URL: | http://adultbestgames.online/adult_games/Adobe_Flash_Player%2Eexe |
Full analysis: | https://app.any.run/tasks/5b39949e-4d41-4a87-a366-25cd18daf3b9 |
Verdict: | Malicious activity |
Threats: | AZORult can steal banking information, including passwords and credit card details, as well as cryptocurrency. This constantly updated information stealer malware should not be taken lightly, as it continues to be an active threat. |
Analysis date: | January 18, 2019, 13:20:09 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 28B98CD0DA315652BC337F5B72CD5BC5 |
SHA1: | CBD0F112F41BA4429B2C1C69D3CB244396D2CFA2 |
SHA256: | 9C8BAAE9B87A705C44BA87A9774AE5B3FD7440D41F4160B5F6289F43B09502F2 |
SSDEEP: | 3:N1Kf+Rh9MpAhIzKbNXRn:C2Rhyp8IcNBn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3484 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3788 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3484 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3240 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\Adobe_Flash_Player[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\Adobe_Flash_Player[1].exe | iexplore.exe | |
User: admin Company: JAM Software Integrity Level: MEDIUM Description: Verladed Backlink Disputes Exit code: 0 Version: 4.4.75.2 | ||||
3560 | "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Adobe_Flash_Player[1].exe" | C:\Windows\system32\cmd.exe | — | Adobe_Flash_Player[1].exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2504 | C:\Windows\system32\timeout.exe 3 | C:\Windows\system32\timeout.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: timeout - pauses command processing Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2852 | C:\Windows\helppane.exe -Embedding | C:\Windows\helppane.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Help and Support Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3484 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3484 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3484 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF42DA47241845351E.TMP | — | |
MD5:— | SHA256:— | |||
3484 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFDAF7C7052803B6DE.TMP | — | |
MD5:— | SHA256:— | |||
3484 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{D3C8288D-1B23-11E9-BAD8-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
3788 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011820190119\index.dat | dat | |
MD5:D5683C7720F83367C53343B50E42079F | SHA256:88C61ED57A0D340A35F89230B0DFC43490F780A9B0AF96F8C79DD544CCE60793 | |||
3788 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log | text | |
MD5:866ABD0FF377CD84EDBB357DAB90FF41 | SHA256:91F65813821155E21E4B39EF5CF36806572F2E4D06DAB7AE6152CEFAD3664A40 | |||
3484 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\Adobe_Flash_Player[1].exe | executable | |
MD5:61E494626699E376ECCBB98CD2015EB1 | SHA256:8B0A9FFC37F1DBE9155DBF4AD72C28EF67E990BD5C23E0A1E5518F38C1B789BA | |||
3484 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011820190119\index.dat | dat | |
MD5:5F973CE61B5A48A1957FF1B730E1425A | SHA256:ED4B947A37204CF7B9AB33EA8597B5CAFEB8C65F3FF766E7093CF68323D20008 | |||
3788 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\Adobe_Flash_Player[1].exe | executable | |
MD5:61E494626699E376ECCBB98CD2015EB1 | SHA256:8B0A9FFC37F1DBE9155DBF4AD72C28EF67E990BD5C23E0A1E5518F38C1B789BA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3788 | iexplore.exe | GET | 200 | 92.242.40.140:80 | http://adultbestgames.online/adult_games/Adobe_Flash_Player.exe | RU | executable | 378 Kb | malicious |
3240 | Adobe_Flash_Player[1].exe | POST | 200 | 92.242.40.140:80 | http://adultbestgames.online/index.php | RU | text | 2 b | malicious |
3484 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3240 | Adobe_Flash_Player[1].exe | POST | 200 | 92.242.40.140:80 | http://adultbestgames.online/index.php | RU | binary | 4.27 Mb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3788 | iexplore.exe | 92.242.40.140:80 | adultbestgames.online | Dataline Ltd | RU | suspicious |
3484 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3240 | Adobe_Flash_Player[1].exe | 92.242.40.140:80 | adultbestgames.online | Dataline Ltd | RU | suspicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
adultbestgames.online |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
3788 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 |
3788 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
3240 | Adobe_Flash_Player[1].exe | A Network Trojan was detected | MALWARE [PTsecurity] AZORult HTTP Header |
3240 | Adobe_Flash_Player[1].exe | A Network Trojan was detected | MALWARE [PTsecurity] AZORult Request |
3240 | Adobe_Flash_Player[1].exe | A Network Trojan was detected | MALWARE [PTsecurity] AZORult Response |
3240 | Adobe_Flash_Player[1].exe | A Network Trojan was detected | MALWARE [PTsecurity] AZORult HTTP Header |