download: | index.html |
Full analysis: | https://app.any.run/tasks/d7c7cddc-c996-4804-9f3d-2a12c49da279 |
Verdict: | Malicious activity |
Analysis date: | February 19, 2019, 07:05:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | 11ADBE054CE8DA7C03BABB1AEA2CCB88 |
SHA1: | 9C2470E3D537FA812998C837AB0F99A580F555C8 |
SHA256: | 699AD0C356206E14C0E2B41D15A470D76831E9B0BFF257A090E508F9B81BF02E |
SSDEEP: | 768:f0XNTcpNv+r5AZpUxnHeCb4f1u0eywO0H+UJFSwqoyy4r81ga3H:f0u6njqoyy4rGH |
.html | | | HyperText Markup Language (100) |
---|
Refresh: | 0;URL=http://vip.girtelo.club/tracker?offer_id=2560&aff_id=225&pl=518:100&cb=1&gl=off |
---|---|
viewport: | width=device-width, initial-scale=1 |
Title: | prissaprili1981 |
ContentType: | text/html; charset=UTF-8 |
themeColor: | #eeeeee |
msapplicationNavbuttonColor: | #eeeeee |
Generator: | blogger |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2940 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3208 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2940 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2752 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2940 CREDAT:137473 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (2940) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2940) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2940) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 | |||
(PID) Process: | (2940) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones |
Operation: | write | Name: | SecuritySafe |
Value: 1 | |||
(PID) Process: | (2940) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (2940) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
(PID) Process: | (2940) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active |
Operation: | write | Name: | {3D1A3C57-3417-11E9-91D7-5254004A04AF} |
Value: 0 | |||
(PID) Process: | (2940) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
Operation: | write | Name: | Type |
Value: 4 | |||
(PID) Process: | (2940) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
Operation: | write | Name: | Count |
Value: 3 | |||
(PID) Process: | (2940) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
Operation: | write | Name: | Time |
Value: E307020002001300070017001800B200 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2940 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFE9C8B5CBE38C5087.TMP | — | |
MD5:— | SHA256:— | |||
2940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{3D1A3C58-3417-11E9-91D7-5254004A04AF}.dat | binary | |
MD5:74CCD12998521DDF31CD4505076F75E8 | SHA256:DF92DDDB4552EADDA9452280354CE87B9D988B9B63AB78BB8B412E239C430FCE | |||
2752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\article[1].css | text | |
MD5:B62111AD8A85460B103AF07F1532D0F6 | SHA256:F93AD8150B458EE1F7041BEA76D01F50D24E6E01F9B7A80F092EB143626F831C | |||
2752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\content[1].css | text | |
MD5:96D3EB2BC6A8FFA8BF044DA9D027057F | SHA256:928E9CB24E2F9B3E82B5C185E2A76F214171393F523CE56F5358BC3A210DB3B2 | |||
2752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\z[1].jpg | image | |
MD5:DCE3ADB09B53F2ACF0B7B39705B2F903 | SHA256:BD23F511F35CD6FDB4513E7EA4AE8F9F8681EE84065F6BAFA8AB0DEC2DF94B63 | |||
2752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\1[1].jpg | image | |
MD5:54ACA0D4958BA0759B10DF4F97E1E4A9 | SHA256:24BC9CD9AC8D8AC67C71F082A75FD59705DF8B059A3CB4024E942B6323EC2A2A | |||
2752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\comments[1].css | text | |
MD5:08E46A396D394D6FEF0C97D1000DEAFE | SHA256:19556B0E42F555478A82612D6F706C5BD3A0344507549B33A3659C702D0666A4 | |||
3208 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\unnamed[1].jpg | image | |
MD5:869B8910938688BE94C2348DD2CE2096 | SHA256:575ECD5E8EDDCBA54AD43E4A396EE2E629F923011D3441F29D672360F131FBCE | |||
2752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\normalize[1].css | text | |
MD5:76480F1DE6C45C3D040E7DF32A06D25B | SHA256:4090F15B3A390B449AA086C2C85CFECE7DF7EDC8A20B1670F242922C68372082 | |||
3208 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019021920190220\index.dat | dat | |
MD5:E8525A0F2C58A116B2C5BAD1B0DD34C9 | SHA256:D201A9FC82530AC7AB38B085E72B6241CF02C5335156077787976B2FC0A54F2F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2752 | iexplore.exe | GET | 302 | 104.27.138.166:80 | http://vip.girtelo.club/tracker?offer_id=2560&aff_id=225&pl=518:100&cb=1&gl=off | US | — | — | suspicious |
2752 | iexplore.exe | GET | 200 | 104.27.138.166:80 | http://prl.girtelo.club/prelands/518/css/content.css | US | text | 10.4 Kb | suspicious |
2752 | iexplore.exe | GET | 200 | 104.27.138.166:80 | http://prl.girtelo.club/prelands/518/css/comments.css | US | text | 3.43 Kb | suspicious |
2752 | iexplore.exe | GET | 200 | 104.27.138.166:80 | http://prl.girtelo.club/prelands/518/css/article.css | US | text | 2.38 Kb | suspicious |
2752 | iexplore.exe | GET | 404 | 104.27.138.166:80 | http://prl.girtelo.club/prelands/518/fonts/TabletGothic-Bold.woff2)%20format(%22woff2%22),%20url(../fonts/TabletGothic-Bold.woff)%20format(%22woff%22 | US | html | 249 b | suspicious |
2752 | iexplore.exe | GET | 200 | 104.27.138.166:80 | http://prl.girtelo.club/prelands/518/css/faq.css | US | text | 1.14 Kb | suspicious |
2752 | iexplore.exe | GET | 404 | 104.27.138.166:80 | http://prl.girtelo.club/prelands/518/fonts/FranziskaWebPro.woff)%20format(%22woff%22 | US | html | 231 b | suspicious |
2752 | iexplore.exe | GET | 404 | 104.27.138.166:80 | http://prl.girtelo.club/prelands/518/fonts/TabletGothic-Italic.woff2)%20format(%22woff2%22),%20url(../fonts/TabletGothic-Italic.woff)%20format(%22woff%22 | US | html | 251 b | suspicious |
2752 | iexplore.exe | GET | 200 | 104.27.138.166:80 | http://prl.girtelo.club/?pl=518.06258551ae64a5eccd2b5372b1ae31e2&n=aHR0cDovL3ZpcC5naXJ0ZWxvLmNsdWIvdmlzaXQ/cz0yJnQ9MWE2ODAyY2Q4OWZjNDRhNzg4OTRjM2VjMTcyNzk0ODImbj1hSFIwY0RvdkwyUmxMbU55ZVhCMGJ5MWpiMlJsWVhCd0xuWnBjQzVuYVhKMFpXeHZMbU5zZFdJdlAzTmxjM05wYjI0OU1XRTJPREF5WTJRNE9XWmpORFJoTnpnNE9UUmpNMlZqTVRjeU56azBPREltWVdabVgybGtQVEl5TlNaallqMHhKbVp3Y0QweEptSndQVEU9 | US | html | 42.8 Kb | suspicious |
2752 | iexplore.exe | GET | 200 | 104.27.138.166:80 | http://prl.girtelo.club/prelands/518/css/base.css | US | text | 8.09 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2940 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3208 | iexplore.exe | 172.217.16.201:443 | resources.blogblog.com | Google Inc. | US | whitelisted |
2752 | iexplore.exe | 104.27.138.166:80 | vip.girtelo.club | Cloudflare Inc | US | shared |
3208 | iexplore.exe | 216.58.207.65:443 | themes.googleusercontent.com | Google Inc. | US | whitelisted |
2940 | iexplore.exe | 104.27.138.166:80 | vip.girtelo.club | Cloudflare Inc | US | shared |
3208 | iexplore.exe | 172.217.22.67:443 | www.gstatic.com | Google Inc. | US | whitelisted |
2940 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
resources.blogblog.com |
| whitelisted |
themes.googleusercontent.com |
| whitelisted |
www.blogger.com |
| shared |
vip.girtelo.club |
| suspicious |
prl.girtelo.club |
| suspicious |
dns.msftncsi.com |
| shared |