URL: | http://tiny.cc |
Full analysis: | https://app.any.run/tasks/4c86c50f-2a91-4b1b-bd1e-a717ef89403a |
Verdict: | Malicious activity |
Analysis date: | July 18, 2019, 08:13:51 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 81032300445632CD8EEA44A1A205C3C8 |
SHA1: | D9C13944D00035D048FC70AFC37EB143DF6FCC36 |
SHA256: | 700880CFA1FB69A1B821C0EFFB74FEA748CDC1C413BE8B073A2E6E34F0DAABB2 |
SSDEEP: | 3:N1KKMw:CK1 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2844 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3628 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2844 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
956 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2844 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2844 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3628 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:891CED71CCC5B193AFFF1BD2073AE3BA | SHA256:FD18FAE0EA34CEFFED1344F9D8806710A585963AAA8D7170512B3626BB4208ED | |||
3628 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:8FEFC1206B60CFCD2D25163BAA24A363 | SHA256:F1B113F491089F24F5744725661B4120893DB0E45316F5798337DEE2BEC34768 | |||
3628 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:34DCAE380B9E519352928F2906A3D831 | SHA256:2E65C15E9A4D13700AC8CA938255887C56B86AC1318E95E681EAA255C6A6D14A | |||
3628 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z66WGZ47\cb=gapi[1].loaded_0 | text | |
MD5:BFA01245364B163772BFA3067C5DD6C3 | SHA256:E15C2B291BA23BB646CA27E52853B1FB305B60E1EF40C51530B8A2B18BDCFF82 | |||
3628 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2OMU8X35\combine[1].php | text | |
MD5:4DC193832928AA125DB724FCDF3EBAE4 | SHA256:023A214ED424D2BACE86966A2D52A16A1FDB74AA68DA046BECBFFB791AABC2B5 | |||
3628 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AIKSDCGI\tiny_cc[1].htm | html | |
MD5:779C1F5D41FB439367437C95BE527A47 | SHA256:28598F1D615AF587C647BCC4C09C81D4D12B5150EC884663591BEF098DD0F402 | |||
3628 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tiny[1].txt | text | |
MD5:68C0CD38C6B2BA5CC1E55FDED7F1FA43 | SHA256:34BD5405845DEB550FD4591B9D03910E7262BEDC5F687DD39A0C789A413C549A | |||
3628 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2OMU8X35\plusone[1].js | html | |
MD5:5C7A692DB43DD1E7299DB0274A7559E9 | SHA256:941A23DB972131DDE66171968F6B847416DFE037E9F3A143F2B9C729B41A625C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3628 | iexplore.exe | GET | 301 | 192.241.240.89:80 | http://tiny.cc/ | US | html | 184 b | shared |
2844 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2844 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 172.217.16.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3628 | iexplore.exe | 172.217.22.67:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
3628 | iexplore.exe | 192.241.240.89:443 | tiny.cc | Digital Ocean, Inc. | US | malicious |
3628 | iexplore.exe | 172.217.23.174:443 | apis.google.com | Google Inc. | US | whitelisted |
3628 | iexplore.exe | 192.241.240.89:80 | tiny.cc | Digital Ocean, Inc. | US | malicious |
3628 | iexplore.exe | 172.217.16.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3628 | iexplore.exe | 52.222.158.239:443 | cdn.pubguru.com | Amazon.com, Inc. | US | whitelisted |
— | — | 52.222.158.239:443 | cdn.pubguru.com | Amazon.com, Inc. | US | whitelisted |
— | — | 172.217.22.74:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
tiny.cc |
| shared |
apis.google.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
cdn.pubguru.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
tinycc.com |
| suspicious |
maxcdn.bootstrapcdn.com |
| whitelisted |
player.adtelligent.com |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | A Network Trojan was detected | ET POLICY URL Shortener Service Domain in DNS Lookup (tiny .cc) |
3628 | iexplore.exe | A Network Trojan was detected | ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc) |
3628 | iexplore.exe | A Network Trojan was detected | ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc) |
3628 | iexplore.exe | A Network Trojan was detected | ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc) |
3628 | iexplore.exe | A Network Trojan was detected | ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc) |
3628 | iexplore.exe | A Network Trojan was detected | ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc) |
3628 | iexplore.exe | A Network Trojan was detected | ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc) |
3628 | iexplore.exe | A Network Trojan was detected | ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc) |
3628 | iexplore.exe | A Network Trojan was detected | ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc) |
2844 | iexplore.exe | A Network Trojan was detected | ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc) |