URL: | https://www.gimpshop.com/ |
Full analysis: | https://app.any.run/tasks/bb23b491-5562-4602-9314-8ab000bef74b |
Verdict: | Malicious activity |
Analysis date: | June 16, 2019, 14:50:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | E75954533BA5FB07BDC88D78673164A6 |
SHA1: | B2374A03B3D0FEF6CC476E72FEB2B341EFEA178A |
SHA256: | 9B6C9C5CE1001C4B7E102A09322449BF74C9D09F837BA0AE17096942C9D5E287 |
SSDEEP: | 3:N8DSLT42Kn:2OLE2Kn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3328 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.gimpshop.com/ | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3244 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3328 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2720 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 | ||||
456 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3328 CREDAT:203009 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3328 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3328 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3F9LVML2\gimpshop_com[1].txt | — | |
MD5:— | SHA256:— | |||
3244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:D3CF8E9FD6D8F2C9A100EDDB945F41A4 | SHA256:1395F7AE238863AED0B796709F6AF3A4476DFEBE04CC3BF398380B20B2D64BF9 | |||
3244 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@gimpshop[1].txt | text | |
MD5:C7081D52703CFBD94E92E67661844A5A | SHA256:DF7B51873B0B32EDCA6A38976423F5B15039A1DAD7445D86906F4ED649BFEA9D | |||
3244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3F9LVML2\gimpshop_com[1].htm | html | |
MD5:ED632416B2961AA187C3AC6C9DA7E04C | SHA256:64E156ACB63302986A0083838C18BC9444A09C249434729BD404A6900EE9B9EF | |||
3244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3M4BGW0T\style[1].css | text | |
MD5:D219D0D2561BAF472F8200CD049AB289 | SHA256:652989F80C6CDC349AE4CC94739DEAA7D2F699ABB055DD61F6050CB11B8E55CA | |||
3244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3M4BGW0T\navigation[1].js | text | |
MD5:8D657D295E18EE6AC5B3E044C7B4FA0B | SHA256:5B220BDDCF61490F3EB352FCB8E0E2BE5A9EC32E66FB8503E261DC90D3AEC2C9 | |||
3244 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:1BAA73604E9FF22D980BE411ABE4503C | SHA256:551D0EE568175DE050894129B536000FDD0525D2C5DFC7B1341471081C23A63B | |||
3244 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZTT3I0QK\style[1].css | text | |
MD5:ED10D65FFD446AA99B1E5178686CFF9A | SHA256:5293C42D26B89072FFABAC12B248B39E735D430CC0CE3AAAD788D569A0A424A7 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3244 | iexplore.exe | GET | 200 | 216.58.210.2:80 | http://pagead2.googlesyndication.com/pagead/show_ads.js | US | text | 24.2 Kb | whitelisted |
3244 | iexplore.exe | GET | 200 | 172.217.16.163:80 | http://fonts.gstatic.com/s/raleway/v13/1Ptug8zYS_SKggPNyC0ISw.eot | US | eot | 23.1 Kb | whitelisted |
3244 | iexplore.exe | GET | 200 | 216.58.207.74:80 | http://fonts.googleapis.com/css?family=Raleway:400,200,600 | US | text | 162 b | whitelisted |
3328 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3328 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3328 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3244 | iexplore.exe | 216.58.210.2:443 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
3244 | iexplore.exe | 172.217.16.163:80 | fonts.gstatic.com | Google Inc. | US | whitelisted |
3244 | iexplore.exe | 64.233.184.155:443 | stats.g.doubleclick.net | Google Inc. | US | whitelisted |
3244 | iexplore.exe | 172.217.22.46:443 | apis.google.com | Google Inc. | US | whitelisted |
3244 | iexplore.exe | 216.58.205.238:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
3244 | iexplore.exe | 172.217.16.168:443 | ssl.google-analytics.com | Google Inc. | US | whitelisted |
3328 | iexplore.exe | 104.25.192.20:443 | www.gimpshop.com | Cloudflare Inc | US | shared |
3244 | iexplore.exe | 216.58.210.4:443 | www.google.com | Google Inc. | US | whitelisted |
3244 | iexplore.exe | 216.58.207.74:80 | fonts.googleapis.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.gimpshop.com |
| unknown |
www.bing.com |
| whitelisted |
pagead2.googlesyndication.com |
| whitelisted |
s3-us-west-2.amazonaws.com |
| shared |
ssl.google-analytics.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
stats.g.doubleclick.net |
| whitelisted |