URL: | http://104.237.196.116/ |
Full analysis: | https://app.any.run/tasks/833c7640-5116-4b65-bf6d-4b6c377d1eea |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 20:51:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 72951900920F79B926997CB194AACC84 |
SHA1: | CB4E990B1070E2BBCAE33594DEA29A866EFB2896 |
SHA256: | 89DF8D4F0E75866434513184A7D87F433BAE1AAD719928BCD80C8985E2BFF38A |
SSDEEP: | 3:N1KtMS5BK:C0 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1988 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://104.237.196.116/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2872 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1988 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1988 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C | binary | |
MD5:7FDA30DBFAEC60A235437FE75E460E06 | SHA256:CE9E04729CCC83E85E57950AF704B373942F7CA137CA327FCE742FC7F7C72ED2 | |||
1988 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:6C9006E759741C43095D127B5CDCC0D0 | SHA256:A78AF21351CA71089A37A56277B85B22E7E27D329FD2C352AF8D188469E19FA8 | |||
2872 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\KIFXNKAM.txt | text | |
MD5:0ACF19621449A136F9BE9E845BFF7EFB | SHA256:049D2B7E65D99A294057513257174E0D33138EAAF60C72E4F3751053AF93EE4C | |||
2872 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\HJ0G948S.txt | text | |
MD5:10A495D9B501868412BF555B6F55FE9F | SHA256:DF0B2B915C127FABC770C7543F352AC59322E7FFBB00544840A528BAFA0D8DD5 | |||
2872 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\02WM20KL.txt | text | |
MD5:55A154AE49BC90214750D3778B4D5FF2 | SHA256:D32D4F48074BE343160BD9E974373026B6854121307F85E885074FA2F16FAF9D | |||
2872 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9 | binary | |
MD5:0315D01CC8EF75F35ED40FF0123F5DB8 | SHA256:368A698861B18720EDE6EC8E8722B701BD4D1C2D349C4563A941CFBD3F1B554B | |||
2872 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\parking.2.77.1[1].js | html | |
MD5:4BCA844EBB9F2750E5648220033CBC02 | SHA256:E17CB5741DE72E0E24ECA1CDE7D28EAA432B8B1FAE6D26139EC74D7B1BC01BF4 | |||
2872 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\4G79EMJS.htm | html | |
MD5:DA021CD918BFD4070AB7502D7A1A7296 | SHA256:E421BC5E37A0B00A98CA6AA667FA679968DAD94945F87C2788CD32217A34959F | |||
1988 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C | der | |
MD5:40925F2F3FE225325413831AB1F3FEDC | SHA256:CA7BAB021C2F3298737BA2227FBEFB278E0349A5192207D6472EC97A13B753B9 | |||
2872 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\WND13P1J.txt | text | |
MD5:E4870E91C5CB5AFA98301E73EE462254 | SHA256:8DDA10711822DEB3104F94F957AF8929D6DDC9E65B18CA3170C7E57C332DD9DB |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1988 | iexplore.exe | GET | 200 | 199.59.243.200:80 | http://ww1.survey-smiles.com/favicon.ico | US | — | — | malicious |
2872 | iexplore.exe | GET | 200 | 5.79.68.107:80 | http://survey-smiles.com/ | NL | html | 473 b | whitelisted |
2872 | iexplore.exe | GET | 200 | 199.59.243.200:80 | http://ww1.survey-smiles.com/js/parking.2.77.1.js | US | html | 18.9 Kb | malicious |
2872 | iexplore.exe | POST | 200 | 199.59.243.200:80 | http://ww1.survey-smiles.com/_fd | US | text | 2.50 Kb | malicious |
2872 | iexplore.exe | GET | 200 | 142.250.186.35:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
2872 | iexplore.exe | GET | 302 | 104.237.196.116:80 | http://104.237.196.116/ | US | text | 11 b | whitelisted |
1988 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
1988 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/DigiCertGlobalRootCA.crl | US | der | 631 b | whitelisted |
2872 | iexplore.exe | GET | 200 | 216.58.212.163:80 | http://crl.pki.goog/gsr1/gsr1.crl | US | der | 1.61 Kb | whitelisted |
2872 | iexplore.exe | GET | 200 | 142.250.186.35:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD0u1o6ejgsaAoAAAABJ949 | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2872 | iexplore.exe | 104.237.196.116:80 | — | Nexeon Technologies, Inc. | US | unknown |
1988 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1988 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2872 | iexplore.exe | 5.79.68.107:80 | survey-smiles.com | LeaseWeb Netherlands B.V. | NL | malicious |
2872 | iexplore.exe | 199.59.243.200:80 | ww1.survey-smiles.com | — | US | malicious |
1988 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1988 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 142.250.186.35:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
1988 | iexplore.exe | 199.59.243.200:80 | ww1.survey-smiles.com | — | US | malicious |
2872 | iexplore.exe | 142.250.186.35:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
survey-smiles.com |
| whitelisted |
ww1.survey-smiles.com |
| malicious |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
parking.bodiscdn.com |
| whitelisted |