URL: | http://www.sports-stream.site/ch/ch46.html |
Full analysis: | https://app.any.run/tasks/f698a776-aec1-4625-9620-0236e0c532d8 |
Verdict: | Malicious activity |
Analysis date: | April 01, 2023, 19:03:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | EF22594B3B0AC7DFF95AF195AF91FBF9 |
SHA1: | 965F7AE655187FBA38425CAE16556C1AE1168164 |
SHA256: | A0A95F0A0E0EDE6128FEBA4B66F96ADEA8C5857E354B8D916D00968A141BEA04 |
SSDEEP: | 3:N1KJS4geOdNPBQ:Cc4geOdNpQ |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2824 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.sports-stream.site/ch/ch46.html" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3112 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2824 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2916 | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding | C:\Windows\System32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 32.0 r0 Version: 32,0,0,453 Modules
|
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 0 | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30847387 | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30847437 | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3112 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\12RNNQV0.txt | text | |
MD5:3DC54058FEF66B4889A473CCE5B63DD7 | SHA256:CC47383B4C43C06921420B015708F912FA98566302A76908CF252CDD7AE21103 | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\spsch[1].htm | html | |
MD5:9ECF56A655E39BD39903029B5842C83B | SHA256:84065EA62952B565B0625C4CEB6597A1310CB7503F05CC21A511B37CA61F9A17 | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\P6IHA0EM.txt | text | |
MD5:8A08F61ACFE894BE8D2CC2BC2618A731 | SHA256:6C7F9DA324E2935DD68372C3019E4A317CE43537188691C09F6F463542BE33AA | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT2JDRBY.txt | text | |
MD5:F0332B3FE74798FDF9F6D17EF749C463 | SHA256:E33D92F1EFF858580E14449B9A7D3B2DF916745685D2B8E4DA1FEEA4F19A2330 | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ch46[1].htm | html | |
MD5:31B2A66FD1A8FD8D1BCE58477024BDB0 | SHA256:34DB60EA0CE9778D80741AA7FBC9CE57C16EB1CD0F63BBE42580F7E797018FD3 | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWG57QIW.txt | text | |
MD5:8DA75CA831FD1A84E235C468E4071DA2 | SHA256:2DFF8DD3971919630DD0967281157A3BCBA470A8D2C5C6F093A6332654E533E0 | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\IPJK3YPD.txt | text | |
MD5:529984A30EC7A9FBC3485037DF765483 | SHA256:C55AE58D98A82B5560904DEB0EB8B6A799DA7993FA8EB5C267E888463CAAE999 | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LOK9HE5H.txt | text | |
MD5:59E425C01F04E3ABE602630CA59149E4 | SHA256:6BD946C60C9EE56AD8AECA15D49E7ED4B20856F773E188F4B702F5DF72EEFE7C | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\UV9BB4BD.txt | text | |
MD5:6D96A378B688D2D012B812A3D06D6E1A | SHA256:250D06555C3D300DDC19CBEDA1AC0E1DDC505054FE76BA237EADE070A8C9DA63 | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\X46O4J3M.txt | text | |
MD5:F3E3A2796E6158413AD2FE545021A328 | SHA256:0DFCFFEE051372F96F8472B1A808F5EAAFAD68C90367076AFA81044EB253C160 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3112 | iexplore.exe | GET | 200 | 188.114.96.3:80 | http://www.sports-stream.site/ch/ch46.html | US | html | 651 b | malicious |
3112 | iexplore.exe | GET | 200 | 188.114.96.3:80 | http://www.sports-stream.site/ads/ads-stream1.html | US | html | 333 b | malicious |
3112 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
3112 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?2950ec1e9c6a4d62 | US | compressed | 61.1 Kb | whitelisted |
3112 | iexplore.exe | GET | 200 | 172.67.204.65:80 | http://acacdn.com/script/ut.js?cb=1680375797270 | US | text | 23.9 Kb | suspicious |
3112 | iexplore.exe | GET | 200 | 172.67.204.65:80 | http://acacdn.com/script/suv4.js | US | text | 33.0 Kb | suspicious |
3112 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 2.18 Kb | whitelisted |
3112 | iexplore.exe | GET | 200 | 188.114.96.3:80 | http://www.sports-stream.site/ch/spsch.php?ch=superfotball | US | html | 21.1 Kb | malicious |
3112 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3112 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7b71663a87bf802e | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3112 | iexplore.exe | 188.114.96.3:80 | www.sports-stream.site | CLOUDFLARENET | NL | malicious |
3112 | iexplore.exe | 172.67.204.65:80 | acacdn.com | CLOUDFLARENET | US | malicious |
3112 | iexplore.exe | 172.67.145.158:443 | coolcast2.com | CLOUDFLARENET | US | malicious |
3112 | iexplore.exe | 46.105.201.240:80 | s10.histats.com | OVH SAS | FR | suspicious |
3112 | iexplore.exe | 149.56.240.31:443 | s4.histats.com | OVH SAS | CA | unknown |
3112 | iexplore.exe | 156.146.33.18:443 | www.blockadsnot.com | Datacamp Limited | DE | suspicious |
3112 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
3112 | iexplore.exe | 172.217.16.138:443 | ajax.googleapis.com | GOOGLE | US | whitelisted |
3112 | iexplore.exe | 172.217.18.99:80 | ocsp.pki.goog | GOOGLE | US | whitelisted |
3112 | iexplore.exe | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | CLOUDFLARENET | — | suspicious |
Domain | IP | Reputation |
---|---|---|
www.sports-stream.site |
| malicious |
s10.histats.com |
| whitelisted |
acacdn.com |
| suspicious |
www.blockadsnot.com |
| suspicious |
coolcast2.com |
| malicious |
s4.histats.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
maxcdn.bootstrapcdn.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3112 | iexplore.exe | Misc activity | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1 |