download: | index.html |
Full analysis: | https://app.any.run/tasks/a5317351-a005-448b-aaf1-416f6da60951 |
Verdict: | Malicious activity |
Analysis date: | May 21, 2019, 01:31:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with no line terminators |
MD5: | 72E9988BBCC95C0971148EDAE59F7C2F |
SHA1: | 4BD29C2B28EB4AE9C43BA023C77A3B0E6D250429 |
SHA256: | 77A87DA0FFAE945562F3215D37AA23A142CB7E161B651D5B537A0F1661748740 |
SSDEEP: | 6:GMRJVSOiQGAJVaXWpTRWTiINWVoWRxSW8wQmoIdQUVd6dYAW8Db:GMxXGEpTwTiINSokSLiOgAYzG |
.html | | | HyperText Markup Language (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2480 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3500 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2480 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2748 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2480 CREDAT:137473 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2480 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2480 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2480 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFDFC3F4494C5ECCB5.TMP | — | |
MD5:— | SHA256:— | |||
2748 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:411F28A2919D8D47D5D517B9BFE9E2FB | SHA256:4E5F0B4FDC21611E3FD1B5E7DAF6613753793FF7E6E949203DFBF924ED581671 | |||
2480 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{20FEA8AE-7B68-11E9-A370-5254004A04AF}.dat | binary | |
MD5:0F12D76B27B3BA3D78EEDDCF3A3DA6F5 | SHA256:4E3DA30DD454E0F9713B9C56FB380976461A8D94442187DDEAA29F31BC028F52 | |||
3500 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019052120190522\index.dat | dat | |
MD5:1A9BAB6C1276C0CF9EBC74E3390ECB2B | SHA256:79DBE1BEBB97599EC032A3B4AE2C6EED8B70A1C3FDC983FE808F532ACEBFE5FC | |||
2748 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VBLPYLH0\message.index[1].htm | html | |
MD5:8EF2384B97E4F8F15587EC15AC3448EA | SHA256:C1A1B4425E1D0F90017646F23A141ACEF3B2ACC70ADAD45D74AB505C4F83F104 | |||
2748 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:EBF33F9CF8C2C86E60B7314667BBD39D | SHA256:BE4121F0A694D6467EAE5364B79DBEB782B231304DC741712E45DADC09DA2F1C | |||
2480 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
2748 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\731GFLET\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2480 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2480 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2748 | iexplore.exe | 20.38.106.196:443 | office365products.blob.core.windows.net | — | US | suspicious |
2748 | iexplore.exe | 184.31.91.84:443 | secure.aadcdn.microsoftonline-p.com | Akamai International B.V. | NL | whitelisted |
2748 | iexplore.exe | 13.107.246.10:443 | logincdn.msauth.net | Microsoft Corporation | US | whitelisted |
2748 | iexplore.exe | 205.185.208.52:443 | code.jquery.com | Highwinds Network Group, Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
office365products.blob.core.windows.net |
| suspicious |
secure.aadcdn.microsoftonline-p.com |
| whitelisted |
logincdn.msauth.net |
| whitelisted |
code.jquery.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potential Corporate Privacy Violation | ET POLICY DNS Lookup for Possible Common Brand Phishing Hosted on Legitimate Windows Service |
2748 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY Request for Possible Common Brand Phishing Hosted on Legitimate Windows Service |
2748 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY Request for Possible Common Brand Phishing Hosted on Legitimate Windows Service |