URL: | http://syndication.dynsrvtyu.comcimp.php?data=MTU2ODM1MTQ3OXxiNTFmNmEwMTBhYmU2MjFmNDhkNzJmZGEyMzkzZTE1Mg==|http://tutza.com/category/music/?&utm_campaign=2907862&utm_source=adexchange-802527.com&utm_medium=popunder&exotracker= |
Full analysis: | https://app.any.run/tasks/a3b241ef-3514-4302-8dd3-e191ce583db9 |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 19:03:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | AFB6C98FD0A566FBAE8BA55B6FA65466 |
SHA1: | E2FAFA1E328C689B465A7065FF4568452F0E1484 |
SHA256: | C50C2046FE9D2E725935A66987A9AC32F9A7FDDA747D9EA8FF85C35AAEC7C916 |
SSDEEP: | 6:COi0e4ij3yyjYbshEYU/2i12RcmEWnkE2v7yB1LiF:xUh3yy+UETbmil7yB16 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2108 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://syndication.dynsrvtyu.comcimp.php?data=MTU2ODM1MTQ3OXxiNTFmNmEwMTBhYmU2MjFmNDhkNzJmZGEyMzkzZTE1Mg==|http://tutza.com/category/music/?&utm_campaign=2907862&utm_source=adexchange-802527.com&utm_medium=popunder&exotracker=" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2448 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2108 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3968 | -modal 327972 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\admin\AppData\Local\Temp\NDF5549.tmp -ep NetworkDiagnosticsWeb | C:\Windows\system32\msdt.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Diagnostics Troubleshooting Wizard Exit code: 2 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2844 | C:\Windows\System32\sdiagnhost.exe -Embedding | C:\Windows\System32\sdiagnhost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Scripted Diagnostics Native Host Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1016 | "C:\Windows\system32\ipconfig.exe" /all | C:\Windows\system32\ipconfig.exe | — | sdiagnhost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: IP Configuration Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1028 | "C:\Windows\system32\ROUTE.EXE" print | C:\Windows\system32\ROUTE.EXE | — | sdiagnhost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Route Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3996 | "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf | C:\Windows\system32\makecab.exe | — | sdiagnhost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft® Cabinet Maker Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1072 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2108 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2108 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2448 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4B1SHP2O\dnserror[1] | html | |
MD5:68E03ED57EC741A4AFBBCD11FAB1BDBE | SHA256:1FF3334C3EB27033F8F37029FD72F648EDD4551FCE85FC1F5159FEAEA1439630 | |||
2448 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2RDA1VC6\errorPageStrings[1] | text | |
MD5:1A0563F7FB85A678771450B131ED66FD | SHA256:EB5678DE9D8F29CA6893D4E6CA79BD5AB4F312813820FE4997B009A2B1A1654C | |||
2448 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SI590S7D\dnserror[1] | html | |
MD5:68E03ED57EC741A4AFBBCD11FAB1BDBE | SHA256:1FF3334C3EB27033F8F37029FD72F648EDD4551FCE85FC1F5159FEAEA1439630 | |||
2448 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PFVS32U1\httpErrorPagesScripts[1] | text | |
MD5:E7CA76A3C9EE0564471671D500E3F0F3 | SHA256:58268CA71A28973B756A48BBD7C9DC2F6B87B62AE343E582CE067C725275B63C | |||
2448 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4B1SHP2O\noConnect[1] | image | |
MD5:3CB8FACCD5DE434D415AB75C17E8FD86 | SHA256:6976C426E3AC66D66303C114B22B2B41109A7DE648BA55FFC3E5A53BD0DB09E7 | |||
2448 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:675632815FA20A496A584221662E7F9B | SHA256:810A8897F8E9AF3168ACA212605ADEC3225D7793124B9F7B50015C517C400E83 | |||
2448 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SI590S7D\errorPageStrings[1] | text | |
MD5:1A0563F7FB85A678771450B131ED66FD | SHA256:EB5678DE9D8F29CA6893D4E6CA79BD5AB4F312813820FE4997B009A2B1A1654C | |||
2448 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PFVS32U1\favcenter[1] | image | |
MD5:25D76EE5FB5B890F2CC022D94A42FE19 | SHA256:07D07A467E4988D3C377ACD6DC9E53ABCA6B64E8FBF70F6BE19D795A1619289B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2448 | iexplore.exe | GET | 301 | 104.18.50.189:80 | http://tutza.com/category/music/?&utm_campaign=2907862&utm_source=adexchange-802527.com&utm_medium=popunder&exotracker= | US | — | — | shared |
2448 | iexplore.exe | GET | 200 | 104.18.50.189:80 | http://tutza.com/wp/wp-content/plugins/facebook-page-promoter-lightbox/includes/featherlight/featherlight.min.css?ver=5.2.3 | US | text | 705 b | shared |
2448 | iexplore.exe | GET | 200 | 104.18.50.189:80 | http://tutza.com/wp/wp-content/themes/musiks-child/style.css?ver=5.2.3 | US | text | 3.15 Kb | shared |
2448 | iexplore.exe | GET | 200 | 104.18.50.189:80 | http://tutza.com/category/music/?utm_campaign=2907862&utm_source=adexchange-802527.com&utm_medium=popunder&exotracker= | US | html | 16.4 Kb | shared |
2448 | iexplore.exe | GET | 200 | 104.18.50.189:80 | http://tutza.com/wp/wp-content/plugins/buddypress/bp-templates/bp-nouveau/css/buddypress.min.css?ver=4.4.0 | US | text | 14.4 Kb | shared |
2448 | iexplore.exe | GET | 200 | 104.18.50.189:80 | http://tutza.com/wp/wp-content/plugins/tutza-ad-manager/public/css/tutza_ad_manager-public.css?ver=1.0.0 | US | text | 603 b | shared |
2448 | iexplore.exe | GET | 200 | 104.18.50.189:80 | http://tutza.com/wp/wp-content/plugins/easy-digital-downloads/templates/edd.min.css?ver=2.9.17 | US | text | 4.13 Kb | shared |
2448 | iexplore.exe | GET | 200 | 104.18.50.189:80 | http://tutza.com/wp/wp-includes/css/dashicons.min.css?ver=5.2.3 | US | text | 27.8 Kb | shared |
2448 | iexplore.exe | GET | 200 | 104.18.50.189:80 | http://tutza.com/wp/wp-content/plugins/sharethis-share-buttons/css/mu-style.css?ver=5.2.3 | US | text | 26 b | shared |
2448 | iexplore.exe | GET | 200 | 172.217.16.130:80 | http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?ver=5.2.3 | US | text | 35.9 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2108 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2448 | iexplore.exe | 172.217.16.130:80 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
2448 | iexplore.exe | 216.58.207.72:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
2448 | iexplore.exe | 108.177.15.155:443 | stats.g.doubleclick.net | Google Inc. | US | whitelisted |
2448 | iexplore.exe | 104.18.50.189:80 | tutza.com | Cloudflare Inc | US | shared |
2448 | iexplore.exe | 104.19.195.151:80 | cdnjs.cloudflare.com | Cloudflare Inc | US | shared |
2448 | iexplore.exe | 172.217.16.206:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
2448 | iexplore.exe | 52.222.157.56:80 | platform-api.sharethis.com | Amazon.com, Inc. | US | suspicious |
2448 | iexplore.exe | 157.240.20.19:443 | connect.facebook.net | Facebook, Inc. | US | whitelisted |
2448 | iexplore.exe | 104.16.122.175:443 | unpkg.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
syndication.dynsrvtyu.comcimp.php |
| unknown |
www.bing.com |
| whitelisted |
tutza.com |
| unknown |
www.googletagmanager.com |
| whitelisted |
platform-api.sharethis.com |
| whitelisted |
pagead2.googlesyndication.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
stats.g.doubleclick.net |
| whitelisted |
media.tutza.com |
| unknown |