URL: | http://bit.do/eQmV9 |
Full analysis: | https://app.any.run/tasks/437abaf0-52d9-4f87-9921-c98d5fff7b84 |
Verdict: | Malicious activity |
Analysis date: | April 24, 2019, 21:14:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 2D5B0BF0F22CD4BD971E9A3BBBC4E6C4 |
SHA1: | 4B358F679AB4D515C68E6C031A3BE38E411117DB |
SHA256: | 95789F4A1E5255DA5E6262B0FA751D5948625E62A315DACFD42C8E152636829C |
SSDEEP: | 3:N1KcQ1qc:Cczc |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
636 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1564 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:636 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1668 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
636 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
636 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1564 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IXYBT366\ePtVT[1].txt | — | |
MD5:— | SHA256:— | |||
1564 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bit[2].txt | — | |
MD5:— | SHA256:— | |||
1564 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
1564 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0NS67F1U\bit-do-url-shortener-logo-66x66[1].png | image | |
MD5:BFF83B87460C31C38FB192435B01665A | SHA256:BC21F83D32C32E2D174138EC2BB7BB6954C673F82A1E8DCBE49B8A50F3ED8167 | |||
1564 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:1B2DF6CCF00BA103228FF7C3E7CBC21D | SHA256:14C76397F0936A78F2BAD37F0F721618A3F00C1A35EF73FF9954A49989195DAC | |||
1564 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:B96DBD85ED9C88A9DB1A1425C63D205C | SHA256:00350FB8264E16459E3B99D299BF8DDAE1F8F020E799A963B7703C2272E83433 | |||
1564 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IXYBT366\style[1].css | — | |
MD5:— | SHA256:— | |||
1564 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IXYBT366\ePtVT[1].htm | html | |
MD5:A485CE71D5C595A7EAA504CDFFBAFEC9 | SHA256:489581792DCD999D5047F23D9AF3EFB9F81DAA8ED381B0AF7ED30E4781C1B04E |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1564 | iexplore.exe | GET | 200 | 205.185.216.10:80 | http://cdn.waframedia30.com/wmedia/tags/xbanner/xbanner.js?ap=1300 | US | — | — | whitelisted |
1564 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://iyfsearch.com/?dn=waframedia8.com&pid=9PO755G95 | VG | html | 5.21 Kb | suspicious |
1564 | iexplore.exe | GET | 200 | 54.83.52.76:80 | http://bit.do/images/bit-do-url-shortener-logo-66x66.png | US | image | 3.98 Kb | shared |
1564 | iexplore.exe | GET | 200 | 143.204.98.200:80 | http://d1lxhc4jvstzrp.cloudfront.net/themes/saledefault.css | US | text | 1.48 Kb | shared |
1564 | iexplore.exe | GET | 200 | 143.204.98.200:80 | http://d1lxhc4jvstzrp.cloudfront.net/themes/assets/skenzo.css | US | text | 208 b | shared |
1564 | iexplore.exe | GET | 200 | 143.204.98.200:80 | http://d1lxhc4jvstzrp.cloudfront.net/themes/assets/style.css | US | text | 343 b | shared |
1564 | iexplore.exe | GET | 500 | 54.83.52.76:80 | http://bit.do/eQmV9 | US | html | 606 b | shared |
1564 | iexplore.exe | GET | 200 | 54.83.52.76:80 | http://bit.do/ePtVT | US | html | 7.32 Kb | shared |
1564 | iexplore.exe | GET | 200 | 54.72.9.51:80 | http://cdn.waframedia8.com/wmedia/tags/xdirect/xdirect.html?p=70874241&serverdomain=wmedia&size=300x250&ct=html&ap=1300 | IE | html | 984 b | malicious |
1564 | iexplore.exe | GET | 200 | 216.58.205.238:80 | http://www.google-analytics.com/ga.js | US | text | 16.7 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1564 | iexplore.exe | 205.185.216.10:80 | cdn.waframedia30.com | Highwinds Network Group, Inc. | US | whitelisted |
1564 | iexplore.exe | 216.58.205.238:80 | www.google-analytics.com | Google Inc. | US | whitelisted |
636 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1564 | iexplore.exe | 54.72.9.51:80 | cdn.waframedia8.com | Amazon.com, Inc. | IE | malicious |
1564 | iexplore.exe | 52.216.130.21:443 | s3.amazonaws.com | Amazon.com, Inc. | US | unknown |
1564 | iexplore.exe | 54.83.52.76:80 | bit.do | Amazon.com, Inc. | US | shared |
1564 | iexplore.exe | 2.16.186.64:80 | i2.cdn-image.com | Akamai International B.V. | — | whitelisted |
1564 | iexplore.exe | 2.16.186.106:80 | i2.cdn-image.com | Akamai International B.V. | — | whitelisted |
1564 | iexplore.exe | 208.91.196.46:80 | iyfsearch.com | Confluence Networks Inc | VG | malicious |
— | — | 143.204.98.200:80 | d1lxhc4jvstzrp.cloudfront.net | — | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
bit.do |
| shared |
cdn.waframedia30.com |
| whitelisted |
s3.amazonaws.com |
| shared |
cdn.waframedia8.com |
| malicious |
www.google-analytics.com |
| whitelisted |
d1lxhc4jvstzrp.cloudfront.net |
| shared |
iyfsearch.com |
| suspicious |
i2.cdn-image.com |
| whitelisted |
i3.cdn-image.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
1564 | iexplore.exe | Misc activity | ADWARE [PTsecurity] InstantAccess |