URL: | http://www.bankfab-ae.com |
Full analysis: | https://app.any.run/tasks/f98c158c-4cbb-4fac-afea-7e2b1145c997 |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 05:17:03 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 1B651CFAC364ED0DBC9E6EC8103DD4CA |
SHA1: | 1954C1F66E21CB0CA6DAA42FA4240ACAC5FA8B14 |
SHA256: | 772ECCD033153F404BBAF97A10074738131E32269CF407FF3D745E4D76D1522C |
SSDEEP: | 3:N1KJS4k6YL:Cc4kZL |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2920 | "C:\Program Files\Internet Explorer\iexplore.exe" http://www.bankfab-ae.com | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3552 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1032 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:203009 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1276 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:203010 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2916 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:399617 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3552 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\bankfab-ae_com[1].txt | — | |
MD5:— | SHA256:— | |||
2920 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2920 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3552 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1K4R0MS\iyfsearch_com[1].txt | — | |
MD5:— | SHA256:— | |||
3552 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZA8H80M\js3[1].js | text | |
MD5:DB3CACFB57BA35D3FCFDBBCF7D46BD42 | SHA256:A606134E35DB97024D04789609660C94F87F660DC259D91DB5180E32787D4DAD | |||
3552 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:0FBAFA35D676C7B2571CB449ADC9F9E4 | SHA256:0BC0B0A6F24AC14A1C5A9EB90F803CE301FE0A54483C49D564D4D1D59A656827 | |||
3552 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:AB34250531DD7D2BCD705E4285EC4BCD | SHA256:9D633D85B0207349B85798E7A07721B27A925244DF1D727C97D69A39ED531AB1 | |||
3552 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ORT0N76G\bankfab-ae_com[1].htm | html | |
MD5:F2D03694EE6C4D450FE78B69A53D0039 | SHA256:60783070C15D96394851F04AF118E18F29EF4B1C033592E1D7D97BC9C2CB4E06 | |||
3552 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019051520190516\index.dat | dat | |
MD5:815CCEFA4676F61B0EDEF5F72C8099CB | SHA256:0A83C8456693BC77CFE9F880FCB4193BFCC02174DD7E3F4A0493E6EF61B66A26 | |||
2920 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2920 | iexplore.exe | GET | 200 | 54.72.9.51:80 | http://www.bankfab-ae.com/favicon.ico | IE | — | — | malicious |
3552 | iexplore.exe | GET | 200 | 185.53.179.29:80 | http://parkingcrew.net/assets/scripts/js3.js | DE | text | 17.5 Kb | whitelisted |
3552 | iexplore.exe | GET | 200 | 54.72.9.51:80 | http://www.bankfab-ae.com/ | IE | html | 998 b | malicious |
3552 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://iyfsearch.com/?dn=bankfab-ae.com&pid=9PO755G95 | VG | html | 6.78 Kb | suspicious |
3552 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i1.cdn-image.com/__media__/js/min.js?v2.2 | unknown | text | 2.97 Kb | whitelisted |
3552 | iexplore.exe | GET | 200 | 2.16.106.176:80 | http://pxlgnpgecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=10 | unknown | binary | 30.2 Kb | whitelisted |
3552 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i1.cdn-image.com/__media__/pics/12471/bodybg.png | unknown | image | 94.9 Kb | whitelisted |
3552 | iexplore.exe | GET | 200 | 54.72.9.51:80 | http://www.bankfab-ae.com/track.php?domain=bankfab-ae.com&toggle=browserjs&uid=MTU1Nzg5NzQzNC4yMDg1OmEyZmFjNjNjM2YzZGNhYWY1MDhmMTAxYmI4ZTQ1YWI5ZjlhZTZmNThlY2RiNGE2MGM5ZTRjYzhhMmJhZjkwZjE6NWNkYmEwZGEzMmVkMA%3D%3D | IE | binary | 20 b | malicious |
3552 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i4.cdn-image.com/__media__/pics/12471/kwbg.jpg | unknown | image | 36.3 Kb | whitelisted |
3552 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i1.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot? | unknown | eot | 110 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3552 | iexplore.exe | 54.72.9.51:80 | www.bankfab-ae.com | Amazon.com, Inc. | IE | malicious |
3552 | iexplore.exe | 185.53.179.29:80 | parkingcrew.net | Team Internet AG | DE | malicious |
2920 | iexplore.exe | 54.72.9.51:80 | www.bankfab-ae.com | Amazon.com, Inc. | IE | malicious |
3552 | iexplore.exe | 208.91.196.46:80 | iyfsearch.com | Confluence Networks Inc | VG | malicious |
2920 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 2.16.186.106:80 | i1.cdn-image.com | Akamai International B.V. | — | whitelisted |
3552 | iexplore.exe | 2.16.186.106:80 | i1.cdn-image.com | Akamai International B.V. | — | whitelisted |
1032 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 2.16.186.64:80 | i1.cdn-image.com | Akamai International B.V. | — | whitelisted |
3552 | iexplore.exe | 2.16.106.176:80 | pxlgnpgecom-a.akamaihd.net | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bankfab-ae.com |
| malicious |
parkingcrew.net |
| whitelisted |
www.bing.com |
| whitelisted |
iyfsearch.com |
| suspicious |
i1.cdn-image.com |
| whitelisted |
i4.cdn-image.com |
| whitelisted |
i3.cdn-image.com |
| whitelisted |
pxlgnpgecom-a.akamaihd.net |
| whitelisted |
i2.cdn-image.com |
| whitelisted |
r.search.yahoo.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3552 | iexplore.exe | Misc activity | ADWARE [PTsecurity] InstantAccess |