URL: | http://lowffdompro.com/metric/?mid=&wid=52096&sid=&tid=5793&rid=LAUNCHED&t=1565702850284 |
Full analysis: | https://app.any.run/tasks/83ad5dd8-3b7b-4311-8e9f-a3a6fd393d97 |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 18:00:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 38BF9274C37361F7AE46FC74B0A775AB |
SHA1: | EEFE75FC266B525927B0903B9C17B516D635B16E |
SHA256: | D80D8F19DA0F3882A9ADCE28518B3631838124E17A3F4DE1CD502DF568A13A0D |
SSDEEP: | 3:N1KSKSD1othI99fABu6OXL3DrQTH/+n:CSJBKI990OTP4+ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2176 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://lowffdompro.com/metric/?mid=&wid=52096&sid=&tid=5793&rid=LAUNCHED&t=1565702850284" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3076 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2176 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2176 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2176 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3076 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:A33A9AD60DE49E3247CD0380C30EC3FE | SHA256:18D3A2F1C4207A4E41C5F3652FEFC29B281F48A0FDF35108E4F25233CF741D0D | |||
3076 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:CF45FB94C7A20D0E982CA6D283315559 | SHA256:9C5258F94EFD59E3C5FEF11A1F8B569BF20D0F3484798FD6740A58782F57F6B4 | |||
3076 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019081320190814\index.dat | dat | |
MD5:B6044E7E95264E9F76831D1E666B23A8 | SHA256:7FFD512BC3CE0CD6BF01F198C3D7350BAEB038656FECEE2FD7A00CCC678A441A | |||
2176 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019081320190814\index.dat | dat | |
MD5:B2F242EE3229843578DE2762B5F2B983 | SHA256:BF85DD3737D006761C96D3C3A1192F009976A8CDA0F392E47A548AC3443EB458 | |||
3076 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O87AOLV7\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
3076 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y1KVS03W\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
3076 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3DX0G0X\metric[1].gif | image | |
MD5:AD4B0F606E0F8465BC4C4C170B37E1A3 | SHA256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA | |||
2176 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3076 | iexplore.exe | GET | 200 | 23.111.228.220:80 | http://lowffdompro.com/metric/?mid=&wid=52096&sid=&tid=5793&rid=LAUNCHED&t=1565702850284 | NL | image | 43 b | malicious |
2176 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2176 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2176 | iexplore.exe | 23.111.228.220:80 | lowffdompro.com | — | NL | malicious |
3076 | iexplore.exe | 23.111.228.220:80 | lowffdompro.com | — | NL | malicious |
Domain | IP | Reputation |
---|---|---|
lowffdompro.com |
| malicious |
www.bing.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3076 | iexplore.exe | A Network Trojan was detected | ET MALWARE LNKR CnC Activity M3 |