URL: | http://zalupivka.xyz/sc/ssrload.txt |
Full analysis: | https://app.any.run/tasks/a08fde3e-2531-4df3-80f8-b3738bf96c01 |
Verdict: | Malicious activity |
Analysis date: | September 11, 2019, 09:30:51 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 044932FAFB3368A38DECBB11D61896E2 |
SHA1: | 6C87CF35E93216E55397EE6B20FA47F28905171F |
SHA256: | CE73C943ED9172B92F0BEF867B8B206AB459917565C3CE83E3BE4602CCD99C8C |
SSDEEP: | 3:N1KEgASOiAKHcpLV:CE/SOifCV |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3048 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://zalupivka.xyz/sc/ssrload.txt" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3660 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3048 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3048 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3660 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:30B81BBBDD1AA5C29F6BCF45552DF334 | SHA256:7A94E52E5097D49707359BD0893E80502F624A9ED17E58A090B2F75A92B529AF | |||
3048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019091120190912\index.dat | dat | |
MD5:E65B8F31EADBE515C2C9CFBCA6841451 | SHA256:9FF18468F4381CB3D6A38C2EA77FC3AD6226BF32747C3FE35D5A7E51CB435F72 | |||
3660 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019091120190912\index.dat | dat | |
MD5:3E84B3AF0D9DE1E5D8DB093569CE60A3 | SHA256:3A1638D2C7F3E1FD2E226C51985D738F7EC75EC4D359F5D22A3FA3E5974D059F | |||
3048 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@zalupivka[1].txt | text | |
MD5:C13AD862DA54C9AC338F274C1A8A6BFC | SHA256:A1AC93C612C9824E9B03958C96BC85DCE9C46F3B24BB86278FB8F8CA16F9D20E | |||
3660 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:8F07574483FD0D544851F748FB465870 | SHA256:AC30E56922DA2A92CABFD6E2D20DE0BA3605547E3DFD7980B79A82F63CD906D1 | |||
3660 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:A243EED3DB785DE66AED03DC97C934BA | SHA256:B3919C700BD0D9474A91F1242F74FF146BC5491B0581B0066B0A2A0E60C163D2 | |||
3660 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@zalupivka[1].txt | text | |
MD5:D9272DA298E69C48CBDA5A01BB77BB8A | SHA256:2727D35FA628E2AD9FF5E466F58D30D3303F01A632C9B1752A572F64D0A3957B | |||
3660 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LGJ2UHWG\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3660 | iexplore.exe | GET | — | 195.22.26.248:80 | http://zalupivka.xyz/sc/ssrload.txt | PT | — | — | malicious |
3048 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3048 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3048 | iexplore.exe | 195.22.26.248:80 | zalupivka.xyz | Claranet Ltd | PT | malicious |
3660 | iexplore.exe | 195.22.26.248:80 | zalupivka.xyz | Claranet Ltd | PT | malicious |
Domain | IP | Reputation |
---|---|---|
zalupivka.xyz |
| malicious |
www.bing.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3660 | iexplore.exe | A Network Trojan was detected | ET CNC Ransomware Tracker Reported CnC Server group 62 |
3660 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
3048 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |