URL: | http://dg311.com/coas/porl/Faculty_and_Staff/Charlene_Stainfield.aspx |
Full analysis: | https://app.any.run/tasks/e5a5a02a-51ce-46c9-84cf-45497707b68e |
Verdict: | Malicious activity |
Analysis date: | March 30, 2020, 18:16:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 31EA67AEDEB18B17FFDDFEB6E2DC4584 |
SHA1: | 6967699E54F440BDD3010B18C8C93D9B07BB0285 |
SHA256: | 971879556CE2188738903665AA51C0AC25B6347AC96F86E269EDC91C37170E0C |
SSDEEP: | 3:N1KaCWNZ3dEqZKjIJiLB6z2A0IK9L/3:CaVzZKj0i16SA2L/3 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2956 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://dg311.com/coas/porl/Faculty_and_Staff/Charlene_Stainfield.aspx" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3792 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2956 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\jquery.min[1].js | text | |
MD5:690C6C27663E2C6BEE133C1F2D6266F0 | SHA256:86280519ED1A03A9FCEC0A06E781FA56A8DC414D040570D3D857FC5D2B856906 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\8QU1CQCK.htm | html | |
MD5:49B66D4B22EEF7EA8B9405ABA651E98D | SHA256:4C918771201CA7EE8910416247B49A04587838A33DBC43E5AD3C4B1D9E92A234 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\jquery-ui.min[1].js | text | |
MD5:274C51BD8FA02A8EF41F355776343125 | SHA256:6172D25E74099A5F75970293983C22D8095A2FDC134A80841F70E4FAE77D595A | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\UNF.Extensions.min[1].js | html | |
MD5:4043D7A23EB9B1387DC03707EDE06974 | SHA256:7B3BE0541A93CFBC716476EBADDAE422B1C5622D4F34C42E2B5E46303D2E84B8 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\ektron.javascript[1].htm | html | |
MD5:8459D20C5F52D16B75F4F99977AA6CE6 | SHA256:3B1D77033AD2F5935B80CF5CF7C406583693BBEC355DE25367BC54A20578292A | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\porl[1].gif | image | |
MD5:ABCB509EEB631F8DF5D7E9F28F23311D | SHA256:65204D5232165FBE4D3CCB1AEF86ED80DF9BF94938900FA33BAE58EC4E6F851B | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\Charlene_Stainfield[1].htm | html | |
MD5:9BAABBEAE27D80234F90AA08747761FE | SHA256:EDB76C14A981A652FCC514B97E32AC76D2C56B3D74C41FB1B8BF5634911B53A3 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\ektron.stylesheet[1].css | text | |
MD5:E517F568483663763AB1141650B4FD72 | SHA256:18DF46E5F901D36CFD51BC744093F2D87C93D2FD2CDEF1AD8B577AC586A23B02 | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\css[1].css | text | |
MD5:1FEAC7A9363BFEE1C6798F61FD1E3720 | SHA256:A895B62A9CD856536FCED5B9C51679758C9AAD6ED5BD67954660337483E4AACF | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT | smt | |
MD5:24F806128E2815E781D3A797360AA27D | SHA256:A4B31C45615CBBD4CA6E92990E473ED7777EBE6828CEF58F26227D9BBAF3DDB1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3792 | iexplore.exe | GET | 301 | 45.194.244.157:80 | http://dg311.com/baidustatic?p=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS9jc2UvYnJhbmQ/Zm9ybT1jc2Utc2VhcmNoLWJveCZsYW5nPWVua&s=baidu | ZA | — | — | unknown |
3792 | iexplore.exe | GET | 200 | 45.194.244.157:80 | http://dg311.com/js/plugins/cycle2/jquery.cycle2.js | ZA | text | 14.6 Kb | unknown |
3792 | iexplore.exe | GET | 200 | 45.194.244.157:80 | http://dg311.com/coas/porl/Faculty_and_Staff/Charlene_Stainfield.aspx | ZA | html | 19.9 Kb | unknown |
3792 | iexplore.exe | GET | 200 | 45.194.244.157:80 | http://dg311.com/css/styles.css?version=1 | ZA | text | 33.5 Kb | unknown |
3792 | iexplore.exe | GET | 200 | 45.194.244.157:80 | http://dg311.com/WorkArea/FrameworkUI/js/ektron.javascript.ashx?id=-569449246+-1939951303+-1080527330+-1687560804+-1793043690+1338359439+1743165108+1531089627 | ZA | html | 516 b | unknown |
3792 | iexplore.exe | GET | 200 | 45.194.244.157:80 | http://dg311.com/js/plugins/cycle2/jquery.cycle2.tile.js | ZA | text | 1.65 Kb | unknown |
3792 | iexplore.exe | GET | 200 | 220.242.140.187:80 | http://js.users.51.la/20354835.js | CN | text | 2.29 Kb | whitelisted |
3792 | iexplore.exe | GET | 200 | 172.217.21.234:80 | http://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,700 | US | text | 277 b | whitelisted |
3792 | iexplore.exe | GET | 200 | 45.194.244.157:80 | http://dg311.com/js/UNF.Extensions.min.js?v=2 | ZA | html | 5.06 Kb | unknown |
3792 | iexplore.exe | GET | 200 | 45.194.244.157:80 | http://dg311.com/js/jquery.min.js?v=1 | ZA | text | 44.6 Kb | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3792 | iexplore.exe | 172.217.21.234:80 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3792 | iexplore.exe | 172.217.18.99:80 | fonts.gstatic.com | Google Inc. | US | whitelisted |
3792 | iexplore.exe | 45.194.244.157:80 | dg311.com | MacroLAN | ZA | unknown |
3792 | iexplore.exe | 154.85.194.82:443 | 586586.me | DXTL Tseung Kwan O Service | US | unknown |
3792 | iexplore.exe | 220.242.140.187:80 | js.users.51.la | — | CN | suspicious |
2956 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3792 | iexplore.exe | 172.217.22.3:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3792 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3792 | iexplore.exe | 172.217.16.136:80 | www.googletagmanager.com | Google Inc. | US | suspicious |
3792 | iexplore.exe | 172.217.16.136:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
dg311.com |
| unknown |
fonts.googleapis.com |
| whitelisted |
586586.me |
| unknown |
js.users.51.la |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
statusf.digitalcertvalidation.com |
| whitelisted |