URL: | http://fannieae.com |
Full analysis: | https://app.any.run/tasks/23b23a9e-eee1-462c-8cf2-9554431dbf67 |
Verdict: | Malicious activity |
Analysis date: | May 23, 2019, 23:05:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | D842F3BB5572315D9B41352BCF5E9B81 |
SHA1: | BE2C65837830E9B58660C648DE813B34585123D6 |
SHA256: | 8C88223B9C99F709C52DDA94E6B10B87CD693781F1B9ED0CA5F2EE1EF5F8CDC5 |
SSDEEP: | 3:N1KYmEhn:CYzhn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3384 | "C:\Program Files\Internet Explorer\iexplore.exe" http://fannieae.com | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2768 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3384 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3384 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3384 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2768 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H7EG0R88\ww25_fannieae_com[1].txt | — | |
MD5:— | SHA256:— | |||
2768 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019052420190525\index.dat | dat | |
MD5:6856341250E6B117CAED5DB1B73C4C5B | SHA256:9B0B089019E0346F08A2DD48364912B699156A74582696FFCCB1915B6CF72546 | |||
2768 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H7EG0R88\ww25_fannieae_com[1].htm | html | |
MD5:A7BFCE2A35136735C9B006CC90711D22 | SHA256:352E84086FD1B51A48389EEA6006076CAD8ACE7A01CF3B30B74405DC0E1969DE | |||
2768 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:B04178DFFA182D9D7FA9DD1A1086EDA8 | SHA256:6DD5ADEC01588E300A0F91091751BAC7B0B3031498948305CCC9310B8FED20DE | |||
2768 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:24D23A080647A939380D8A20CCD7DBC4 | SHA256:94FF6DE31D3D51290C65FDE999303CE54C24B0F3D2E0EFFB45C2B417194E2F4C | |||
2768 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@fannieae[1].txt | text | |
MD5:B93F6195C6F0F4F0833207B61D5AAC18 | SHA256:20F1560EE09DBF6D557D2BC454E2B7235CF48DDC73A867198902D6B365DE5E99 | |||
2768 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IZMIS2Q7\newjump1[1].do | — | |
MD5:— | SHA256:— | |||
2768 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:95A1D55067FFF21AB52818A91B815706 | SHA256:2FC4C53E96D2CA96BA25CD64707102D5E071DB084EFCEF7E5B59BA05A6CC98AB |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2768 | iexplore.exe | GET | 302 | 103.224.182.252:80 | http://fannieae.com/ | AU | — | — | malicious |
2768 | iexplore.exe | GET | 302 | 199.59.242.151:80 | http://ww25.fannieae.com/rz?u=https%3A%2F%2Fny18568.com%2Fctrd%2Fclick%2Fnewjump1.do%3Faffiliate%3D44875%26subid%3D9517293%26ai%3DJL6Sh_0k6sQwM5gM5K-NjPjKiegSvaPhu0yLXyF8PGssGcbYwzD4Y_4mIQDlGeSrVICx_tx_0J16bEHg5KJVKJPKAh9DAROEw1eo0j9PQb9591p2CmHInQDeGcgd4njZLIKCFeH9NZoUEVcscgpcIV7fY7zUF0E9locPSNkZPRJ_hJZD2OvWJ60NR8nftLsDdKnZklqWV3qLXo3oE4DUo5L_RLpfEZLPlJyDpga27ALy_aDxwYvrjGQeBKg76xQyByfZpwFmK7-nIMpbdEoBA3WZkE1Himd4KqbXGBbqOLejo3C7CDXgglUsSuDHb07h8QOqCNdvHHRqcixk8Xv2D1ac1Drh6-nueePXWchljv89w-tch9fE47O3PI8EYw5ge_bm7Of41eFwCh3IwHLko7X0Yx6n2z1J9lG_NqE57NchkGGPKV07Wr1nSONOEMyHgwENkAdaNrVsIHQZdSdeAxxuUdtTix8IbTaX08RAB17Dq7Q1641BMyELbxuLkrsh1kNI2UoQJdJSmTKKKe29M2rNAEvLMRBG-HOGC0U-M5JI--ol3qs42OjxPIuWSST8ZBpkoLJaTEA¬adsafe | US | text | 7.88 Kb | malicious |
2768 | iexplore.exe | GET | 200 | 199.59.242.151:80 | http://ww25.fannieae.com/glp?r=&u=http%3A%2F%2Fww25.fannieae.com%2F&rw=1280&rh=720&ww=1276&wh=560&ie=8 | US | text | 7.88 Kb | malicious |
2768 | iexplore.exe | GET | 200 | 199.59.242.151:80 | http://ww25.fannieae.com/ | US | html | 3.93 Kb | malicious |
2768 | iexplore.exe | GET | 200 | 172.217.23.132:80 | http://www.google.com/adsense/domains/caf.js | US | text | 55.0 Kb | whitelisted |
2768 | iexplore.exe | POST | 200 | 199.59.242.151:80 | http://ww25.fannieae.com/gzb | US | text | 750 b | malicious |
2768 | iexplore.exe | GET | 200 | 199.59.242.151:80 | http://ww25.fannieae.com/px.gif?ch=2&rn=2.242100536536563 | US | image | 42 b | malicious |
3384 | iexplore.exe | GET | 404 | 199.59.242.151:80 | http://ww25.fannieae.com/favicon.ico | US | html | 3.93 Kb | malicious |
2768 | iexplore.exe | GET | 200 | 199.59.242.151:80 | http://ww25.fannieae.com/px.gif?ch=1&rn=2.242100536536563 | US | image | 42 b | malicious |
3384 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2768 | iexplore.exe | 199.59.242.151:80 | ww25.fannieae.com | Bodis, LLC | US | malicious |
2768 | iexplore.exe | 103.224.182.252:80 | fannieae.com | Trellian Pty. Limited | AU | unknown |
3384 | iexplore.exe | 199.59.242.151:80 | ww25.fannieae.com | Bodis, LLC | US | malicious |
3384 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2768 | iexplore.exe | 172.217.23.132:80 | www.google.com | Google Inc. | US | whitelisted |
2768 | iexplore.exe | 216.58.207.74:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2768 | iexplore.exe | 104.17.251.106:443 | www.advconversion.com | Cloudflare Inc | US | shared |
3384 | iexplore.exe | 31.24.224.155:443 | www.dailyentertain.com | UK-2 Limited | GB | unknown |
2768 | iexplore.exe | 31.24.224.155:443 | www.dailyentertain.com | UK-2 Limited | GB | unknown |
2768 | iexplore.exe | 151.139.128.10:443 | ny18568.com | Highwinds Network Group, Inc. | US | malicious |
Domain | IP | Reputation |
---|---|---|
fannieae.com |
| malicious |
ww25.fannieae.com |
| malicious |
www.bing.com |
| whitelisted |
www.google.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
ny18568.com |
| malicious |
www.advconversion.com |
| suspicious |
www.dailyentertain.com |
| unknown |