URL: | http://89.248.165.207 |
Full analysis: | https://app.any.run/tasks/55c1aa3f-08b2-42f0-adfb-c8c84021f7f4 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 07:41:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | AF8356E8B55EBFC71CDB7037004D6906 |
SHA1: | 4D5050E652124D8722B1CFC6EECA8B1B9D202E09 |
SHA256: | 7CB2C0AADB2F3895671481784DB509A38440FCC07052D3F360401291B2988AB2 |
SSDEEP: | 3:N1K/fU7:CXU7 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2952 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://89.248.165.207" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3360 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2952 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30968313 | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30968313 | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\info[1].htm | html | |
MD5:0FA11E556EBAE14615C0F68B8CB0DE94 | SHA256:1BBDD2444E5DA920C16575CF31B0A2AA04D0CB68B67A4CB6CB2E4C4B75EBB7B3 | |||
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\font-awesome.min[1].css | text | |
MD5:269550530CC127B6AA5A35925A7DE6CE | SHA256:799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD | |||
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\responsive[1].css | text | |
MD5:B6FCDAD264D0B6098E89330FD946D8DA | SHA256:2DE8C21DB68AF056AF5AD3B23DDFEA4E0AE6854B9BBC271CA5DD8EE15842F5DB | |||
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\scrolling-nav[1].js | text | |
MD5:EB74DD903155BD3AFC4D1585D020252D | SHA256:31C0B81A4942AD2C68EBCECFC8F0698DBD8E47F8363BD54878F7EFBA1C2BAA15 | |||
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\jquery-min[1].js | text | |
MD5:F9C7AFD05729F10F55B689F36BB20172 | SHA256:F16AB224BB962910558715C82F58C10C3ED20F153DDFAA199029F141B5B0255C | |||
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\popper.min[1].js | text | |
MD5:940017F4A5906E1E6783DE73D8322038 | SHA256:FE3DC4C4826441004AE9788FC603B1A1B387E1D9FAFEE000EAB4BBB8159E554C | |||
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\owl.theme[1].css | text | |
MD5:F23CF727E4FCCA9A5470658DA5E755C9 | SHA256:91EE720F3C25EC6B209D88019C20E2592340FF1FE1C94F3D5431E5FD1E77E5DC | |||
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\jquery.countTo[1].js | text | |
MD5:ACAD36D38DA9F68C52BB074B2C478D0F | SHA256:00619814B3B256720A9FFD9408397D0FFE5559FF301D608EB66F585343FD83A2 | |||
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\extras[1].css | text | |
MD5:21036554D3EA3CBF3043006437A6AE25 | SHA256:EC6ADB047379B86AAF7E403D5214BA1D85BF8FBA912D921714DD3DB29779EB26 | |||
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\owl.carousel[1].css | text | |
MD5:061D0708E0A0AD9550C13FDDB8D1A4ED | SHA256:1520498F29FDA7E4EEB3A913B4BFE38D71784E2629267544B27300B9FE60D5BF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3360 | iexplore.exe | GET | 301 | 89.248.165.207:80 | http://89.248.165.207/ | SC | — | — | suspicious |
3360 | iexplore.exe | GET | 200 | 51.159.21.96:80 | http://openportstats.com/info | GB | html | 2.40 Kb | malicious |
3360 | iexplore.exe | GET | 200 | 51.159.21.96:80 | http://openportstats.com/css/responsive.css | GB | text | 2.15 Kb | malicious |
3360 | iexplore.exe | GET | 200 | 51.159.21.96:80 | http://openportstats.com/css/bootstrap.min.css | GB | text | 141 Kb | malicious |
3360 | iexplore.exe | GET | 200 | 51.159.21.96:80 | http://openportstats.com/css/owl.carousel.css | GB | text | 3.30 Kb | malicious |
3360 | iexplore.exe | GET | 200 | 51.159.21.96:80 | http://openportstats.com/js/jquery.mixitup.js | GB | text | 49.7 Kb | malicious |
3360 | iexplore.exe | GET | 200 | 51.159.21.96:80 | http://openportstats.com/css/owl.theme.css | GB | text | 1.63 Kb | malicious |
3360 | iexplore.exe | GET | 200 | 51.159.21.96:80 | http://openportstats.com/css/font-awesome.min.css | GB | text | 30.2 Kb | malicious |
3360 | iexplore.exe | GET | 200 | 51.159.21.96:80 | http://openportstats.com/css/extras.css | GB | text | 5.20 Kb | malicious |
3360 | iexplore.exe | GET | 200 | 51.159.21.96:80 | http://openportstats.com/js/popper.min.js | GB | text | 18.5 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3360 | iexplore.exe | 89.248.165.207:80 | — | Quasi Networks LTD. | SC | suspicious |
3360 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
3360 | iexplore.exe | 51.159.21.96:80 | openportstats.com | — | GB | unknown |
2952 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3360 | iexplore.exe | 142.250.185.67:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3360 | iexplore.exe | 142.251.36.42:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
— | — | 192.168.100.2:53 | — | — | — | whitelisted |
2952 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2952 | iexplore.exe | 51.159.21.96:80 | openportstats.com | — | GB | unknown |
2952 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
openportstats.com |
| malicious |
fonts.googleapis.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3360 | iexplore.exe | Misc Attack | ET DROP Dshield Block Listed Source group 1 |