URL: | http://download3.portableapps.com/portableapps/PortableApps.comPlatform/ |
Full analysis: | https://app.any.run/tasks/cb504b8e-cea2-42d6-b3b8-dabb1b604495 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2018, 10:08:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 3E1C0A7F38047316C89CC0AA38197E98 |
SHA1: | 4F2110188161619E7AB2B3B166DD5D949525B527 |
SHA256: | 9943D0B75EF46F6EE2F992764D4ADD0B4F80CB5781DE04A36EEA8C4A5C9AD844 |
SSDEEP: | 3:N1KaKE4LgyKZlKUq4pB/Wy+M3n:CaNbQUdppeM3n |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3708 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3776 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3708 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1772 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2908 | "C:\Users\admin\Downloads\PortableApps.com_Platform_Setup_15.0.2.exe" | C:\Users\admin\Downloads\PortableApps.com_Platform_Setup_15.0.2.exe | explorer.exe | |
User: admin Company: PortableApps.com Integrity Level: MEDIUM Description: PortableApps.com Platform Exit code: 0 Version: 15.0.2.0 | ||||
4024 | C:\PortableApps\PortableApps.com\PortableAppsPlatform.exe | C:\PortableApps\PortableApps.com\PortableAppsPlatform.exe | — | PortableApps.com_Platform_Setup_15.0.2.exe |
User: admin Company: PortableApps.com Integrity Level: MEDIUM Description: PortableApps.com Platform Version: 15.0.2.0 | ||||
2340 | "C:\PortableApps\PortableApps.com\PortableAppsUpdater.exe" /MODE=ADD /OPENSOURCEONLY=false /KEYBOARDFRIENDLY=false /ADVANCED=false /SHOWINSTALLEDAPPS=false /HIDEPORTABLE=true /BETA=false /CONNECTION=Automatic | C:\PortableApps\PortableApps.com\PortableAppsUpdater.exe | PortableAppsPlatform.exe | |
User: admin Company: PortableApps.com Integrity Level: MEDIUM Description: PortableApps.com Updater Exit code: 0 Version: 15.0.2.0 | ||||
1452 | "C:\Users\admin\AppData\Local\Temp\nsd91B9.tmp\ns9525.tmp" "C:\PortableApps\PortableApps.com\App\7-Zip\7za.exe" x "C:\Users\admin\AppData\Local\Temp\nsd91B9.tmp\update.7z" -o"C:\Users\admin\AppData\Local\Temp\nsd91B9.tmp" -aoa | C:\Users\admin\AppData\Local\Temp\nsd91B9.tmp\ns9525.tmp | — | PortableAppsUpdater.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3028 | "C:\PortableApps\PortableApps.com\App\7-Zip\7za.exe" x "C:\Users\admin\AppData\Local\Temp\nsd91B9.tmp\update.7z" -o"C:\Users\admin\AppData\Local\Temp\nsd91B9.tmp" -aoa | C:\PortableApps\PortableApps.com\App\7-Zip\7za.exe | — | ns9525.tmp |
User: admin Company: Igor Pavlov Integrity Level: MEDIUM Description: 7-Zip Standalone Console Exit code: 0 Version: 18.05 | ||||
4072 | "C:\PortableApps\PortableApps.com\PortableAppsUpdater.exe" /MODE=ADD /OPENSOURCEONLY=false /KEYBOARDFRIENDLY=false /ADVANCED=false /SHOWINSTALLEDAPPS=false /HIDEPORTABLE=true /BETA=false /ORDER=new /CONNECTION=Automatic | C:\PortableApps\PortableApps.com\PortableAppsUpdater.exe | PortableAppsPlatform.exe | |
User: admin Company: PortableApps.com Integrity Level: MEDIUM Description: PortableApps.com Updater Exit code: 0 Version: 15.0.2.0 | ||||
1244 | "C:\Users\admin\AppData\Local\Temp\nstEB4D.tmp\nsEDFE.tmp" "C:\PortableApps\PortableApps.com\App\7-Zip\7za.exe" x "C:\Users\admin\AppData\Local\Temp\nstEB4D.tmp\update.7z" -o"C:\Users\admin\AppData\Local\Temp\nstEB4D.tmp" -aoa | C:\Users\admin\AppData\Local\Temp\nstEB4D.tmp\nsEDFE.tmp | — | PortableAppsUpdater.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3708 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1772 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\PortableApps.com_Platform_Setup_15.0.2.paf[1].lnk | lnk | |
MD5:5F9674D8CA11782F6CCF64C5D3937862 | SHA256:D5C80E51C017751C6C6DC5F8D5CE0CDB6A1FCD3AEE8D645F171278505550CC94 | |||
1772 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms | automaticdestinations-ms | |
MD5:60BB3F317C3726EAD1D3B9C53A06D8B0 | SHA256:5A57F0AE450783486E991FB88050D2F8A528C2B3136905338CEEB7FEADAF3659 | |||
3776 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\PortableApps.com_Platform_Setup_15.0.2.paf[1] | executable | |
MD5:C02FC058BE0E9985CC56AA4073A207AF | SHA256:65E95458BDB40290D1207408834B6E8F9B20E3F374925D1885103AF0D210EDE8 | |||
1772 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\Downloads.lnk | lnk | |
MD5:191DE3E958F52C07FC99AC3056AE7A76 | SHA256:803F0BBA6C0A2D0514765DDB29C24FA1E28B3ABC00AE71BF6BC2BF5A68403D1B | |||
1772 | explorer.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018110820181109\index.dat | dat | |
MD5:7791AFC4179D1CEC984DDB3952BBBCAF | SHA256:7F4757A5C7DD62CA1D470337C616A863C91F1B435E30AE40CCBF4532C73159BC | |||
2908 | PortableApps.com_Platform_Setup_15.0.2.exe | C:\Users\admin\AppData\Local\Temp\nst2023.tmp\InstallLocationCustom.ico | image | |
MD5:415846A977E2AA4D069350BE62064228 | SHA256:42CD691AB4C2264DCA073C2E56270A45BCB5340DAA34C9DA0D60D8B8997C7DEE | |||
3708 | iexplore.exe | C:\Users\admin\Downloads\PortableApps.com_Platform_Setup_15.0.2.paf[1] | executable | |
MD5:C02FC058BE0E9985CC56AA4073A207AF | SHA256:65E95458BDB40290D1207408834B6E8F9B20E3F374925D1885103AF0D210EDE8 | |||
1772 | explorer.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 | binary | |
MD5:FE1DD3F806E43B9ACDD877D653E08DA4 | SHA256:231D995106BD8653DF0C4692C031129C872B2A3D4B66415E12DEAFE83EBD8D88 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3776 | iexplore.exe | GET | — | 162.243.236.235:80 | http://download3.portableapps.com/portableapps/PortableApps.comPlatform/PortableApps.com_Platform_Setup_15.0.2.paf.exe?201806 | US | — | — | suspicious |
2340 | PortableAppsUpdater.exe | GET | 303 | 104.239.166.87:80 | http://portableapps.com/updater/update.php | US | — | — | suspicious |
2340 | PortableAppsUpdater.exe | GET | 200 | 104.239.166.87:80 | http://portableapps.com/files/images/updatericons/OBSPortable.ico | US | image | 1.12 Kb | suspicious |
2340 | PortableAppsUpdater.exe | GET | 200 | 104.239.166.87:80 | http://portableapps.com/updater/update2.7z | US | compressed | 42.0 Kb | suspicious |
1772 | explorer.exe | GET | 200 | 104.16.93.188:80 | http://crt.comodoca.com/COMODORSAAddTrustCA.crt | US | der | 1.37 Kb | whitelisted |
4072 | PortableAppsUpdater.exe | GET | 303 | 104.239.166.87:80 | http://portableapps.com/redirect/?s=p&a=SudokuPortable&d=sfpa&wv=7&f=SudokuPortable_1.1.7.4_English.paf.exe | US | — | — | suspicious |
3776 | iexplore.exe | GET | 403 | 162.243.236.235:80 | http://download3.portableapps.com/portableapps/PortableApps.comPlatform/ | US | html | 332 b | suspicious |
4072 | PortableAppsUpdater.exe | GET | 303 | 104.239.166.87:80 | http://portableapps.com/updater/update.php | US | — | — | suspicious |
2340 | PortableAppsUpdater.exe | GET | 200 | 104.239.166.87:80 | http://portableapps.com/files/images/updatericons/LameXPPortable.ico | US | image | 1.12 Kb | suspicious |
2340 | PortableAppsUpdater.exe | GET | 200 | 104.239.166.87:80 | http://portableapps.com/files/images/updatericons/MPC-BEPortable.ico | US | image | 1.12 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3708 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1772 | explorer.exe | 104.16.93.188:80 | crt.comodoca.com | Cloudflare Inc | US | shared |
3084 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1580 | opera.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
4072 | PortableAppsUpdater.exe | 216.105.38.13:443 | downloads.sourceforge.net | American Internet Services, LLC. | US | malicious |
1580 | opera.exe | 82.145.215.40:443 | certs.opera.com | Opera Software AS | — | whitelisted |
3776 | iexplore.exe | 162.243.236.235:80 | download3.portableapps.com | Digital Ocean, Inc. | US | suspicious |
1580 | opera.exe | 66.225.197.197:80 | crl4.digicert.com | CacheNetworks, Inc. | US | whitelisted |
2340 | PortableAppsUpdater.exe | 104.239.166.87:80 | portableapps.com | Rackspace Ltd. | US | suspicious |
4072 | PortableAppsUpdater.exe | 87.121.121.2:443 | netix.dl.sourceforge.net | NetIX Communications Ltd. | BG | suspicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
download3.portableapps.com |
| unknown |
crt.comodoca.com |
| whitelisted |
portableapps.com |
| suspicious |
downloads.sourceforge.net |
| whitelisted |
netix.dl.sourceforge.net |
| suspicious |
certs.opera.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3776 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |