URL: | http://dsnextgen.com/?o_id=130920&domainname=www.captkaoscustoms.com%2Fchopcross.htmland |
Full analysis: | https://app.any.run/tasks/115aab5c-4826-48a7-821e-c1c5f48c3eac |
Verdict: | Malicious activity |
Analysis date: | March 30, 2020, 23:46:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | B1BD9805024CEBF5C0FEFB3228781FAA |
SHA1: | FF793D2AC48047491E29C6B8DD399BC739009CEF |
SHA256: | D443FFC4E72F128809E2DD712C4BF4B8ADBD97809A8FBFC4F8830D5F9EEE47C5 |
SSDEEP: | 3:N1KaW0TCA/KrMLfxLw6l8v2srnqjNMT1n:Ca4EKOM6l+trqjuT1 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2644 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://dsnextgen.com/?o_id=130920&domainname=www.captkaoscustoms.com%2Fchopcross.htmland" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2616 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2644 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2616 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\PGXAICWX.htm | html | |
MD5:DA8F6709AA66F1BAA90152973C6DE6C8 | SHA256:777F6CCC2413A5780A4FA25EAE88D8211C9F55FA7CF9EB941688D419EEE2A875 | |||
2616 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\8QU1CQCK.txt | text | |
MD5:51277B764FC690A52592D230CB89FB9D | SHA256:D1DE403C8B6029447C995702DE2489E6CBBE397490238F7B80A5B2CE80581B47 | |||
2616 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\saledefault[1].css | text | |
MD5:8EFD217A0C8452C520F46F6328FD3263 | SHA256:22633836724903845AC6B0B9CA1E780EEEBC0697B7AAE6DB9E54C7FC8C0E62A2 | |||
2616 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\skenzo[1].css | text | |
MD5:258924C7D7C159A3861E9838F0B40012 | SHA256:DB30F3956434FA476F2F5A605696E792A57398E8DED3AF2FEB7913C731AD7AB8 | |||
2616 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\style[1].css | text | |
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5 | SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B | |||
2644 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].ico | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
2616 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\min[1].js | text | |
MD5:5563332AD6AF63C9C94CEF15761BE544 | SHA256:4EFEC11A42893D4DF0249174CBE5AFAE24A5734F5DED35C5E84C56BF9F473EC2 | |||
2616 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\1UAOJV3W.htm | html | |
MD5:A2BBD0B2463706B1EB46B34CA57D81F8 | SHA256:9B2343BB06AF17765FF7E1BD7E5AB593E5938185556AC4C11F3BD32058EDB5C5 | |||
2616 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\numbg[1].png | image | |
MD5:CD677445EDDB975C728E260DCBE2DC5F | SHA256:D05D5A11979B12B4B729A6B13AF503EF868969890682F3D9133CDC05AFF01EC3 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2616 | iexplore.exe | GET | 302 | 103.224.182.251:80 | http://dsnextgen.com/?o_id=130920&domainname=www.captkaoscustoms.com%2Fchopcross.htmland | AU | — | — | malicious |
2616 | iexplore.exe | GET | 200 | 185.53.179.29:80 | http://ww38.dsnextgen.com/?o_id=130920&domainname=www.captkaoscustoms.com%2Fchopcross.htmland&subid1=20200331-1046-532f-90da-2bdb9e6f2527 | DE | html | 920 b | malicious |
2644 | iexplore.exe | GET | 200 | 185.53.179.29:80 | http://ww38.dsnextgen.com/favicon.ico | DE | — | — | malicious |
2616 | iexplore.exe | GET | 200 | 13.224.197.39:80 | http://d1lxhc4jvstzrp.cloudfront.net/themes/saledefault.css | US | text | 1.48 Kb | shared |
2616 | iexplore.exe | GET | 200 | 23.55.110.198:80 | http://i3.cdn-image.com/__media__/pics/26874/bgimg.jpg | US | image | 22.1 Kb | whitelisted |
2616 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://iyfsearch.com/px.js?ch=1 | VG | text | 346 b | suspicious |
2616 | iexplore.exe | GET | 200 | 23.55.110.198:80 | http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot? | US | eot | 28.5 Kb | whitelisted |
2616 | iexplore.exe | GET | 200 | 23.55.110.184:80 | http://i4.cdn-image.com/__media__/pics/26874/sarrow.png | US | image | 735 b | whitelisted |
2616 | iexplore.exe | GET | 200 | 23.55.110.184:80 | http://i4.cdn-image.com/__media__/js/min.js?v2.2 | US | text | 2.97 Kb | whitelisted |
2616 | iexplore.exe | GET | 200 | 185.53.178.30:80 | http://c.parkingcrew.net/scripts/sale_form.js | DE | text | 761 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2616 | iexplore.exe | 185.53.179.29:80 | ww38.dsnextgen.com | Team Internet AG | DE | malicious |
2616 | iexplore.exe | 13.224.197.39:80 | d1lxhc4jvstzrp.cloudfront.net | — | US | suspicious |
2616 | iexplore.exe | 103.224.182.251:80 | dsnextgen.com | Trellian Pty. Limited | AU | suspicious |
2616 | iexplore.exe | 185.53.178.30:80 | c.parkingcrew.net | Team Internet AG | DE | suspicious |
2616 | iexplore.exe | 208.91.196.46:80 | iyfsearch.com | Confluence Networks Inc | VG | malicious |
2644 | iexplore.exe | 185.53.179.29:80 | ww38.dsnextgen.com | Team Internet AG | DE | malicious |
2644 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2616 | iexplore.exe | 23.55.110.198:80 | i4.cdn-image.com | NTT America, Inc. | US | unknown |
2644 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2616 | iexplore.exe | 23.55.110.184:80 | i4.cdn-image.com | NTT America, Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
dsnextgen.com |
| malicious |
ww38.dsnextgen.com |
| malicious |
d1lxhc4jvstzrp.cloudfront.net |
| shared |
c.parkingcrew.net |
| whitelisted |
iyfsearch.com |
| suspicious |
i4.cdn-image.com |
| whitelisted |
i3.cdn-image.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2616 | iexplore.exe | Misc activity | ADWARE [PTsecurity] InstantAccess |