URL: | http://shark.deephub.com.cn |
Full analysis: | https://app.any.run/tasks/af18dad4-60dd-4380-bddd-0dcc3242261b |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 13:55:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 7E263F6A190378FF7896376B9694B227 |
SHA1: | F94CAEBB8CF522EAE5393667C5167772A4D92D4D |
SHA256: | 9EC7905D0D94D3E74AE5ADDD9C29387153649AF786371E2FD2FBA733289D9E8E |
SSDEEP: | 3:N1KNNNBAwN4G8:Cl244H |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2100 | "C:\Program Files\Internet Explorer\iexplore.exe" http://shark.deephub.com.cn | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
4012 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2100 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2100 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
4012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\W6JBTLJL.htm | html | |
MD5:ABE50D2935B9C5DA9BAD8779257B23EA | SHA256:59A50CCA60F1A5A4F72D41B0B3E0B6F81924A1C67157CF5C18D6B7655AE8AEDC | |||
4012 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\WGB7P5CH.txt | text | |
MD5:3008F1519D1FF8B5F420481FD424506E | SHA256:F4CB75941530C9791BBC51961B654267D5844504DB5C6B2BF03AF05B539AA35B | |||
4012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\core[1].js | text | |
MD5:CD80535C10ADF30A00E9DFA2095AC79A | SHA256:CD1A4E0B5AC28343D7D09F1E2C7B90F70142AA5C576A1556F193D3F8F775AEA1 | |||
4012 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarD237.tmp | — | |
MD5:— | SHA256:— | |||
4012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\jquery.currencies.min[1].js | text | |
MD5:58847F5CEA035BB91A9D262EF4B4438F | SHA256:0C926A9DC6F88AE86CA306DA987ED9A0B48C279A9B38D4E9E416F85C9EFF667C | |||
4012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\17682[1].js | text | |
MD5:A334971DFAE603F2A155E3F26F4A5FE8 | SHA256:425001F9D9EE09975923F3C8A438AE2E55D8FE9FE0BFFEEDB08588D59F672A3B | |||
4012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\vanilla-js-dropdown.min[1].js | text | |
MD5:B0F0E8DDDBE4BBBC23EE53479E8C277D | SHA256:BD5CDECB204831CF45788765A34CB48D8A2D5A2594D79C658DE73C95D4711820 | |||
4012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\storefront-21b5dddfc8b64c1ad68cee3ba7448d1ffa15c24e969ebc1fbccf1a3784b659ad[1].js | text | |
MD5:443DBD5F5B886EFEB2AD7BD84100C0FF | SHA256:21B5DDDFC8B64C1AD68CEE3BA7448D1FFA15C24E969EBC1FBCCF1A3784B659AD | |||
4012 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\theme.scss[1].css | text | |
MD5:4A744AF3FA615E12C7096A36A2839E51 | SHA256:1A72988AFB938C73D9E2BD16A32375E19ED9BB5B857BA1E778DD25AA5AB9E72A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4012 | iexplore.exe | GET | 200 | 151.101.1.12:80 | http://cdn.shopify.com/s/files/1/0321/2617/t/185/assets/jquery.currencies.min.js | US | text | 1.95 Kb | whitelisted |
4012 | iexplore.exe | GET | 200 | 151.101.1.12:80 | http://cdn.shopify.com/s/files/1/0321/2617/t/185/assets/vanilla-js-dropdown.min.js?v=7258904013789890827 | US | text | 790 b | whitelisted |
4012 | iexplore.exe | GET | 200 | 151.101.1.12:80 | http://cdn.shopify.com/s/assets/shopify_pay/storefront-21b5dddfc8b64c1ad68cee3ba7448d1ffa15c24e969ebc1fbccf1a3784b659ad.js?v=20190107 | US | text | 10.8 Kb | whitelisted |
4012 | iexplore.exe | GET | 200 | 151.101.1.12:80 | http://cdn.shopify.com/s/files/1/0321/2617/articles/Measurement-size-and-fit-bust_grande.jpg?v=1563391279 | US | image | 23.1 Kb | whitelisted |
4012 | iexplore.exe | GET | 301 | 157.230.5.204:80 | http://foursixty.com/media/scripts/fs.slider.v2.5.js | US | html | 178 b | unknown |
4012 | iexplore.exe | GET | 200 | 151.101.1.12:80 | http://cdn.shopify.com/s/files/1/0321/2617/articles/Measurement-size-and-fit-under-bust_grande.jpg?v=1563391274 | US | image | 24.2 Kb | whitelisted |
4012 | iexplore.exe | GET | 200 | 143.204.94.60:80 | http://sleeknotecustomerscripts.sleeknote.com/17682.js | US | text | 1.48 Kb | shared |
4012 | iexplore.exe | GET | 200 | 104.18.21.226:80 | http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkbwjNvPLFRm7zMB3V80 | US | der | 1.49 Kb | whitelisted |
4012 | iexplore.exe | GET | 200 | 151.101.1.12:80 | http://cdn.shopify.com/s/files/1/0321/2617/t/185/assets/theme.js?v=5187490324558313967 | US | text | 38.6 Kb | whitelisted |
2100 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4012 | iexplore.exe | 151.101.2.109:443 | polyfill.io | Fastly | US | suspicious |
2100 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
4012 | iexplore.exe | 104.27.138.178:443 | ltm.linkby.com | Cloudflare Inc | US | unknown |
4012 | iexplore.exe | 172.217.23.104:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
4012 | iexplore.exe | 172.67.195.103:80 | shark.deephub.com.cn | — | US | unknown |
4012 | iexplore.exe | 143.204.94.60:80 | sleeknotecustomerscripts.sleeknote.com | — | US | unknown |
4012 | iexplore.exe | 151.101.1.12:80 | cdn.shopify.com | Fastly | US | suspicious |
4012 | iexplore.exe | 104.18.10.239:80 | geoip-js.com | Cloudflare Inc | US | unknown |
4012 | iexplore.exe | 34.234.209.139:443 | preorder-now.herokuapp.com | Amazon.com, Inc. | US | unknown |
4012 | iexplore.exe | 13.225.73.34:80 | sleeknotestaticcontent.sleeknote.com | — | US | suspicious |
Domain | IP | Reputation |
---|---|---|
shark.deephub.com.cn |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ltm.linkby.com |
| suspicious |
cdn.shopify.com |
| whitelisted |
polyfill.io |
| whitelisted |
monorail-edge.shopifysvc.com |
| whitelisted |
sleeknotecustomerscripts.sleeknote.com |
| shared |
www.googletagmanager.com |
| whitelisted |
cdn.jsdelivr.net |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
4012 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
4012 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |