download: | eSbC |
Full analysis: | https://app.any.run/tasks/0fff8c51-1cc4-42d4-92f4-505db36a97af |
Verdict: | Malicious activity |
Analysis date: | November 14, 2018, 09:42:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines |
MD5: | 295C0F84AFF027D2AE29C06ECB8856D4 |
SHA1: | 71EA31A7F8707B06A45342414CF78F4F72154CD5 |
SHA256: | A5C6654DC9E54A6CB385F5697E922B996DFC0AB31301E6D428880F6396BD1F3D |
SSDEEP: | 12:kxVkMqIx3bxrGn1eIVseSpZMZSyqxe6jl1IRdg3YDRRQIhI:kHkMqc3Rotjexeql1ILvRRdhI |
.html | | | HyperText Markup Language (100) |
---|
Refresh: | 5; url=http://ww9.lmwhtfy.com/ |
---|---|
Title: | Loading |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3628 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\Downloads\eSbC.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1452 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3628 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2584 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3628 CREDAT:137473 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3628 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3628 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3628 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF2DF8D4E3D9EAA6B2.TMP | — | |
MD5:— | SHA256:— | |||
2584 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\findbetterresults_com[1].txt | — | |
MD5:— | SHA256:— | |||
2584 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018111420181115\index.dat | dat | |
MD5:4024F6B1E0E7578D2DA7E3BA2AA62519 | SHA256:69610DFE8C3BB75AA259FF43E11DAE71031000336E718FD1329FEE7D554493BA | |||
3628 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{AA6CB74E-E7F1-11E8-9C83-5254004AAD11}.dat | binary | |
MD5:1D3092BA18461D8D04796EFE42AE58FF | SHA256:2643E1CC27D0D53F02DA2ED3B709713DDFCC079F0558E92B9239E536571CAA68 | |||
2584 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\min[1].js | text | |
MD5:5563332AD6AF63C9C94CEF15761BE544 | SHA256:4EFEC11A42893D4DF0249174CBE5AFAE24A5734F5DED35C5E84C56BF9F473EC2 | |||
2584 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\findbetterresults_com[1].htm | html | |
MD5:F8DBFD551043913454B08AB76D45A667 | SHA256:5BA6AD4EF990DF8AB06DAE5C1507EB8A8F10FDF131C276412E2C94AAA2764BBE | |||
1452 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018111420181115\index.dat | dat | |
MD5:AA9F8D280D9C4ACF2161816EB572CFC7 | SHA256:1F711D2BC2F5E0997CF0429D6BBB31D4491E556ED4AC72CAB58834D74A70B8F4 | |||
3628 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[2].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2584 | iexplore.exe | GET | 302 | 185.53.179.29:80 | http://ww9.lmwhtfy.com/ | DE | — | — | malicious |
2584 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://findbetterresults.com/?dn=lmwhtfy.com&pid=9PO755G95 | VG | html | 6.22 Kb | malicious |
2584 | iexplore.exe | GET | 200 | 2.16.186.64:80 | http://i4.cdn-image.com/__media__/js/min.js?v2.2 | unknown | text | 2.97 Kb | whitelisted |
2584 | iexplore.exe | GET | — | 2.16.186.64:80 | http://i1.cdn-image.com/__media__/pics/12471/libgh.png | unknown | — | — | whitelisted |
2584 | iexplore.exe | GET | 200 | 2.16.186.64:80 | http://i1.cdn-image.com/__media__/pics/12471/kwbg.jpg | unknown | image | 36.3 Kb | whitelisted |
2584 | iexplore.exe | GET | 200 | 2.16.186.64:80 | http://i1.cdn-image.com/__media__/pics/12471/bodybg.png | unknown | image | 94.9 Kb | whitelisted |
2584 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://findbetterresults.com/px.js?ch=1 | VG | text | 346 b | malicious |
2584 | iexplore.exe | GET | 200 | 2.16.186.64:80 | http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot? | unknown | eot | 33.8 Kb | whitelisted |
2584 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://findbetterresults.com/px.js?ch=2 | VG | text | 346 b | malicious |
2584 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://findbetterresults.com/sk-logabpstatus.php?a=cTVzSEgxZXBudzgzN1BuUUhzS3lCMVNWK04wOGNuQzQzcW95MC9ycnQ5L3RtMFpPTjJ4RFpuREdGN0txejRSYWpZQ1J4VXJhZi85ckREeENQTEZCdXZKL093MWZpM1lWb1Q0OXNRVlJldEU9&b=false | VG | text | 346 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3628 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2584 | iexplore.exe | 2.16.186.106:80 | i4.cdn-image.com | Akamai International B.V. | — | whitelisted |
2584 | iexplore.exe | 2.16.186.64:80 | i4.cdn-image.com | Akamai International B.V. | — | whitelisted |
3628 | iexplore.exe | 208.91.196.46:80 | findbetterresults.com | Confluence Networks Inc | VG | malicious |
2584 | iexplore.exe | 208.91.196.46:80 | findbetterresults.com | Confluence Networks Inc | VG | malicious |
2584 | iexplore.exe | 185.53.179.29:80 | ww9.lmwhtfy.com | Team Internet AG | DE | malicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
ww9.lmwhtfy.com |
| malicious |
findbetterresults.com |
| malicious |
i4.cdn-image.com |
| whitelisted |
i2.cdn-image.com |
| whitelisted |
i1.cdn-image.com |
| whitelisted |
i3.cdn-image.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2584 | iexplore.exe | Misc activity | ADWARE [PTsecurity] InstantAccess |