URL: | http://bit.ly/2uis7jm |
Full analysis: | https://app.any.run/tasks/321fe8bd-d308-4218-9c29-f9e21fd32f4e |
Verdict: | Malicious activity |
Analysis date: | March 21, 2019, 01:27:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 558606340EA83EC2BA3AB5313C755057 |
SHA1: | 6F0AEDDF12D931D14EB94B01AED72B5701C6AAEE |
SHA256: | 761C4E5524CDEF041C4F9BB3FE7D3975886814FA6168CF2FD72C183DF5AFF120 |
SSDEEP: | 3:N1KcQ9TQJ:CcY4 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1880 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2540 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1880 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1880 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
1880 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@minibit[1].txt | — | |
MD5:— | SHA256:— | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E35ECY9D\the-abc’s-and-xyz’s-of-correcting-irs-forms-what-you-need-to-know-for-2019[1].txt | — | |
MD5:— | SHA256:— | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z30YCT1B\master[1].css | text | |
MD5:97A2479BF6C150DEB6D6E01027E2D8CF | SHA256:9AA97A766B813BA68CC4A77FC95CF175460FDAB7ECFCA97E58B8665CAD1B3D37 | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:BAD0F001AC02CABA8CD3F349620D9460 | SHA256:49B5716221D6D8FD8AAF982A805FD33169ADE2A0429ACC3B297C7C1CBE2756D7 | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:4955193580B45BC712007165687EA7F8 | SHA256:8F412AE2495C8A939550CED5364DE6EEE7172310CE8B10C42B41F98F357717C8 | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E35ECY9D\the-abc’s-and-xyz’s-of-correcting-irs-forms-what-you-need-to-know-for-2019[1].htm | html | |
MD5:AEE61AF7C2F89A55D5460AFE7359614C | SHA256:926AE029B4F3158B991EB5321E2CFA48E397B09D36DB3D2252227B023867362D | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:4202F784F4AE53AB7DF761D457E05F06 | SHA256:45C7158C51B4862344857FB5521AF09BF79B2C8BB0B1DA2286DC4B9C68141E9B | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bit[1].txt | text | |
MD5:4F6FC35FA41AAEBE6CFF7CB50287EE41 | SHA256:CE5BBC77EB0EEF04B7DA6C8EBDE9064D76486CBAB27D925244243550897F8B45 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2540 | iexplore.exe | GET | 200 | 205.185.216.10:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 55.2 Kb | whitelisted |
2540 | iexplore.exe | GET | 301 | 67.199.248.10:80 | http://bit.ly/2uis7jm | US | html | 113 b | shared |
2540 | iexplore.exe | GET | 302 | 162.213.196.2:80 | http://minibit.us/gg5f34jl | US | html | 1.00 Kb | malicious |
1880 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1880 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2540 | iexplore.exe | 162.213.196.2:80 | minibit.us | Incero LLC | US | suspicious |
2540 | iexplore.exe | 205.185.216.10:80 | www.download.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
1880 | iexplore.exe | 50.62.169.11:443 | www.edupliance.com | GoDaddy.com, LLC | US | unknown |
2540 | iexplore.exe | 67.199.248.10:80 | bit.ly | Bitly Inc | US | shared |
2540 | iexplore.exe | 50.62.169.11:443 | www.edupliance.com | GoDaddy.com, LLC | US | unknown |
2540 | iexplore.exe | 2.18.232.160:443 | cdn.livechatinc.com | Akamai International B.V. | — | whitelisted |
2540 | iexplore.exe | 104.111.239.74:443 | imagesak.secureserver.net | Akamai International B.V. | NL | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
bit.ly |
| shared |
minibit.us |
| malicious |
www.edupliance.com |
| unknown |
imagesak.secureserver.net |
| suspicious |
www.download.windowsupdate.com |
| whitelisted |
cdn.livechatinc.com |
| whitelisted |