URL: | http://www.opening-popular.top/cate-518501/ |
Full analysis: | https://app.any.run/tasks/2562851a-0c9d-4b22-b096-51d0a1611834 |
Verdict: | Malicious activity |
Analysis date: | January 11, 2019, 04:43:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 5ACF53D782545A286776219DA4D33A6D |
SHA1: | 89CDE584CDB6CFDB943C5E8F63E04C07017515B6 |
SHA256: | A28C510696E2FB9F1EB95558428BFEE33A63FCC67DE69F25182469A6DB66DB91 |
SSDEEP: | 3:N1KJS4TZ6MLRKVXtEQVTn:Cc4TZXQf5VT |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2952 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3096 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2952 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2952 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2952 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cate-518501[1].txt | — | |
MD5:— | SHA256:— | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt | text | |
MD5:35D495101C68344CB9DAAB229A6C1A6C | SHA256:DB32490EFD31A66F7966D6D8FCB3BC78FAB117B407212921367C69504E7223FE | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\st769754_1[1].jpg | image | |
MD5:94F2C51814DC13D4C8AD7705CB3B9F00 | SHA256:FDE68B61A5C707AA171804E62BC75A16CE350A8B1A7E431EF7013168C484D534 | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\search[1].png | image | |
MD5:37865647BDB7138D63FB2535BD80443A | SHA256:1878C92DE96A79813441E9693B0470BA661EA98AC16C1716614808A761DB1ACF | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\st769758_1[1].jpg | image | |
MD5:F2CFC2E2150EEB1F5B1447A56D54F520 | SHA256:B9D5E77DB1135D7AA4175CCBF1986F12161A2E402BA0307FDB9210A8CCC8C809 | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@opening-popular[1].txt | text | |
MD5:667F9F291E0F2797586726122918545D | SHA256:1CD6F662BAE5A180295670DE43BB1A1ABCA2F53120A4BC87EB4FFCC376E3E69D | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\logo[1].png | image | |
MD5:69709240C25BEC2EF0554AC6F31AC9EF | SHA256:A3D796B6C94C78B97EE842037D2F5033F9E4BACC855B1A7F69C0867DFA348AC3 | |||
3096 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\st1649941_1[1].jpg | image | |
MD5:C2ACCA9F9EBA3BDA28D6F0E256962E81 | SHA256:33602763574805EB82ABEDD9AD73CC7F70267404AC49AD8511B60A7323CAA159 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3096 | iexplore.exe | GET | 200 | 104.24.103.209:80 | http://www.opening-popular.top/template/default/css/bootstrap.css | US | text | 23.3 Kb | suspicious |
3096 | iexplore.exe | GET | 200 | 104.24.103.209:80 | http://www.opening-popular.top/template/default/js/js.js | US | text | 247 b | suspicious |
2952 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3096 | iexplore.exe | GET | 200 | 104.24.103.209:80 | http://www.opening-popular.top/cate-518501/ | US | html | 5.52 Kb | suspicious |
3096 | iexplore.exe | GET | 200 | 104.24.103.209:80 | http://www.opening-popular.top/template/default/css/style.css | US | text | 5.61 Kb | suspicious |
3096 | iexplore.exe | GET | 200 | 104.24.103.209:80 | http://www.opening-popular.top/template/default/image/logo.png | US | image | 5.77 Kb | suspicious |
3096 | iexplore.exe | GET | 200 | 104.24.103.209:80 | http://www.opening-popular.top/template/default/image/icon_pc_bl20.gif | US | image | 166 b | suspicious |
3096 | iexplore.exe | GET | 200 | 104.24.103.209:80 | http://www.opening-popular.top/template/default/image/credit.jpg | US | image | 62.5 Kb | suspicious |
3096 | iexplore.exe | GET | 200 | 104.24.103.209:80 | http://www.opening-popular.top/template/default/js/calendar.js | US | html | 1.44 Kb | suspicious |
3096 | iexplore.exe | GET | 200 | 104.24.103.209:80 | http://www.opening-popular.top/template/default/image/search.png | US | image | 3.40 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2952 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3096 | iexplore.exe | 104.24.103.209:443 | www.opening-popular.top | Cloudflare Inc | US | shared |
3096 | iexplore.exe | 104.24.103.209:80 | www.opening-popular.top | Cloudflare Inc | US | shared |
2952 | iexplore.exe | 104.24.103.209:80 | www.opening-popular.top | Cloudflare Inc | US | shared |
3096 | iexplore.exe | 120.201.249.106:443 | s19.cnzz.com | China Mobile communications corporation | CN | unknown |
3096 | iexplore.exe | 203.119.129.115:443 | z8.cnzz.com | — | CN | malicious |
3096 | iexplore.exe | 198.11.132.221:443 | cnzz.mmstat.com | Alibaba (China) Technology Co., Ltd. | US | suspicious |
3096 | iexplore.exe | 120.201.249.105:443 | s19.cnzz.com | China Mobile communications corporation | CN | unknown |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.opening-popular.top |
| suspicious |
s19.cnzz.com |
| suspicious |
c.cnzz.com |
| whitelisted |
z8.cnzz.com |
| whitelisted |
cnzz.mmstat.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.top domain - Likely Hostile |
3096 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |