download: | download.php |
Full analysis: | https://app.any.run/tasks/e262ffed-1942-4a8a-9728-e5a823ce6d8b |
Verdict: | Malicious activity |
Analysis date: | June 16, 2019, 08:25:16 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | 6BF11551DA3962531644503CDF5B465B |
SHA1: | B4181BB68CC6515C5F56BE5E743A8C8759528761 |
SHA256: | 93818BFF4D93C9C07E8E55295B3096DC8EABC6632417CF89DE7F95128D435914 |
SSDEEP: | 768:ERdaBjezpGJ0UXM51iS4VaZSldJnSmFYSxsn3:L2GmD51iSuaZSlddFFYSxs3 |
.htm/html | | | HyperText Markup Language with DOCTYPE (80.6) |
---|---|---|
.html | | | HyperText Markup Language (19.3) |
Description: | - |
---|---|
Keywords: | - |
ContentScriptType: | text/html; charset=utf-8 |
ContentType: | text/html; charset=utf-8 |
Title: | Old versions of Windows, Mac and Linux Software, Apps & Abandonware Games - Download at OldVersion.com |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
456 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\download.php | C:\Windows\system32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3048 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | rundll32.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1672 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3048 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
856 | "C:\Windows\System32\cmd.exe" | C:\Windows\System32\cmd.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 3221225786 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1008 | "C:\Windows\system32\CompMgmtLauncher.exe" | C:\Windows\system32\CompMgmtLauncher.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Computer Management Snapin Launcher Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3820 | "C:\Windows\system32\CompMgmtLauncher.exe" | C:\Windows\system32\CompMgmtLauncher.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Computer Management Snapin Launcher Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3976 | "C:\Windows\system32\mmc.exe" "C:\Windows\system32\compmgmt.msc" /s | C:\Windows\system32\mmc.exe | CompMgmtLauncher.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Management Console Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3048 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1672 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bing[2].txt | — | |
MD5:— | SHA256:— | |||
1672 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LQ78BISW\search[1].txt | — | |
MD5:— | SHA256:— | |||
1672 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bing[1].txt | text | |
MD5:5DB4AD12E823AFBE7B5E6A48647DCE85 | SHA256:F9E84E5C3F93E9119A1CF7C489086B174569DF186BDF03D01D4EB62F52FE7567 | |||
1672 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt | text | |
MD5:7CDA85979BFA3929CDF0E89AC9C76BFB | SHA256:9E25D631FF70F10A4EB2EA1EDD732D387CBC4E909383D84B58C7EF4087FA88F0 | |||
1672 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LQ78BISW\search[1].htm | html | |
MD5:B130A91F097A2A01A7EA5650A26987C5 | SHA256:982F64578CA8FE5A045EFBED4EAFA3CC4A83E76A55E132FC18A7F7D341571521 | |||
1672 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:5CABB0C0476EAB4A8F02F96453E2EFC6 | SHA256:BB528B50C77026BC8C4087F4A68B0869C9A3618AEADA9AF36F1523DAF2B31CCD | |||
1672 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:535CC968290CF0DD9DC5D81362C6C0EA | SHA256:168EF2F2BB81432F34E1215A1BDF02E383467009C56DE4F848A015C59E83B2DC | |||
1672 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:117F166CC19356C8043F7487D6AAC785 | SHA256:FB626E6DC37FCECF854AB307C80D8427243D07201DC1FD98B220DC53E3D7F684 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1672 | iexplore.exe | GET | 302 | 104.90.156.189:80 | http://go.microsoft.com/fwlink/?LinkId=57426&Ext=php | NL | — | — | whitelisted |
1672 | iexplore.exe | GET | 301 | 2.16.186.24:80 | http://shell.windows.com/fileassoc/fileassoc.asp?Ext=php | unknown | — | — | whitelisted |
3048 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3048 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1672 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1672 | iexplore.exe | 2.16.186.24:80 | shell.windows.com | Akamai International B.V. | — | whitelisted |
3048 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1672 | iexplore.exe | 157.55.134.142:443 | login.live.com | Microsoft Corporation | US | whitelisted |
1672 | iexplore.exe | 104.90.156.189:80 | go.microsoft.com | Akamai Technologies, Inc. | NL | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
shell.windows.com |
| whitelisted |
login.live.com |
| whitelisted |