 | iexplore.exe | 205.234.175.175:80 | img.sedoparking.com | CacheNetworks, Inc. | US | suspicious |
1708 | iexplore.exe | 91.195.240.126:80 | ww1.colegeboard.org | SEDO GmbH | DE | malicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
colegeboard.org |
| unknown |
ww1.colegeboard.org |
| malicious |
img.sedoparking.com |
| whitelisted |
www.google.com |
| whitelisted |