download: | index.html |
Full analysis: | https://app.any.run/tasks/14424793-c7ee-47b8-82a0-c1190df27793 |
Verdict: | Malicious activity |
Analysis date: | February 22, 2020, 14:42:12 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | FF64BF94FBDF7C6E851EF18E7E5A85FA |
SHA1: | 56B44222A3F2FBE60119BFC5197AF7780A59895C |
SHA256: | 93D6F0B534767FCA911D0D600DF63F7F132CBC722C33BAB8261F7A5475A49B67 |
SSDEEP: | 1536:n+s5TSyMXZ38yAnBBSLCHNwHhLpL+RWTIP90PYfbAwpfHathn5:FXnOauF+QTenfk |
.htm/html | | | HyperText Markup Language with DOCTYPE (80.6) |
---|---|---|
.html | | | HyperText Markup Language (19.3) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2892 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html.htm | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2756 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2892 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 3489660927 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3108 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2892 CREDAT:340995 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2892 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2756 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\CabC9E0.tmp | — | |
MD5:— | SHA256:— | |||
2756 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\TarC9E1.tmp | — | |
MD5:— | SHA256:— | |||
2756 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | binary | |
MD5:A91B5C4CB81863ED3C47780EA4DE7268 | SHA256:7B0F017F9C6B2EFC6E30DD96DE2B66F9482D8366811D973B0B6D762AF3C5CBFA | |||
2756 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\js[1].js | text | |
MD5:E5C7D0CFE5B5C50786F0E006484D7A13 | SHA256:2FA0E6A737F209FDC7DD1F5898FCA5AC78FB2E87C73C8609F583CAB13B95364C | |||
2756 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:E550DA03AEE5B546B436CD553D3233B9 | SHA256:9ABFD4E29B96CCA442502B1DE6071FE0293455DF22B4EFF19FA3E6DF060947E7 | |||
2756 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_4D95D2CC90050ED69FBE26D775AA3232 | der | |
MD5:6258559EF737B1D9FB0FD7F2F74CB186 | SHA256:6C500A9F86D47CF4C96D3065C3A005186CE5B645A09BDC5C828051AA4E11C7A3 | |||
2756 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_329633C46DA5FE1701DC8ADF1A383981 | binary | |
MD5:4137F771D2E8BEB78E37B2A4B8C9B2A7 | SHA256:CD350828BBD7EBA6A55F9D99D8387863DD107637643197A0951FF55F6C26BF14 | |||
2756 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_329633C46DA5FE1701DC8ADF1A383981 | der | |
MD5:E688F740A983B7AAC74C5220E59A380E | SHA256:BDD7CA9DCB5B4B137CDFDCEB98BC1C2E4867B8FF6B2FEA61B1DDA3BA814FA943 | |||
2756 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\DTI6C8B8.txt | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2756 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D | US | der | 1.47 Kb | whitelisted |
2756 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D | US | der | 1.47 Kb | whitelisted |
2756 | iexplore.exe | GET | 200 | 172.217.16.195:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2756 | iexplore.exe | GET | 200 | 172.217.16.195:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCv2pgtDmXnZAgAAAAALnDT | US | der | 472 b | whitelisted |
2756 | iexplore.exe | GET | 200 | 192.124.249.41:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
2756 | iexplore.exe | GET | 200 | 192.124.249.41:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
2756 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D | US | der | 1.47 Kb | whitelisted |
2756 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D | US | der | 1.47 Kb | whitelisted |
2756 | iexplore.exe | GET | 200 | 172.217.16.195:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCgdZM8AVzzKAgAAAAALnDU | US | der | 472 b | whitelisted |
2756 | iexplore.exe | GET | 200 | 172.217.16.195:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCgdZM8AVzzKAgAAAAALnDU | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3108 | iexplore.exe | 172.217.23.168:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
2756 | iexplore.exe | 172.217.16.195:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
4 | System | 216.58.205.226:139 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
2756 | iexplore.exe | 192.0.76.3:443 | stats.wp.com | Automattic, Inc | US | suspicious |
4 | System | 216.58.205.226:445 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
2756 | iexplore.exe | 216.58.205.226:443 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
2892 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2756 | iexplore.exe | 104.31.93.71:443 | official-kmspico.com | Cloudflare Inc | US | unknown |
2756 | iexplore.exe | 172.217.23.168:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
2756 | iexplore.exe | 172.217.22.46:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.googletagmanager.com |
| whitelisted |
pagead2.googlesyndication.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
official-kmspico.com |
| unknown |
stats.wp.com |
| whitelisted |
c0.wp.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |