URL: | http://www.markmonitor.com |
Full analysis: | https://app.any.run/tasks/cda1cb75-ce93-4b2e-a3bc-bf7cedf1f01d |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 10:39:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 74DB104B68D69F8EDE91586F63316D09 |
SHA1: | AE1E0AC4172B182EBCB0E88C3621BAC98F69155A |
SHA256: | A9439F1CA4FA71F7F4164B1A87D68B386F87FFDCD64F9EB97AB5D56E67C628C3 |
SSDEEP: | 3:N1KJS4A7QMLK:Cc4A7QM2 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2568 | "C:\Program Files\Internet Explorer\iexplore.exe" http://www.markmonitor.com | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2796 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2568 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2192 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab4440.tmp | — | |
MD5:— | SHA256:— | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar4450.tmp | — | |
MD5:— | SHA256:— | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab4461.tmp | — | |
MD5:— | SHA256:— | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar4462.tmp | — | |
MD5:— | SHA256:— | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab450F.tmp | — | |
MD5:— | SHA256:— | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar4510.tmp | — | |
MD5:— | SHA256:— | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:7759CE3C78A24ADE22C2B9939D7CD4D0 | SHA256:15FE7FFC15A66F9A59529B405D9EA49337900B916E001971BDC5112018A06A6E | |||
2796 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | binary | |
MD5:762AA55129FEA643E27124AC8C9399DB | SHA256:F3E10ECF232385FAE599FDE3E20FC6DC6491222BE265B83501EFD328CF072D22 | |||
2796 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:B213FF2C9518862251CD127A14D9C988 | SHA256:F28F4B270C65F0313EC63FF0663B9C71B18616EC8D4EDD04649FD5062711AA11 | |||
2796 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 | compressed | |
MD5:7EB117D4F238090940DBE43EFBCDF1F4 | SHA256:A45A77D256628943190F8AA0F4673496D11DBA6BC3569796B6F733465FD005E4 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2796 | iexplore.exe | GET | 302 | 209.200.153.138:80 | http://www.markmonitor.com/ | US | html | 212 b | suspicious |
2796 | iexplore.exe | GET | 200 | 205.185.216.42:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 56.1 Kb | whitelisted |
2796 | iexplore.exe | GET | 200 | 205.185.216.42:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DF3C24F9BFD666761B268073FE06D1CC8D4F82A4.crt | US | der | 914 b | whitelisted |
2568 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
2796 | iexplore.exe | GET | 200 | 54.230.129.13:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2796 | iexplore.exe | 209.200.153.138:80 | www.markmonitor.com | Akamai Technologies, Inc. | US | whitelisted |
2796 | iexplore.exe | 172.217.16.138:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
2796 | iexplore.exe | 205.185.216.42:80 | www.download.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2568 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2568 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2796 | iexplore.exe | 172.217.23.138:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2796 | iexplore.exe | 209.200.153.138:443 | www.markmonitor.com | Akamai Technologies, Inc. | US | whitelisted |
2796 | iexplore.exe | 172.217.22.42:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
— | — | 151.101.2.110:443 | fast.wistia.com | Fastly | US | suspicious |
— | — | 172.217.22.72:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.markmonitor.com |
| suspicious |
www.bing.com |
| whitelisted |
www.download.windowsupdate.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
1.tl813.com |
| unknown |
www.googletagmanager.com |
| whitelisted |
fast.wistia.com |
| whitelisted |