download: | index.html |
Full analysis: | https://app.any.run/tasks/f0cdcccb-fe70-46b3-a46a-1c24e080e032 |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 07:30:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines |
MD5: | 483281989F06707F43015184B3AC7093 |
SHA1: | 765A0636774A3E5513F6CE26FE3EB94141AA6F5F |
SHA256: | 7E30A660E7302CEEFAF2A3281439EA21A060D765F4FE164A49448B9647B4914E |
SSDEEP: | 96:jioOjIZRGKv7gErecdUB2BuUQmvabn/Otk8MownOC+9mBRQs:jio6WYakkhBXQHgMZnOCLRQs |
.html | | | HyperText Markup Language (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
804 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3708 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:804 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3476 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:804 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
804 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SOSHOYO2.txt | — | |
MD5:— | SHA256:— | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SMIETZ3X.txt | — | |
MD5:— | SHA256:— | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[1].htm | — | |
MD5:— | SHA256:— | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[5].xml | xml | |
MD5:918E0CB802A4B2929CA7D97BBC51C278 | SHA256:5811968A9276C857E42A9AA93DC55F721CE964BC649875561D24C096D4A90E25 | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[3].xml | xml | |
MD5:668051BCCD87C125873F2A39A7F6CA92 | SHA256:BA908F9FF780EDDF537323B5FD86BED3E7C2E9ABCF08CE8D6D0248A8EC8A9FB7 | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[4].xml | xml | |
MD5:03215EEBE7D1B4D1EAE1D5473C83842B | SHA256:D8992AAE91258CFC92F31D7A1BF915FF27356D8FCE8029E3CA2CD103BF01D24A | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[1].xml | xml | |
MD5:4BFB6BD11F894DB26C92C2B9E53A14BD | SHA256:32E909ADC026D91C4CAF120C8BE38C4B682137ADF6E18EDA796CDD752601A597 | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\I8EL9JFM.txt | text | |
MD5:050669B81D08B257B65D7C491B18AE4B | SHA256:96881F19D099D23FAA08B05AD2BC8612F132BDB7DA3AEEB7F80F0C806E53C6F4 | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[2].xml | xml | |
MD5:9FC9EB54C1098FF53D98DB4EC6A4E12F | SHA256:3F66F06BC08DDA3BA5F77D7163D92572675B075058798E75318DA51AC47E1681 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3476 | iexplore.exe | GET | — | 13.107.13.80:80 | http://api.bing.com/qsml.aspx?query=ht&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | — | — | whitelisted |
3476 | iexplore.exe | GET | 200 | 13.107.13.80:80 | http://api.bing.com/qsml.aspx?query=htt&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 271 b | whitelisted |
3476 | iexplore.exe | GET | 200 | 13.107.13.80:80 | http://api.bing.com/qsml.aspx?query=http&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 271 b | whitelisted |
3476 | iexplore.exe | GET | 200 | 13.107.13.80:80 | http://api.bing.com/qsml.aspx?query=http%3A&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 268 b | whitelisted |
3476 | iexplore.exe | GET | 200 | 13.107.13.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fg&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 288 b | whitelisted |
3476 | iexplore.exe | GET | 200 | 13.107.13.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fgm&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 258 b | whitelisted |
3476 | iexplore.exe | GET | 200 | 13.107.13.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fgmai.&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 233 b | whitelisted |
3476 | iexplore.exe | GET | 200 | 199.59.242.153:80 | http://ww1.gmai.com/ | US | html | 3.99 Kb | malicious |
3476 | iexplore.exe | GET | 200 | 13.107.13.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2F&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 267 b | whitelisted |
3476 | iexplore.exe | GET | 200 | 13.107.13.80:80 | http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fgmai&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IE11SS&market=en-US | US | xml | 226 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
804 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3476 | iexplore.exe | 13.107.13.80:80 | api.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 172.217.23.100:80 | www.google.com | Google Inc. | US | whitelisted |
3476 | iexplore.exe | 81.17.18.196:80 | gmai.com | Private Layer INC | CH | malicious |
3476 | iexplore.exe | 199.59.242.153:80 | ww1.gmai.com | Bodis, LLC | US | malicious |
804 | iexplore.exe | 199.59.242.153:80 | ww1.gmai.com | Bodis, LLC | US | malicious |
— | — | 13.107.13.80:80 | api.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 81.17.18.196:80 | gmai.com | Private Layer INC | CH | malicious |
804 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
804 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
gmai.com |
| whitelisted |
ww1.gmai.com |
| malicious |
www.google.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |