download: | index.html |
Full analysis: | https://app.any.run/tasks/dc1e6d1a-daf5-44e8-8f8b-55732114ef92 |
Verdict: | Malicious activity |
Analysis date: | February 21, 2020, 16:06:22 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text |
MD5: | D778532C22928556A2F6975C3D2616AB |
SHA1: | F91F12F287881A56908F62BCF8AC45C64E347D71 |
SHA256: | 8FCE6CACF26AD8092FEA7579D4CC8CB2B82A1B02DB1A8777A0A00E55EF16C7A9 |
SSDEEP: | 6:qF5XfbvC9eGD7EqfcIF+7He50AS3BR9PObq2PJHX4Qv:8Xfbcee7EqfcIc7hAylObq+JHoQv |
.html | | | HyperText Markup Language (100) |
---|
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3376 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3432 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3376 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2960 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3376 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3000 | "C:\Program Files\Opera\opera.exe" | C:\Program Files\Opera\opera.exe | explorer.exe | ||||||||||||
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Version: 1748 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3376 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3000 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opr2771.tmp | — | |
MD5:— | SHA256:— | |||
3000 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opr27B0.tmp | — | |
MD5:— | SHA256:— | |||
3000 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp | — | |
MD5:— | SHA256:— | |||
3000 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4PMMPBS2N8SG1H9QNI3N.temp | — | |
MD5:— | SHA256:— | |||
3432 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\nv[1].js | text | |
MD5:8D1768468AFD9ADE566FCC7C1D63FFF9 | SHA256:1A7DA2F0016680A885E0DFC0DF3B4E2424E06DD7163AB1A7A2EAB2FFDEFE5F65 | |||
3000 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini | text | |
MD5:DCE0B8372C285F3327709E273B37C36F | SHA256:AC87F702C9DD6F050C8F39B123F65CACA9D424D8BA7210CD84C856D9DEC4E940 | |||
3432 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\nv[1].js | text | |
MD5:8D1768468AFD9ADE566FCC7C1D63FFF9 | SHA256:1A7DA2F0016680A885E0DFC0DF3B4E2424E06DD7163AB1A7A2EAB2FFDEFE5F65 | |||
3000 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml | xml | |
MD5:AAC10BD49D99130B0A1E8870D9AA2F04 | SHA256:5A53A9340A1A0DA863B04DFCCED36EDA1F6DA2EDDA1A9701D596244022C18525 | |||
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar6C4B.tmp | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3432 | iexplore.exe | GET | 200 | 51.68.229.32:80 | http://streamedia.icu/nv.js?stream | GB | text | 92.7 Kb | unknown |
3432 | iexplore.exe | GET | 200 | 51.68.229.32:80 | http://streamedia.icu/nv.js?stream | GB | text | 92.7 Kb | unknown |
3000 | opera.exe | GET | 200 | 172.217.16.174:80 | http://clients1.google.com/complete/search?q=Create+folders+/+append+data&client=opera-suggest-omnibox&hl=de | US | text | 149 b | whitelisted |
3376 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3000 | opera.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDceXlqmGpr8AgAAAABZcjQ%3D | US | der | 471 b | whitelisted |
3000 | opera.exe | GET | 200 | 172.217.16.163:80 | http://crl.pki.goog/gsr2/gsr2.crl | US | der | 950 b | whitelisted |
3000 | opera.exe | GET | 302 | 172.217.21.195:80 | http://www.google.com.ua/search?client=opera&q=Create+folders+/+append+data&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest | US | html | 357 b | whitelisted |
3000 | opera.exe | GET | 200 | 93.184.220.29:80 | http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl | US | der | 564 b | whitelisted |
3376 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3000 | opera.exe | GET | 302 | 172.217.21.195:80 | http://www.google.com.ua/search?q=Create+folders+/+append+data&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest | US | html | 341 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3376 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3376 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3432 | iexplore.exe | 51.68.229.32:80 | streamedia.icu | — | GB | unknown |
3000 | opera.exe | 185.26.182.111:80 | sitecheck2.opera.com | Opera Software AS | — | whitelisted |
3432 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3000 | opera.exe | 185.26.182.93:443 | certs.opera.com | Opera Software AS | — | whitelisted |
3000 | opera.exe | 185.26.182.94:80 | certs.opera.com | Opera Software AS | — | whitelisted |
3376 | iexplore.exe | 93.184.220.29:80 | crl4.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3000 | opera.exe | 172.217.16.174:80 | clients1.google.com | Google Inc. | US | whitelisted |
3000 | opera.exe | 172.217.21.195:80 | www.google.com.ua | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
streamedia.icu |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
certs.opera.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |
clients1.google.com |
| whitelisted |
www.google.com.ua |
| whitelisted |
sitecheck2.opera.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO DNS Query for Suspicious .icu Domain |
— | — | Potentially Bad Traffic | ET INFO DNS Query for Suspicious .icu Domain |