URL: | http://www.mediafire.com/file/582c2vsehr43xjx/7Clicker.rar/file |
Full analysis: | https://app.any.run/tasks/f8dcbc80-6073-48af-b763-20908cc8c927 |
Verdict: | Malicious activity |
Analysis date: | January 23, 2019, 00:03:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 1F7CD5FB76BE070C20B2E068D202AE5A |
SHA1: | AECFD48A001DE1529DEEF3F18AA033F912216FE3 |
SHA256: | DA5C36423F5728D205D0FA3B7E9128C2BFA4B8FAEE40616049CBB4FEC6F092F8 |
SSDEEP: | 3:N1KJS4w3eGUoQV2WKS+CZAzKA:Cc4w3eGe2lw3A |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2948 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3228 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2948 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2192 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Exit code: 0 Version: 26,0,0,131 | ||||
3064 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | explorer.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Exit code: 1 Version: 15.23.20070.215641 | ||||
3888 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | AcroRd32.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Exit code: 1 Version: 15.23.20070.215641 | ||||
3932 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16448250 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | AcroRd32.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe RdrCEF Exit code: 3221225547 Version: 15.23.20053.211670 | ||||
2732 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3932.0.2066875217\1448460402" --allow-no-sandbox-job /prefetch:673131151 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 0 Version: 15.23.20053.211670 | ||||
2572 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | explorer.exe | |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 61.0.2 | ||||
3596 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | — | explorer.exe |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 1 Version: 61.0.2 | ||||
2852 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | — | explorer.exe |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 1 Version: 61.0.2 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3228 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediafire[1].txt | — | |
MD5:— | SHA256:— | |||
3228 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ie.css_120998[1].php | — | |
MD5:— | SHA256:— | |||
3228 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\master_120998[1].js | text | |
MD5:FBDC81976065185955362FC1F55553F1 | SHA256:3536F143BA89A1E54A481E8809C1E709DCCE55DAA67A5721E4CFB7442C7F6DDD | |||
3228 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\css[1].txt | text | |
MD5:4C7DAD4090D0A72B34CC1BCD13885C73 | SHA256:4CD4BD4AF907718DD6B740F3A4710FA82BD3EA724274EEFDE8D3DDB54DAB894F | |||
3228 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\mfv3_120998[1].php | text | |
MD5:5E62F3E10379368A22427862DC34E5E1 | SHA256:25B69E90E278E3707D6AF6EE1EDB201F1DA57DF7CED5DFF105C95CD43C406EBF | |||
3228 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediafire[2].txt | text | |
MD5:4E380A5245A89BD7BC2A9C996174DEBC | SHA256:5FF66C4BE8C89EECE63277D215EE3285D0A4FE6165146067491478DD227144A7 | |||
3228 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\api[1].js | text | |
MD5:5EEEC816ED17C9A3723C74EE926BF063 | SHA256:B6B33FCFAD08B72F95371C2FA72640715F2D5B9C0F8D7EC2A86C10D5DEB608C9 | |||
3228 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\mem8YaGs126MiZpBA-UFVZ0f[1].eot | eot | |
MD5:9DCE7F01715340861BDB57318E2F3FDC | SHA256:EE6885417A5772A42BE3280CF34581001CAFD5548D12B66B5466E53F05DABF96 | |||
3228 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ie.css_120998[1].php | text | |
MD5:C62A41328879F16C69A2CB9B0E08FD96 | SHA256:2AB1C7856C7370B9D71C68118559C7C6D769A438D8659592B882278B22C73DEE | |||
3228 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:D1884DF6997F70FC7EAAA319A385E4C2 | SHA256:EBEDF26264A27B9C068B9BAB169539480480A2B725CB01D33D4E3144CDC707E4 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3228 | iexplore.exe | GET | 302 | 104.19.194.29:80 | http://www.mediafire.com/file/582c2vsehr43xjx/7Clicker.rar/file | US | — | — | shared |
3228 | iexplore.exe | GET | 200 | 104.19.195.29:80 | http://static.mediafire.com/css/ie.css_120998.php?ver=nonssl | US | text | 2.71 Kb | shared |
3228 | iexplore.exe | GET | 200 | 104.19.195.29:80 | http://static.mediafire.com/css/ie.css_120998.php?ver=nonssl | US | text | 2.71 Kb | shared |
3228 | iexplore.exe | GET | 200 | 104.19.195.29:80 | http://static.mediafire.com/js/master_120998.js | US | text | 152 Kb | shared |
3228 | iexplore.exe | GET | 200 | 104.19.195.29:80 | http://static.mediafire.com/css/mfv3_120998.php?ver=nonssl | US | text | 61.9 Kb | shared |
3228 | iexplore.exe | GET | 200 | 104.19.195.29:80 | http://static.mediafire.com/images/icons/dropdown-arrow-left-white.png | US | image | 123 b | shared |
3228 | iexplore.exe | GET | 200 | 104.19.195.29:80 | http://static.mediafire.com/css/mfv3_120998.php?ver=nonssl | US | text | 61.9 Kb | shared |
3228 | iexplore.exe | GET | 200 | 104.19.195.29:80 | http://static.mediafire.com/images/icons/mysteryman.png | US | image | 452 b | shared |
3228 | iexplore.exe | GET | 200 | 104.19.194.29:80 | http://www.mediafire.com/blank.html | US | html | 157 b | shared |
3228 | iexplore.exe | GET | 404 | 104.19.194.29:80 | http://www.mediafire.com/error.php?errno=323&quickkey=582c2vsehr43xjx&origin=download | US | html | 28.2 Kb | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3228 | iexplore.exe | 216.58.205.234:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3228 | iexplore.exe | 172.217.18.100:443 | www.google.com | Google Inc. | US | whitelisted |
3228 | iexplore.exe | 172.217.168.227:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
3228 | iexplore.exe | 104.19.195.29:80 | www.mediafire.com | Cloudflare Inc | US | shared |
3228 | iexplore.exe | 157.240.1.23:80 | connect.facebook.net | Facebook, Inc. | US | whitelisted |
2948 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3228 | iexplore.exe | 172.217.22.67:443 | www.gstatic.com | Google Inc. | US | whitelisted |
3228 | iexplore.exe | 104.19.194.29:80 | www.mediafire.com | Cloudflare Inc | US | shared |
3228 | iexplore.exe | 172.217.22.42:80 | ajax.googleapis.com | Google Inc. | US | whitelisted |
3228 | iexplore.exe | 172.217.21.200:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.mediafire.com |
| shared |
static.mediafire.com |
| shared |
fonts.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
www.google.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
connect.facebook.net |
| whitelisted |