download: | index.html |
Full analysis: | https://app.any.run/tasks/8d2c1b25-b497-4201-8237-99b80f7c6065 |
Verdict: | Malicious activity |
Analysis date: | January 22, 2019, 20:10:12 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | AA654BAF5EB1B4BAD4B5A8048DB69D1F |
SHA1: | 9499A2E43AE3C53FBEBBA20CFAA76DE014748863 |
SHA256: | 828F431DAD7D631B8D5FA4AC17635D28FD19C98429513EECC2D5B1E6D9E1969E |
SSDEEP: | 384:zi7KhgESoVBD8csZQ3RM3xbemLxXucfIk99heL3VzVc9v:ziYSogct3wImQOIk9SzNqv |
.html | | | HyperText Markup Language (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2956 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3240 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2956 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2352 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2956 CREDAT:137473 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2956 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2956 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2352 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\CA22E9OJ.txt | — | |
MD5:— | SHA256:— | |||
2956 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFD19A4BCEF10E5985.TMP | — | |
MD5:— | SHA256:— | |||
2352 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\CAG9GTV7.htm | html | |
MD5:3EA52E6CC5B2C76631A22B99F8F16467 | SHA256:BFB82CCF72F5FBDAD8EE9B286C982F936393034A318EAC8426F77AA7870506A6 | |||
2352 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\caf[1].js | text | |
MD5:021CACDD1B1D56A9F8D104B94014F681 | SHA256:817FA87F9D69F8A0778C3B83D21EAD325179AF758B024B4F73F0057BEEEECEE9 | |||
3240 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\jquery-1.4.2.min[1].js | text | |
MD5:0D658C3F0A7EFAA05A6FCEE9758231B3 | SHA256:E186F74C971A978C1DAF20BB51A1B71BCB075D8D09D678EE1D12665C136B1487 | |||
3240 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\caf[1].js | text | |
MD5:B8AB1A8ABCCD6F19D8410422168EFD03 | SHA256:50F61B5C0583A0F0BD4D9BADA1C25AB798D56430E2A3E41369EF8B796C1E7E4E | |||
2352 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@easycracks[1].txt | text | |
MD5:D80E50DDBC8394E98821A9F3D455C256 | SHA256:B88E03CB988EED855B0F953883F52B46C20AA81276FF154C9AED920B86A21C38 | |||
3240 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019012220190123\index.dat | dat | |
MD5:D6CCC8CDBD0A603AE07A4A453DD465D5 | SHA256:2DA16CCE7D0530AD06E83711270DEF0C1F522D7D000F03352D5261E857345014 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3240 | iexplore.exe | GET | — | 67.225.218.50:80 | http://parking.parklogic.com/page/enhance.js?pcId=2&domain=easycracks.net | US | — | — | suspicious |
2352 | iexplore.exe | GET | 200 | 72.52.4.90:80 | http://ww1.easycracks.net/search/tsc.php?200=MjgyNDU2MDE1&21=ODkuMjQ5LjczLjE3&681=MTU0ODE4NzgzMTVmMjIxMGE0N2Q1NmMxMzlkYmIxYWI5MzgxZWIwZjgz&crc=3606d9b387c286d20d8db870dde046bba116c7f3&cv=1 | US | — | — | malicious |
2352 | iexplore.exe | GET | 200 | 72.52.4.90:80 | http://ww1.easycracks.net//?gtnjs=1 | US | html | 7.85 Kb | malicious |
2352 | iexplore.exe | GET | 200 | 216.58.210.4:80 | http://www.google.com/adsense/domains/caf.js | US | text | 52.5 Kb | whitelisted |
2352 | iexplore.exe | GET | 200 | 67.225.218.50:80 | http://parking.parklogic.com/page/enhance.js?pcId=2&domain=easycracks.net | US | html | 2.17 Kb | suspicious |
3240 | iexplore.exe | GET | 200 | 216.58.210.4:80 | http://www.google.com/adsense/domains/caf.js | US | text | 52.5 Kb | whitelisted |
2352 | iexplore.exe | GET | 200 | 72.52.4.90:80 | http://ww1.easycracks.net/log/jserr.php?msg=Access+is+denied.%0D%0A&file=https%3A%2F%2Fscript.ioam.de%2Fiam.js&line=228 | US | compressed | 7.85 Kb | malicious |
3240 | iexplore.exe | GET | 200 | 205.234.175.175:80 | http://img.sedoparking.com/js/jquery-1.4.2.min.js | US | text | 26.1 Kb | whitelisted |
2352 | iexplore.exe | GET | 200 | 205.234.175.175:80 | http://img.sedoparking.com/templates/brick_gfx/common/logo_white.png | US | image | 2.18 Kb | whitelisted |
2352 | iexplore.exe | GET | 200 | 205.234.175.175:80 | http://img.sedoparking.com/js/jquery-1.4.2.min.js | US | text | 26.1 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3240 | iexplore.exe | 216.58.210.4:80 | www.google.com | Google Inc. | US | whitelisted |
2956 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3240 | iexplore.exe | 205.234.175.175:80 | img.sedoparking.com | CacheNetworks, Inc. | US | suspicious |
3240 | iexplore.exe | 67.225.218.50:80 | parking.parklogic.com | Liquid Web, L.L.C | US | malicious |
2352 | iexplore.exe | 205.234.175.175:80 | img.sedoparking.com | CacheNetworks, Inc. | US | suspicious |
2352 | iexplore.exe | 216.58.210.4:80 | www.google.com | Google Inc. | US | whitelisted |
2352 | iexplore.exe | 72.52.4.90:80 | ww1.easycracks.net | Akamai Technologies, Inc. | US | whitelisted |
2352 | iexplore.exe | 91.215.100.39:443 | script.ioam.de | INFOnline GmbH | DE | unknown |
2352 | iexplore.exe | 67.225.218.50:80 | parking.parklogic.com | Liquid Web, L.L.C | US | malicious |
Domain | IP | Reputation |
---|---|---|
img.sedoparking.com |
| whitelisted |
parking.parklogic.com |
| suspicious |
www.google.com |
| whitelisted |
www.bing.com |
| whitelisted |
ww1.easycracks.net |
| malicious |
script.ioam.de |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2352 | iexplore.exe | A Network Trojan was detected | SC TROJAN Malicious behaviour by LNK/Agent.CH |
2352 | iexplore.exe | A Network Trojan was detected | SC TROJAN Malicious behaviour by LNK/Agent.CH |
2352 | iexplore.exe | A Network Trojan was detected | SC BAD_UNKNOWN Trojan Unknown JS |
2352 | iexplore.exe | A Network Trojan was detected | SC TROJAN Malicious behaviour by LNK/Agent.CH |