URL: | https://theonlygames.com/ce/ce_1020/land_ce_121020_na_en/?landing\=modest&haff_pid\=5&haff_oid\=16&haff_cid\=4ae100006e79ace6&haff_sub1\=4370757&haff_sub2\=&haff_sub3\=&haff_tag\=cpa&utm_source\=hooligan |
Full analysis: | https://app.any.run/tasks/17e406e6-7a02-43b8-8486-4c059ca2b6f1 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 08:59:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | BD02E2025A64FE25AB7E06DBDD7CB3A8 |
SHA1: | CF35726DEEC2E4FD7BE7904DA8C185CF11F3C799 |
SHA256: | D6060895699DD9E0D79DAF772D7930EFAE24F308D906162886C2C7075E479F1B |
SSDEEP: | 3:N8FAK9cHIngAdA6UVXMiMGDRrTim3BAWlN4LgDOG0lGiAUdewPN46E5GSHJU2GBG:2h9oIngVqsRPxb7RjblGSHJyrufW7YLn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1000 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://theonlygames.com/ce/ce_1020/land_ce_121020_na_en/?landing\=modest&haff_pid\=5&haff_oid\=16&haff_cid\=4ae100006e79ace6&haff_sub1\=4370757&haff_sub2\=&haff_sub3\=&haff_tag\=cpa&utm_source\=hooligan" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2996 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1000 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\land_ce_121020_na_en[1].htm | html | |
MD5:CDFF4B317BAA1E464A28719B7963C44F | SHA256:33449B3D4A6CCB535A0E4284FEBC2410FDAD8223F629A2129B7F86A9115F6DCD | |||
2996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\awpx_click[1].js | text | |
MD5:1E596326DCD6E03DE94281A1D54449B7 | SHA256:D8F13A3A5AC434BCB827EF744A472239F68BA781C661EA7DC3D6D80C1AEE5E40 | |||
2996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\notice[1].png | image | |
MD5:A363F371D7CCBFC88C3D35885106C120 | SHA256:885CBCB649154D7B30A5383F9E436A7B49F2A28884EA2C6BD3A4AB323C14BFDE | |||
2996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\main[1].css | text | |
MD5:318EE32C1E43C57C02DEDD416274C41D | SHA256:C6EB85F915C2798D4AAC423B9E5198F78ACFBB1A8977BF213EEFCD83893F9A47 | |||
1000 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:13B409C88BEA60AAA59C1C7594FCBCC9 | SHA256:F2172F0174ADA36895AAB0F97588EA31F92A41BDDD549D81AD363B9B676B9793 | |||
2996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\p1[1].png | image | |
MD5:6C53C13C0CD9DBE619265F182CC1D470 | SHA256:2B62F392506EF4E906863D9D0E0CD1FE763F9465E9277A07B1FA904C48EA15BD | |||
1000 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F | der | |
MD5:DF6DEECBA36F8D0AF53EAFA9C51AB1F7 | SHA256:60D1053BDE5FBCA23ED8976F1EABAEE9C4BB459D9C997E5A76BB2182EE916D98 | |||
2996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\p3[1].png | image | |
MD5:DEDA1E0F8EE365F5EC608359F6AA3993 | SHA256:915AADE99795B115C367F0F52EAAF799825CD6EAFB86ECDD121471BEB84F0CD3 | |||
1000 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:C41DD2DDAE13C03B3846ACDA1F822951 | SHA256:7F5385A26226454193018DA55BE8C5D3796A1A4A19738B0C5CCE612D872B6677 | |||
2996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\chain[1].png | image | |
MD5:96B536DFC5315191D392484BE8F989B0 | SHA256:1DEF00C869315F2970E0D4D4AFFC8919BC245D2BA4A46324FA06C7CB50C676DA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2996 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ba69424ae744821e | US | compressed | 60.0 Kb | whitelisted |
2996 | iexplore.exe | GET | 200 | 92.123.224.235:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNG7UZme8WRSAca5bJiZyFPxA%3D%3D | unknown | der | 503 b | shared |
1000 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1000 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
2996 | iexplore.exe | GET | 200 | 104.89.32.83:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
2996 | iexplore.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D | US | der | 1.26 Kb | whitelisted |
2996 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHUeP1PjGFkz6V8I7O6tApc%3D | US | der | 1.41 Kb | whitelisted |
2996 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDDr6WyPB2UqgqvyNjw%3D%3D | US | der | 941 b | whitelisted |
1000 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2e50a28c016993cb | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1000 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1000 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1000 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2996 | iexplore.exe | 104.21.235.54:443 | theonlygames.com | Cloudflare Inc | US | suspicious |
2996 | iexplore.exe | 204.155.147.176:443 | ln.gamesrevenue.com | WZ Communications Inc. | US | suspicious |
2996 | iexplore.exe | 104.21.235.53:443 | theonlygames.com | Cloudflare Inc | US | suspicious |
— | — | 93.184.221.240:80 | ctldl.windowsupdate.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2996 | iexplore.exe | 104.89.32.83:80 | x1.c.lencr.org | Akamai Technologies, Inc. | NL | suspicious |
2996 | iexplore.exe | 87.250.251.119:443 | mc.yandex.ru | YANDEX LLC | RU | whitelisted |
2996 | iexplore.exe | 92.123.224.235:80 | r3.o.lencr.org | Akamai International B.V. | — | unknown |
Domain | IP | Reputation |
---|---|---|
theonlygames.com |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
ln.gamesrevenue.com |
| suspicious |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |
iecvlist.microsoft.com |
| whitelisted |