URL: | http://www.get-xmas.com/download/cursorsnowflakes.zip |
Full analysis: | https://app.any.run/tasks/6e82dda7-a9bc-48a9-86ea-42f0c031bf70 |
Verdict: | Malicious activity |
Analysis date: | December 18, 2018, 09:23:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | C0CFA3A1D13FDFFDB558A7C6B780603C |
SHA1: | E46AF0EFFF446EEEE6F261E2A90764BB7E3EF4CB |
SHA256: | CF7CE8E263A04055D876F61ACE3F0ABF9933752097958B31ABA045D5F86A35A7 |
SSDEEP: | 3:N1KJS4SGBKLXvMkV:Cc4G7TV |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2732 | "C:\Program Files\Internet Explorer\iexplore.exe" http://www.get-xmas.com/download/cursorsnowflakes.zip | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3396 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2732 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2532 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cursorsnowflakes[1].zip" | C:\Program Files\WinRAR\WinRAR.exe | iexplore.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2572 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2532.4911\CursorSnowflakes.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2532.4911\CursorSnowflakes.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2732 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2732 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2732 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFEBA6D38FC33AF556.TMP | — | |
MD5:— | SHA256:— | |||
2732 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF18512D1D3C1D6673.TMP | — | |
MD5:— | SHA256:— | |||
2732 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9C39AB07-02A6-11E9-834A-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
3396 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018121820181219\index.dat | dat | |
MD5:95F9D46CE6E98D968BAAF99F81D4D36B | SHA256:36F1B3390E64F8C1EFF1E6B7B62D7591CC0AEF2CBBE161D24EF118EF657089B9 | |||
2732 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018121820181219\index.dat | dat | |
MD5:C3BBE9B9E8D2693EC5F4061144F195A8 | SHA256:02B4E8E413CA852CB20ECFEA5093D549F3F3905E20EF07E389913AD01DE210A3 | |||
2732 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9C39AB08-02A6-11E9-834A-5254004A04AF}.dat | binary | |
MD5:BF5811AA2F7088295FC1A9F7201D6489 | SHA256:07F55DF5150BDC9753B4C3418270C1EA531CFF651C103D510D0CC9A5C2F4FB99 | |||
3396 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log | text | |
MD5:B82FFCAD9BCBB23845B20673AB804885 | SHA256:D85C060BBD167C63D683DCE4AD4A7D19D21AA97F05982009EC03E673E2245234 | |||
2732 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cursorsnowflakes[1].zip:Zone.Identifier | text | |
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B | SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3396 | iexplore.exe | GET | 200 | 83.222.124.62:80 | http://www.get-xmas.com/download/cursorsnowflakes.zip | US | compressed | 316 Kb | malicious |
2732 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2732 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3396 | iexplore.exe | 83.222.124.62:80 | www.get-xmas.com | True Records Inc. | US | malicious |
Domain | IP | Reputation |
---|---|---|
www.get-xmas.com |
| malicious |
www.bing.com |
| whitelisted |