URL: | http://www.mediafire.com/file/kxyrlxrujr9du2o/Master_in_Hacking_with_XSS_Cross_Site_Scripting_Downloaded_By_Muhammad_Zubair.zip/file |
Full analysis: | https://app.any.run/tasks/0440ae4c-58c6-4171-bb30-39b972253a28 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 19:55:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | EA6F6A3080EEB488914807B2D6DFEC82 |
SHA1: | 71E1BBACBD964F505FD50188ECE1C8DF54C87604 |
SHA256: | C190FBECAEF081BD6768486E99C69D37EFE2583F6B1091162A7075FA6BE0744F |
SSDEEP: | 3:N1KJS4w3eGUoPXJV8Bhmy5QgcuWdV66kz2BdDYEaHlIVY9:Cc4w3eGDJgP5idVzkzWFM7 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2220 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.mediafire.com/file/kxyrlxrujr9du2o/Master_in_Hacking_with_XSS_Cross_Site_Scripting_Downloaded_By_Muhammad_Zubair.zip/file" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3736 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2220 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3736 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_F105773D1FB0AC7088EC8BBEDEF850B8 | der | |
MD5:F301A5959362CC13B7DE04C29503D310 | SHA256:98B10D20447DBCDA628027E2B014C706CF37B4884A602173A0F3DC6B483F5568 | |||
3736 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\tag[1].js | text | |
MD5:7A698F8D9BCB69BC39039C6510AA6927 | SHA256:B12FD7B55A5307DDAD640B1E3229E477B56C068559F9EA7B7787F5B3B312B78C | |||
3736 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:494A7483CEAF488A79CB45418E88ECCD | SHA256:9A65904F97742B3D8844EFAFCE7D9E9DA7C1B96A8FDE541E718768AE68293D50 | |||
3736 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\52MGEK67.txt | text | |
MD5:167133F3C0B3732A6DEBF8A7EB661390 | SHA256:E3E8F683B1E1CA7002F6F7CC1BAD98C58C4D06D94F4186867477BE9F38486E80 | |||
3736 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2PCAOW3.txt | text | |
MD5:51802768812EBA8FD1EE62FCC7161F24 | SHA256:18DA5C4902B6130B2B61AD4D1DEF945B68538C86D3E2D0DAE6B4717346DF1B1B | |||
2220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:47ADE8B6D84C5840EE606D750C836B74 | SHA256:1AA7BB18C7BB96B156B00FAC446AA07DEB304747E01257CA8D50081717518F2F | |||
3736 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VO4EV34.txt | text | |
MD5:BD35E84EE56660559C84D38A1262EF77 | SHA256:2819A8A5020163C775D82D893829EC59ABD42953A9368B97654BACB5D90D3DF1 | |||
3736 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:CE02D137255EB217268E631E792F16F6 | SHA256:16D7C8D20A7AB0AF46C829D90DFF4448BD5283185BC8B8D0186B1B57A42C2DF8 | |||
3736 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\file[1].htm | html | |
MD5:B4EF637D55D615917181A4EBD9459562 | SHA256:8324504DB7C1AB61CE8A4F54033F20A39EDACBAE25F1E1F04E0CBF93408CBB82 | |||
3736 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DNCR7ALM.txt | text | |
MD5:989619047A8FDF74099BA74365598436 | SHA256:DCC10C691CA5CA8F04DC71D788620D943FA42D3E156116598535E64D2DB4AC10 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3736 | iexplore.exe | GET | — | 104.16.202.237:80 | http://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png | US | — | — | shared |
3736 | iexplore.exe | GET | 301 | 142.250.185.78:80 | http://translate.google.com/translate_a/element.js?cb=googFooterTranslate | US | — | — | whitelisted |
3736 | iexplore.exe | GET | 200 | 104.16.203.237:80 | http://www.mediafire.com/file/kxyrlxrujr9du2o/Master_in_Hacking_with_XSS_Cross_Site_Scripting_Downloaded_By_Muhammad_Zubair.zip/file | US | html | 83.1 Kb | shared |
3736 | iexplore.exe | GET | 200 | 104.16.202.237:80 | http://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg | US | image | 300 b | shared |
3736 | iexplore.exe | GET | 200 | 104.16.203.237:80 | http://www.mediafire.com/images/icons/svg_light/icons_sprite.svg | US | image | 8.18 Kb | shared |
3736 | iexplore.exe | GET | 200 | 104.16.202.237:80 | http://static.mediafire.com/images/filetype/file-zip-v3.png | US | image | 1.83 Kb | shared |
3736 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
2220 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3736 | iexplore.exe | GET | 200 | 104.16.202.237:80 | http://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png | US | image | 7.95 Kb | shared |
3736 | iexplore.exe | GET | 200 | 104.16.202.237:80 | http://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png | US | image | 583 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3736 | iexplore.exe | 142.250.184.200:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
3736 | iexplore.exe | 142.250.74.206:443 | fundingchoicesmessages.google.com | Google Inc. | US | whitelisted |
3736 | iexplore.exe | 142.250.185.78:443 | translate.google.com | Google Inc. | US | whitelisted |
3736 | iexplore.exe | 142.250.185.78:80 | translate.google.com | Google Inc. | US | whitelisted |
3736 | iexplore.exe | 18.66.242.149:443 | cdn.amplitude.com | Massachusetts Institute of Technology | US | unknown |
3736 | iexplore.exe | 104.16.203.237:80 | www.mediafire.com | Cloudflare Inc | US | unknown |
3736 | iexplore.exe | 104.16.94.65:443 | static.cloudflareinsights.com | Cloudflare Inc | US | shared |
3736 | iexplore.exe | 104.26.7.139:443 | btloader.com | Cloudflare Inc | US | suspicious |
— | — | 192.168.100.2:53 | — | — | — | whitelisted |
3736 | iexplore.exe | 104.16.202.237:80 | www.mediafire.com | Cloudflare Inc | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.microsoft.com |
| whitelisted |
www.mediafire.com |
| shared |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
btloader.com |
| whitelisted |
translate.google.com |
| whitelisted |
static.cloudflareinsights.com |
| whitelisted |
fundingchoicesmessages.google.com |
| whitelisted |
cdn.amplitude.com |
| whitelisted |