URL: | http://parkingcrew.net/assets/scripts/js3.js |
Full analysis: | https://app.any.run/tasks/2dbbf444-97e1-48fd-b809-40c6a69fab12 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2019, 19:27:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | B89239BCDE6F706B060FD490F8BFE3F6 |
SHA1: | 934699C9A9842AF9E44CDC7D25F5FD0AA8B4C09F |
SHA256: | C16F2301B6B606F60FB5B037C9301D66D0451A99FE6C88EC19591989A4025A75 |
SSDEEP: | 3:N1KOEX3yXRfhUc7U5:COQyVhj7q |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2952 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3100 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2952 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3732 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\js3[1].js" | C:\Windows\System32\WScript.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
2448 | "C:\Program Files\Internet Explorer\iexplore.exe" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2564 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2448 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3176 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2448 CREDAT:6407 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2812 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2952 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2952 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2952 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF37F642BC9C1A74AF.TMP | — | |
MD5:— | SHA256:— | |||
2952 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFC294F5F6F0ECCF8B.TMP | — | |
MD5:— | SHA256:— | |||
2952 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{D94F71B5-150D-11E9-91D7-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
2448 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2448 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2448 | iexplore.exe | C:\Users\admin\Desktop\js3.js\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
3100 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011020190111\index.dat | dat | |
MD5:AF3B213B48324B28415589A4CD4863A6 | SHA256:2FDA98B3C471C2F47A36FD7358C0C7F4ADEDC2A92064463AB3B98EECB91610DA | |||
2952 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011020190111\index.dat | dat | |
MD5:A2972D6344FCB12BF8D1B38067209654 | SHA256:47415CC445A97479E3DD98856C5274AB29AF8B849950BE8BC2BFD409FADFC5AB |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2564 | iexplore.exe | GET | 304 | 185.53.179.29:80 | http://parkingcrew.net/assets/scripts/js3.js | DE | — | — | whitelisted |
3176 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/search?q=virustotal&src=IE-SearchBox&FORM=IE8SRC | US | html | 35.9 Kb | whitelisted |
3176 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/rb/5m/cj,nj/3e6a7d75/9a358300.js?bu=EpYetB7fHeId5QTwHfIdwB70Hfsdgx6sHqoenx6UHbgcuxyXHQ | US | text | 4.95 Kb | whitelisted |
3176 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/fd/ls/l?IG=7CED119F1919481BB8097599B342D050&CID=283EEE2F3C6067622E2DE2CF3D7E666F&Type=Event.CPT&DATA={"pp":{"S":"L","FC":62,"BC":219,"SE":-1,"TC":-1,"H":297,"BP":375,"CT":390,"IL":3},"ad":[-1,-1,772,444,1089,498,0]}&P=SERP&DA=DUB02 | US | image | 5.73 Kb | whitelisted |
3100 | iexplore.exe | GET | 200 | 185.53.179.29:80 | http://parkingcrew.net/assets/scripts/js3.js | DE | text | 17.5 Kb | whitelisted |
3176 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/rs/2Y/1K/cj,nj/5983aa50/f8c6dd44.js | US | text | 773 b | whitelisted |
3176 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/rs/5m/1la/cj,nj/e90431ed/b2fe50be.js | US | text | 171 b | whitelisted |
3176 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/rs/5d/2u/cj,nj/bab57e12/ea8fe300.js | US | text | 2.75 Kb | whitelisted |
3176 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/rs/6o/4T/cj,nj/57324345/ae00a169.js | US | text | 1.72 Kb | whitelisted |
3176 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/sa/simg/SharedSpriteDesktopRewards_022118.png | US | image | 5.73 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2952 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3176 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2448 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3100 | iexplore.exe | 185.53.179.29:80 | parkingcrew.net | Team Internet AG | DE | malicious |
3176 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2564 | iexplore.exe | 185.53.179.29:80 | parkingcrew.net | Team Internet AG | DE | malicious |
3176 | iexplore.exe | 74.125.34.46:443 | www.virustotal.com | Google Inc. | US | whitelisted |
3176 | iexplore.exe | 72.247.178.105:80 | a4.bing.com | Akamai International B.V. | NL | whitelisted |
3176 | iexplore.exe | 65.55.163.82:443 | login.live.com | Microsoft Corporation | US | whitelisted |
3176 | iexplore.exe | 168.63.138.145:80 | cd0b7a7e84ef76f07cb1b87acb639b87.clo.footprintdns.com | Microsoft Corporation | HK | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
parkingcrew.net |
| whitelisted |
login.live.com |
| whitelisted |
9f1c32430d1f8fa1bef9a41c26e6dfd7.clo.footprintdns.com |
| unknown |
cd0b7a7e84ef76f07cb1b87acb639b87.clo.footprintdns.com |
| unknown |
a4.bing.com |
| whitelisted |
www.virustotal.com |
| whitelisted |
virustotalcloud.appspot.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
ssl.google-analytics.com |
| whitelisted |