URL: | http://americanfaintinggoat.com |
Full analysis: | https://app.any.run/tasks/fa5d96d7-ad25-49a1-9040-1cc2f02b9702 |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 20:48:55 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 11E2305BA01316A8CB7CF5C03F9EA783 |
SHA1: | 322CA4AB9325A58D83FB4530E39D0BE44B665AB8 |
SHA256: | D9C64E847443B44ED9C25390BADCC7D0D7A898EF90BCC4CBE147162B737FC6B7 |
SSDEEP: | 3:N1KfeE1KEtK:CmE1c |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2220 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://americanfaintinggoat.com" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3736 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2220 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3348 | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Integrity Level: MEDIUM Description: Adobe� Flash� Player Installer/Uninstaller 32.0 r0 Version: 32,0,0,453 Modules
|
(PID) Process: | (2220) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2220) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: 657328128 | |||
(PID) Process: | (2220) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30935432 | |||
(PID) Process: | (2220) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 957484378 | |||
(PID) Process: | (2220) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30935432 | |||
(PID) Process: | (2220) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2220) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2220) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2220) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2220) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2220 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\BIJXY3NY.txt | text | |
MD5:E37568EB53C9342FC2F2348B311B7634 | SHA256:16A6251EB6CE4E63A38010ABAD13839757CDFB25755DB1EE68B2A40ABE445F7E | |||
2220 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Q17IJ79K.txt | text | |
MD5:B4E7BF5378D06A6E393748E1F8118449 | SHA256:761F4FCABDCB021E74E7B7088EC59D1DB20FC05F34359D2C3A7D22438D24DB41 | |||
2220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:EB77812FFD0D9B790D8089AC46077496 | SHA256:DFD4AC98E6E140AC6169F4A6359E9299FD3B23C72132AF7F94200C2D47C2A42D | |||
2220 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\48HYY59N.txt | text | |
MD5:EA13A392ED279E00DB94720886EF8964 | SHA256:77963B281BBF300D46EA6FAEC7BE2EAD4D3EB3F5BE417C7139F431D24A727028 | |||
2220 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\SXCYEPOG.txt | text | |
MD5:2D88EBA2DCAFE1419B81889F4060DBE8 | SHA256:52422A61530DAC5E0C5702C9843057100317013372BDDDB235C3000B6135968F | |||
2220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:BD941A6E62FC38418BCDBC70F3ACC651 | SHA256:E6524BC063C3ADC43F0D7331B4780B2B3BE90EB6B729FDEF06A2F90179478609 | |||
2220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:D2E08AAB63A6EC254F28892E8294B594 | SHA256:9BCE40AA87BFD413A58353A44A7562C7DAA37C21CABDE8F95CB2209F47E516DD | |||
2220 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\UU2AESAY.txt | text | |
MD5:3293ABDC94B78E93CF460C21BC45EFCF | SHA256:1B753A0E0B240002F2A656CDE71DF6520099F7F69A4C80EE71D509F8A405FFD4 | |||
2220 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\H5PXG083.txt | text | |
MD5:A00AD47EF26DFB6D6BB6421B5D5846B1 | SHA256:30B273DC092BABC37AC61EE9AB358E4D5B9FC18CBA6A20739404CF50AB61F0E0 | |||
2220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:ACE427D9E2E5197DA2F600C887DCFCB1 | SHA256:9D985EC5E3675B2C7DED4535F7DE2CBE39934D67046E25C3D0466220FAFE9651 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3736 | iexplore.exe | GET | 200 | 74.208.236.126:80 | http://www.americanfaintinggoat.com/wp-content/themes/afgo5/style.css | US | text | 34.6 Kb | malicious |
3736 | iexplore.exe | GET | 301 | 74.208.236.126:80 | http://americanfaintinggoat.com/ | US | — | — | malicious |
3736 | iexplore.exe | GET | 301 | 104.26.7.200:80 | http://www.animatedimages.org/data/media/234/animated-goat-image-0021.gif | US | — | — | suspicious |
3736 | iexplore.exe | GET | 200 | 74.208.236.126:80 | http://www.americanfaintinggoat.com/ | US | html | 10.8 Kb | malicious |
3736 | iexplore.exe | GET | 301 | 104.26.7.200:80 | http://www.animatedimages.org/data/media/640/animated-symbol-image-0029.gif | US | — | — | suspicious |
2220 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2220 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D | US | der | 471 b | whitelisted |
2220 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.68 Kb | whitelisted |
3736 | iexplore.exe | GET | 200 | 74.208.236.126:80 | http://www.americanfaintinggoat.com/wp-content/plugins/zbplayer/css/zbPlayer.css?ver=4.9.3 | US | text | 112 b | malicious |
3736 | iexplore.exe | GET | 200 | 74.208.236.126:80 | http://www.americanfaintinggoat.com/wp-content/plugins/font/css/start/jquery-ui-1.8.14.custom.css?ver=4.9.3 | US | text | 34.1 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2220 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3736 | iexplore.exe | 74.208.236.126:80 | americanfaintinggoat.com | 1&1 Internet SE | US | malicious |
— | — | 74.208.236.126:80 | americanfaintinggoat.com | 1&1 Internet SE | US | malicious |
2220 | iexplore.exe | 2.16.106.186:80 | ctldl.windowsupdate.com | Akamai International B.V. | — | whitelisted |
2220 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2220 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2220 | iexplore.exe | 204.79.197.203:443 | www.msn.com | Microsoft Corporation | US | whitelisted |
2220 | iexplore.exe | 13.92.246.37:443 | query.prod.cms.msn.com | Microsoft Corporation | US | whitelisted |
3736 | iexplore.exe | 92.122.255.51:443 | geo2.adobe.com | GTT Communications Inc. | — | suspicious |
Domain | IP | Reputation |
---|---|---|
americanfaintinggoat.com |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.americanfaintinggoat.com |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
ieonline.microsoft.com |
| whitelisted |