URL: | http://kubometrs.ru/g11311300-truboprovodnaya-armatura?utm_medium=email&utm_source=email&utm_campaign=broen|krani|date-16-07-2019&utm_content=1 |
Full analysis: | https://app.any.run/tasks/23ba916c-16c9-4555-8f0a-9c34a35174be |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 05:55:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 2010166E2BF3C7F013948D2B453A7E78 |
SHA1: | 7C1888E18484FC6A2D907CC06DD87D525DD0C31D |
SHA256: | B51C4738DAB34290620AD602E9A337BFD6A1A3E037215520860544C1DE9F650F |
SSDEEP: | 3:N1KVQs4CUUWNZ7aME/2ABRIYrJD6QWrEMNEomU8RyRmTInORmKlAL+U:C6sPUUDNezQfWrbm7yRkuX |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2888 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://kubometrs.ru/g11311300-truboprovodnaya-armatura?utm_medium=email&utm_source=email&utm_campaign=broen|krani|date-16-07-2019&utm_content=1" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3316 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2888 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2888 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2888 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3316 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0R6SRBNK\g11311300-truboprovodnaya-armatura[1].txt | — | |
MD5:— | SHA256:— | |||
3316 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@kubometrs[1].txt | text | |
MD5:A43B873070E8CE7D35D09CCD18687981 | SHA256:6E373FD31820EF7E9D3B3AA9596CACFBEC52FD8E5AC10E48CF18EAF791FBD959 | |||
3316 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9Q1OCRJP\42299804b0ab7e68062c1943292385e3_1[1].js | text | |
MD5:9DF7F337277EECBDC16A01B9891C6C73 | SHA256:1519077E4C101DF87D51E6FD6A21F27115DF4856A208638132A57999846249AE | |||
3316 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:96E5D43C76B29A8084E292829A72668D | SHA256:006491DF1F793B42875E2C66F2F94365DB61032F54FA9E17281974A2756384FA | |||
3316 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0R6SRBNK\g11311300-truboprovodnaya-armatura[1].htm | html | |
MD5:0FD000F463371CA5468A5488BE1B45DD | SHA256:299DB728B688787EC5DF2DF78DE72099AC16553D20C4071FD56857A7CC29861E | |||
3316 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7B3HVI2Z\js[1] | text | |
MD5:75BEB43FECD3554E3D58A73BCB32B76E | SHA256:EE0022DF239CAF4EA43F405A12F76BD4CD244CE905DF55C00BA17E51C99B5A85 | |||
3316 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIR07LQX\bare[1].js | text | |
MD5:93DD496E0CB4A404A40F05F1EBBD51CB | SHA256:8CC375D5BDE2B33E77D454DB96D3ABC98E6F3C7246574B1D26082B7E77B650AA | |||
3316 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7B3HVI2Z\darkgreen-b9d5f1721fa56988ce110ec47a28372a[1].css | text | |
MD5:B9D5F1721FA56988CE110EC47A28372A | SHA256:7D8E08FC9DB7DEEC5A83AD2A1E6257B0810654F28A827A4FC2EE12262C64A213 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3316 | iexplore.exe | GET | 301 | 178.248.237.63:80 | http://kubometrs.ru/g11311300-truboprovodnaya-armatura?utm_medium=email&utm_source=email&utm_campaign=broen|krani|date-16-07-2019&utm_content=1 | RU | html | 169 b | suspicious |
2888 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3316 | iexplore.exe | 172.217.23.142:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
2888 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3316 | iexplore.exe | 178.248.237.63:443 | kubometrs.ru | HLL LLC | RU | suspicious |
3316 | iexplore.exe | 185.59.220.22:443 | cdn.sendpulse.com | Datacamp Limited | DE | unknown |
3316 | iexplore.exe | 193.34.169.18:443 | tracker.tiu.ru | UAPROM LLC | UA | suspicious |
3316 | iexplore.exe | 178.248.237.63:80 | kubometrs.ru | HLL LLC | RU | suspicious |
3316 | iexplore.exe | 185.86.56.9:443 | uaprom-static.c2.prom.st | UAPROM LLC | UA | unknown |
3316 | iexplore.exe | 193.34.169.14:443 | ruprom-uc.prom.st | UAPROM LLC | UA | unknown |
3316 | iexplore.exe | 172.217.21.200:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
3316 | iexplore.exe | 87.250.251.119:443 | mc.yandex.ru | YANDEX LLC | RU | whitelisted |
Domain | IP | Reputation |
---|---|---|
kubometrs.ru |
| suspicious |
www.bing.com |
| whitelisted |
uaprom-static.c2.prom.st |
| suspicious |
www.google-analytics.com |
| whitelisted |
mc.yandex.ru |
| whitelisted |
ruprom-uc.prom.st |
| unknown |
cdn.sendpulse.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
tracker.tiu.ru |
| suspicious |
fonts.googleapis.com |
| whitelisted |