download: | fun-games-to-play-at-work-via-email-461627.html |
Full analysis: | https://app.any.run/tasks/142b701e-6dbd-4f9f-8484-d920cefeb3a2 |
Verdict: | Malicious activity |
Analysis date: | May 24, 2019, 15:10:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators |
MD5: | 1A0E4EDE0E6F59641CD0FBD0812AF033 |
SHA1: | A9CA7CDD7C0FF452E9AFA7207589A0D44AD397CC |
SHA256: | A07A7FB060FC55D8247A88668CEB51BD91A7E60837F3B75EE8365D886A6F3143 |
SSDEEP: | 384:bKASoVxwol4nqYLT/9mXx3pcQVBcT0rWf:mzol4nq0r2pcQ7/rWf |
.html | | | HyperText Markup Language (100) |
---|
viewport: | width=device-width, initial-scale=1 |
---|---|
Generator: | Joomla! 1.6 - Open Source Content Management |
Robots: | index, follow |
Title: | Fun games to play at work via email |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2948 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\fun-games-to-play-at-work-via-email-461627.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2856 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2948 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2948 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2948 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2856 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\20-Uses-for-Plastic-Easter-Eggs[1].jpg | image | |
MD5:2E75AE2415351A29636875B624492AB2 | SHA256:EFF7DC4E9D6CCB76579CFF92FF6508203BC9A1B8E5122F1DF92A38A0A9A74BC9 | |||
2856 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\The-Best-Family-Board-Games-VERTICAL[1].jpg | image | |
MD5:42A982808A3CD2F1B6345CB822C292B8 | SHA256:FBF9963F3A7CD9C9EBA787F48493130C01C7FFFA441E53A4AC65B70DA2EAD2F8 | |||
2856 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\witch-hat-ring-toss-game-halloween-carnival-game-ideas[1].jpg | image | |
MD5:053F430F5B4C732EC8FD4D1EEA261504 | SHA256:D66BF8D85493F45F76A4637187E8482AEA82D676E2E59B6A980A47D0A83EA3E0 | |||
2856 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\10-Outdoor-Activities-for-kids1-574x1024[1].jpg | image | |
MD5:10259E665C3AF124D0EF109CE8E82684 | SHA256:E957281A23CAF606ACBE45F4563636CE739812D92630C588FC677EAE9AFC898C | |||
2856 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\funnychristmaspartygamesideas-144646734784ngk-300x185[1].jpg | image | |
MD5:DF170EB5DA2E0B5229196D0B00AD94A5 | SHA256:7354CD090E3A305749D729088C3A00CEB1FC9FE81BDAE4E5532F6D53FFCA1637 | |||
2948 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
2948 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
2856 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\3[1].jpg | image | |
MD5:D66DAC8C19C362BEF185579CD49C0CE1 | SHA256:9908FAD4F725849E19253CACBB52883058791EB215AB62EC8F34F7A44EA69925 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2856 | iexplore.exe | GET | — | 185.244.216.110:80 | http://vm508823.had.su/contabo | unknown | — | — | suspicious |
2856 | iexplore.exe | GET | 200 | 198.252.107.156:80 | http://xmasblor.com/wp-content/uploads/2015/11/funnychristmaspartygamesideas-144646734784ngk-300x185.jpg | US | image | 27.5 Kb | unknown |
2856 | iexplore.exe | GET | 200 | 52.222.157.218:80 | http://ww1.prweb.com/prfiles/2013/02/16/10395206/3.jpg | US | image | 208 Kb | whitelisted |
2856 | iexplore.exe | GET | 301 | 146.66.113.174:80 | http://www.spudart.org/blog/images/2009/whiteboard-games-temperature.png | US | html | 281 b | unknown |
2948 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
2856 | iexplore.exe | GET | 200 | 52.222.157.218:80 | http://ww1.prweb.com/prfiles/2014/04/18/11769684/5.png | US | image | 2.79 Mb | whitelisted |
2856 | iexplore.exe | GET | 301 | 204.15.165.35:80 | http://cf.classyclutter.net/wp-content/uploads/2012/05/10-Outdoor-Activities-for-kids1-574x1024.jpg | US | html | 178 b | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2856 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2856 | iexplore.exe | 185.244.216.110:80 | vm508823.had.su | — | — | suspicious |
2948 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2856 | iexplore.exe | 192.0.72.2:80 | tctechcrunch2011.files.wordpress.com | Automattic, Inc | US | unknown |
2856 | iexplore.exe | 192.110.161.21:80 | www.printablee.com | Input Output Flood LLC | US | unknown |
2856 | iexplore.exe | 104.27.153.7:443 | www.happinessishomemade.net | Cloudflare Inc | US | shared |
2856 | iexplore.exe | 151.101.2.114:443 | img.buzzfeed.com | Fastly | US | suspicious |
2856 | iexplore.exe | 104.28.18.190:443 | tipjunkie.com | Cloudflare Inc | US | shared |
2856 | iexplore.exe | 192.0.72.24:443 | doitandhow.files.wordpress.com | Automattic, Inc | US | suspicious |
2856 | iexplore.exe | 69.16.175.42:443 | cdn.makeuseof.com | Highwinds Network Group, Inc. | US | malicious |
Domain | IP | Reputation |
---|---|---|
vm508823.had.su |
| suspicious |
www.bing.com |
| whitelisted |
doitandhow.files.wordpress.com |
| suspicious |
www.joyintheworks.com |
| unknown |
tctechcrunch2011.files.wordpress.com |
| whitelisted |
www.playpartyplan.com |
| malicious |
ww1.prweb.com |
| whitelisted |
img.buzzfeed.com |
| whitelisted |
www.printablee.com |
| unknown |
www.itechsoul.com |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .su TLD (Soviet Union) Often Malware Related |
2856 | iexplore.exe | Potentially Bad Traffic | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |