URL: | http://masertalaamar.com/777.exe |
Full analysis: | https://app.any.run/tasks/5992f8f4-c29d-4921-87df-80a063d87201 |
Verdict: | Malicious activity |
Threats: | Hawkeye often gets installed in a bundle with other malware. This is a Trojan and keylogger that is used to retrieve private information such as passwords and login credentials. This is an advanced malware that features strong anti-evasion functions. |
Analysis date: | June 12, 2019, 09:33:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 7E7EDEB7B9FD095607D045F05B0F1D1F |
SHA1: | BEE2E099FBE96DD3FDD003B9598699749EBCB1EE |
SHA256: | A37CFBA4401D4672F958CC7B8F23274B309E2023B39727DB836AA2547C34A6E7 |
SSDEEP: | 3:N1KTykZxSkA:CfxA |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3280 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2604 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3280 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3532 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\777[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\777[1].exe | — | iexplore.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3092 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\777[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\777[1].exe | 777[1].exe | |
User: admin Integrity Level: MEDIUM | ||||
3916 | "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\admin\AppData\Local\Temp\tmp3E30.tmp" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | 777[1].exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Visual Basic Command Line Compiler Exit code: 0 Version: 8.0.50727.5420 | ||||
2168 | "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\admin\AppData\Local\Temp\tmp55D0.tmp" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | 777[1].exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Visual Basic Command Line Compiler Exit code: 0 Version: 8.0.50727.5420 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3280 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF66D74B878D30701B.TMP | — | |
MD5:— | SHA256:— | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFAD1A872EDE93FD06.TMP | — | |
MD5:— | SHA256:— | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3A5771DD-8CF5-11E9-A09E-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
2604 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:072DDB69D3305733087E98B256F89337 | SHA256:8F91E45E3FE80D48897CDFA9C60E58FA0DB2646EB841EB2BD14AC0013CD125EB | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613\index.dat | dat | |
MD5:2F880577B04F0F5E4333ECD31890CA34 | SHA256:82112146C07D21678BF316ECD784D74182A52C4E1061173FF2E96BAF8276D92D | |||
2604 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QT53SQMS\777[1].exe | executable | |
MD5:10C87FF41B3061A6D1E50A92CE74C855 | SHA256:74E80C7BAAD76D029EF0F8E7B026C2011D7435D80FA7BEAA20AA1FEC8C16B22E | |||
3916 | vbc.exe | C:\Users\admin\AppData\Local\Temp\tmp3E30.tmp | — | |
MD5:— | SHA256:— | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{3A5771DE-8CF5-11E9-A09E-5254004A04AF}.dat | binary | |
MD5:099300739D430F1A1F58801736A80743 | SHA256:C8DC608CD257D1F379DAF4056D32609C1A246CEBA6F699E4B0EB92CBCBDA5B33 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2604 | iexplore.exe | GET | 200 | 208.43.64.151:80 | http://masertalaamar.com/777.exe | US | executable | 1006 Kb | malicious |
3280 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3280 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3092 | 777[1].exe | 93.158.134.38:587 | smtp.yandex.com | YANDEX LLC | RU | whitelisted |
2604 | iexplore.exe | 208.43.64.151:80 | masertalaamar.com | SoftLayer Technologies Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
masertalaamar.com |
| malicious |
smtp.yandex.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
2604 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |