URL: | http://gohaiendo.com/ppk/index.php |
Full analysis: | https://app.any.run/tasks/fe7fbd70-ebeb-470d-9d12-0c2103fe339e |
Verdict: | Malicious activity |
Analysis date: | April 25, 2019, 01:52:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 2682A39039DF00D3CAED8DDB7A8CA27C |
SHA1: | D64B11891D7DCA85B97B8CCD32B4950CBDA0383A |
SHA256: | D933C5D09DBF5668F41E146E6E3DA9AE57DC1974B3195F676389763488E9D32D |
SSDEEP: | 3:N1KZK5LGWWkHn:C05QkHn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3928 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2596 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3928 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3928 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3928 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2596 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JXSODIPY\index[1].htm | — | |
MD5:— | SHA256:— | |||
2596 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\93BD9T09\login[1].php | — | |
MD5:— | SHA256:— | |||
2596 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:2330F8A93E467289AEC89A5A6C63DDD6 | SHA256:72CAF2FACAE8F71D546382FD4A3B09157C8F84B7B0210F0E184DFF2181D5873D | |||
2596 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\93BD9T09\login[1].htm | html | |
MD5:B03ADBB5DA8B9EE15F55203DE4B3E71D | SHA256:DAECACA6FB71B551E157164A6D6A22E521C268E2F7830DDFB955746231092E4B | |||
3928 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019042520190426\index.dat | dat | |
MD5:34DAAEA39B3296D3355ABE69C130267B | SHA256:CC4E39E68470CD4DD5A6FDD1669519D6AD7A72E8CEC97BE4CBF0BF3EA92BAA70 | |||
2596 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019042520190426\index.dat | dat | |
MD5:02D0B24240EDE105527A468357720FBB | SHA256:E98A71AE6CD5687CF762AFF8CF2E931678AC992CFE833726A928D4A8B5C43038 | |||
2596 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:FA3BEC6AD44C2FF2AA78FF9CA5800CA6 | SHA256:9181A3132BBBB20C8FFE67282CA3B1416C76B4D403F274E2754FFD041FEFCA5F | |||
2596 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OFP6RXXF\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2596 | iexplore.exe | GET | 200 | 197.157.216.75:80 | http://gohaiendo.com/ppk/index.php | NG | — | — | malicious |
2596 | iexplore.exe | GET | — | 197.157.216.75:80 | http://gohaiendo.com/ppk/images/bg_1.png | NG | — | — | malicious |
3928 | iexplore.exe | GET | 404 | 197.157.216.75:80 | http://gohaiendo.com/favicon.ico | NG | html | 288 b | malicious |
2596 | iexplore.exe | GET | 200 | 197.157.216.75:80 | http://gohaiendo.com/ppk/login.php | NG | html | 663 b | malicious |
3928 | iexplore.exe | GET | 404 | 197.157.216.75:80 | http://gohaiendo.com/favicon.ico | NG | html | 288 b | malicious |
2596 | iexplore.exe | GET | 200 | 197.157.216.75:80 | http://gohaiendo.com/ppk/images/l1.png | NG | image | 15.8 Kb | malicious |
2596 | iexplore.exe | GET | 200 | 197.157.216.75:80 | http://gohaiendo.com/ppk/f.st/style.css | NG | text | 273 b | malicious |
3928 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
2596 | iexplore.exe | GET | 200 | 197.157.216.75:80 | http://gohaiendo.com/ppk/images/l0.png | NG | image | 15.3 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3928 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2596 | iexplore.exe | 197.157.216.75:80 | gohaiendo.com | KKON-ABUJA | NG | malicious |
3928 | iexplore.exe | 197.157.216.75:80 | gohaiendo.com | KKON-ABUJA | NG | malicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
gohaiendo.com |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
2596 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions |