URL: | http://www.alamosystems.com |
Full analysis: | https://app.any.run/tasks/4be2316d-1d8c-4712-bf3d-9d0e895ae364 |
Verdict: | Malicious activity |
Analysis date: | July 11, 2019, 15:12:25 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 4749222825FEB65034602108107BCAE9 |
SHA1: | 8D60D64D782F85567F2884D7E8588EEAB5B0E4DA |
SHA256: | 828DA1A2BC7D1176FE6C3E46B1BC5CAC0AE79DF0423DCB1185636DA667D2EAFD |
SSDEEP: | 3:N1KJS4BSFT:Cc4Y9 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2904 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3320 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2904 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2980 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
(PID) Process: | (2904) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2904) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2904) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 | |||
(PID) Process: | (2904) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones |
Operation: | write | Name: | SecuritySafe |
Value: 1 | |||
(PID) Process: | (2904) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (2904) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
(PID) Process: | (2904) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active |
Operation: | write | Name: | {59CEA1B1-A3EE-11E9-A9B1-5254004A04AF} |
Value: 0 | |||
(PID) Process: | (2904) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
Operation: | write | Name: | Type |
Value: 4 | |||
(PID) Process: | (2904) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
Operation: | write | Name: | Count |
Value: 1 | |||
(PID) Process: | (2904) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
Operation: | write | Name: | Time |
Value: E307070004000B000F000C0035008B00 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2904 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2904 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3320 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:EC5856525AA689BAC7E0084FCDFCA95C | SHA256:4302665CC8E14EA70C4E604C9D2371223FC22AAF1C258E957F8EA592DA8E008F | |||
3320 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\node.h[1].js | html | |
MD5:4B305A9B2FC481354C1AC4C5C1C2E97B | SHA256:5284A7ABE0D117EACA4824C45751487B7CF54175BC35057950C47BE49D5FE017 | |||
3320 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\index[1].css | text | |
MD5:55316F67BE709CFC0D9DBDA10854B7E7 | SHA256:4795C59BA44A38E031A8B7D9884BC24CB18EFADD2A359489AFEB9C79F758A684 | |||
3320 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7QUGCEO4\11.0.1[1].js | html | |
MD5:A33510B861FF37145779F52FCDBBBD1D | SHA256:63BA4F4194F92AC35E4090573D779D4F6CD08C8C45D30AD8B7C01D6D590F5AED | |||
3320 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J52GVJWH\jquery.multiscroll[1].css | text | |
MD5:EDB681CA8DDA270ED553A1CE21AC7A15 | SHA256:BFF61C72EF6E688E94CA50A1C997A20F864D1B42EAB575A86D10F76A15FC8FDD | |||
3320 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C1INRKPX\index_pc[1].css | text | |
MD5:10CC49C3B600FF0B0FC362790230B362 | SHA256:1FDB77039ED0CD27C6D4A3FEEBAF2B6FF47F288A84B8430F75CDE7566B3AF630 | |||
3320 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:751E1E0DE62BD5D7278E91E7099D586D | SHA256:018D2B8C4C968F7ECD323DD878012546692CB009A56F72E28D01BBC26FFC381A | |||
3320 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4EO4JFS\alamosystems_com[1].htm | html | |
MD5:E6AC1F44EEA270306077B5AF1EF9CB27 | SHA256:18F308D078BEB3BEA5B43D63A587713B4E8B480E16E8E208D9B9FA9DD385A681 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3320 | iexplore.exe | GET | — | 144.168.119.139:80 | http://www.alamosystems.com/koolchadjs/js/jquery.easing.min.js | US | — | — | unknown |
3320 | iexplore.exe | GET | — | 185.59.220.19:80 | http://www.ssd996.com/home/css/index_pc.css | DE | — | — | suspicious |
3320 | iexplore.exe | GET | 200 | 144.168.119.139:80 | http://www.alamosystems.com/koolcss/css/jquery.multiscroll.css | US | text | 653 b | unknown |
3320 | iexplore.exe | GET | 200 | 185.59.220.19:80 | http://www.ssd996.com/uploads/15583554967007.png | DE | image | 9.29 Kb | suspicious |
3320 | iexplore.exe | GET | 200 | 185.59.220.19:80 | http://www.ssd996.com/home/imgs/bg1.jpg | DE | image | 81.6 Kb | suspicious |
3320 | iexplore.exe | GET | 200 | 144.168.119.139:80 | http://www.alamosystems.com/ | US | html | 2.76 Kb | unknown |
3320 | iexplore.exe | GET | 200 | 111.206.37.189:80 | http://push.zhanzhang.baidu.com/push.js | CN | text | 227 b | whitelisted |
3320 | iexplore.exe | GET | 200 | 144.168.119.139:80 | http://www.alamosystems.com/koolcss/css/index.css | US | text | 2.92 Kb | unknown |
3320 | iexplore.exe | GET | 200 | 185.59.220.19:80 | http://www.ssd996.com/home/css/index_pc.css | DE | text | 1.14 Kb | suspicious |
3320 | iexplore.exe | GET | 200 | 144.168.119.139:80 | http://www.alamosystems.com/js/node.h.js | US | html | 1.24 Kb | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2904 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3320 | iexplore.exe | 144.168.119.139:80 | www.alamosystems.com | eSited Solutions | US | unknown |
— | — | 104.192.110.245:80 | js.passport.qihucdn.com | Beijing Qihu Technology Company Limited | US | suspicious |
3320 | iexplore.exe | 185.59.220.19:80 | www.ssd996.com | Datacamp Limited | DE | malicious |
3320 | iexplore.exe | 220.242.139.165:443 | js.users.51.la | — | CN | unknown |
3320 | iexplore.exe | 111.206.37.189:80 | push.zhanzhang.baidu.com | China Unicom Beijing Province Network | CN | malicious |
3320 | iexplore.exe | 103.235.46.191:443 | hm.baidu.com | Beijing Baidu Netcom Science and Technology Co., Ltd. | HK | suspicious |
3320 | iexplore.exe | 13.224.68.36:80 | s6.qhres.com | — | US | unknown |
3320 | iexplore.exe | 183.131.207.66:80 | ia.51.la | DaLi | CN | malicious |
2904 | iexplore.exe | 144.168.119.139:80 | www.alamosystems.com | eSited Solutions | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.alamosystems.com |
| unknown |
www.ssd996.com |
| suspicious |
push.zhanzhang.baidu.com |
| whitelisted |
js.passport.qihucdn.com |
| suspicious |
hm.baidu.com |
| whitelisted |
js.users.51.la |
| whitelisted |
s6.qhres.com |
| whitelisted |
ia.51.la |
| whitelisted |
s.360.cn |
| whitelisted |