URL: | http://jayamandiriadvertising.com/IGI/ |
Full analysis: | https://app.any.run/tasks/7cce6e49-5115-413d-8166-32ae4f8bca35 |
Verdict: | Malicious activity |
Analysis date: | September 18, 2019, 15:21:47 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 229206E33B4C28706BF1B854405B8835 |
SHA1: | 14F78D66C627B1B8F2135981F16A6A16486C5A20 |
SHA256: | 9E1A8A62B63416C88E87EDC7BE10C80057DCBC3FE4E6A4259AE8388964BCFF21 |
SSDEEP: | 3:N1KUOIELBWMEgcnbKn:CUO5LGgcu |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2764 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://jayamandiriadvertising.com/IGI/" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3428 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2764 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3428 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNXYUX3Q\IGI[1].txt | — | |
MD5:— | SHA256:— | |||
2764 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3428 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:9AC17C714E3D2D71BFDB8925C40097FB | SHA256:B7BD5FC32674DB479006C2C7F7C4C949B128E16C42D12178589FD938D02CCB23 | |||
3428 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:BA3BE29FF67024921662B41AE0BFCDBF | SHA256:33E27B388847171FB1FDA6A67C1CCC8B94EF1C2A5E7AF707521DCF9087D22443 | |||
3428 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8GWHHZ1V\OF[1].php | — | |
MD5:— | SHA256:— | |||
2764 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFDE6714E02AFBFD9B.TMP | — | |
MD5:— | SHA256:— | |||
3428 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E2W2JBNB\css[1].txt | text | |
MD5:574D911154761D7DE238B2EB755E4B84 | SHA256:4D0B4E14CC090555EA8B90405E30CABBE3DFDE5C3DEB35A0031A2616C0CFD788 | |||
2764 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019091820190919\index.dat | dat | |
MD5:C8BB4D8C158A00C6798A17A2AB5CE054 | SHA256:6592F9AD12A692E3E625143B9415CCD9E1DF3688750A20E29C6F697BEA24F44B | |||
2764 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF44A18C2AAAAF2B68.TMP | — | |
MD5:— | SHA256:— | |||
2764 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF312D3B9ACBDBC4C7.TMP | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3428 | iexplore.exe | GET | 200 | 167.86.115.162:80 | http://jayamandiriadvertising.com/IGI/ | US | html | 2.28 Kb | suspicious |
3428 | iexplore.exe | GET | 200 | 167.86.115.162:80 | http://jayamandiriadvertising.com/IGI/OF.php | US | html | 2.50 Kb | suspicious |
3428 | iexplore.exe | GET | 200 | 167.86.115.162:80 | http://jayamandiriadvertising.com/IGI/ojomu/OF1.jpg | US | image | 11.0 Kb | suspicious |
3428 | iexplore.exe | GET | 200 | 167.86.115.162:80 | http://jayamandiriadvertising.com/IGI/images/landing-devices-bg.jpg | US | image | 195 Kb | suspicious |
3428 | iexplore.exe | GET | 200 | 167.86.115.162:80 | http://jayamandiriadvertising.com/IGI/css/style.css | US | text | 6.76 Kb | suspicious |
3428 | iexplore.exe | GET | 200 | 167.86.115.162:80 | http://jayamandiriadvertising.com/IGI/LL1.php | US | html | 2.49 Kb | suspicious |
3428 | iexplore.exe | GET | 200 | 167.86.115.162:80 | http://jayamandiriadvertising.com/IGI/images/outlook.png | US | image | 2.05 Kb | suspicious |
2764 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3428 | iexplore.exe | GET | 200 | 167.86.115.162:80 | http://jayamandiriadvertising.com/IGI/images/office.png | US | image | 1.39 Kb | suspicious |
2764 | iexplore.exe | GET | 404 | 167.86.115.162:80 | http://jayamandiriadvertising.com/favicon.ico | US | html | 315 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2764 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3428 | iexplore.exe | 216.58.205.227:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
3428 | iexplore.exe | 167.86.115.162:80 | jayamandiriadvertising.com | Arapahoe School District #6 | US | suspicious |
3428 | iexplore.exe | 54.148.84.95:443 | www.sitepoint.com | Amazon.com, Inc. | US | unknown |
2764 | iexplore.exe | 167.86.115.162:80 | jayamandiriadvertising.com | Arapahoe School District #6 | US | suspicious |
3428 | iexplore.exe | 172.217.18.106:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2764 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
jayamandiriadvertising.com |
| suspicious |
fonts.googleapis.com |
| whitelisted |
www.bing.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
www.sitepoint.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
3428 | iexplore.exe | Potentially Bad Traffic | ET CURRENT_EVENTS Generic Multi-Email Popupwnd Phishing Landing 2018-01-25 |
3428 | iexplore.exe | Potentially Bad Traffic | ET CURRENT_EVENTS OneDrive Phishing Landing 2018-02-12 |
3428 | iexplore.exe | Potentially Bad Traffic | ET CURRENT_EVENTS OneDrive Phishing Landing 2018-03-08 |
3428 | iexplore.exe | Potentially Bad Traffic | ET CURRENT_EVENTS OneDrive Phishing Landing 2018-05-01 |
3428 | iexplore.exe | Potentially Bad Traffic | ET CURRENT_EVENTS Generic Multi-Email Phishing Landing 2018-08-30 |