URL: | https://secure.sharefile.com/Authentication/Login#ForgotPassword |
Full analysis: | https://app.any.run/tasks/f79dd953-d6a6-45ad-a790-836fd0111ac0 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2018, 06:09:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 998297C33487AB45A4C38B84EC3B871A |
SHA1: | 1804929EB9FBF9F5D41D49B256DE7B9D06A6EC8C |
SHA256: | DB2FB1ADCFD78967FC2067C136FF322A707F244648CC8464511200EB8F684E96 |
SSDEEP: | 3:N8N3uKEL4kadfJROFn:2ZuKEL4xfI |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2920 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3192 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1488 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:203009 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2632 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 | ||||
2604 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:203010 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2200 | "C:\Users\admin\Downloads\Firefox Installer.exe" | C:\Users\admin\Downloads\Firefox Installer.exe | iexplore.exe | |
User: admin Company: Mozilla Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 18.05 | ||||
3492 | .\setup-stub.exe | C:\Users\admin\AppData\Local\Temp\7zS89828B1A\setup-stub.exe | Firefox Installer.exe | |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Installer Exit code: 0 Version: 63.0.3 | ||||
2708 | "C:\Users\admin\AppData\Local\Temp\7zS89828B1A\setup-stub.exe" /UAC:40290 /NCRC | C:\Users\admin\AppData\Local\Temp\7zS89828B1A\setup-stub.exe | setup-stub.exe | |
User: admin Company: Mozilla Corporation Integrity Level: HIGH Description: Firefox Installer Exit code: 0 Version: 63.0.3 | ||||
284 | "C:\Users\admin\AppData\Local\Temp\nsc4289.tmp\download.exe" /INI=C:\Users\admin\AppData\Local\Temp\nsc4289.tmp\config.ini | C:\Users\admin\AppData\Local\Temp\nsc4289.tmp\download.exe | setup-stub.exe | |
User: admin Company: Mozilla Integrity Level: HIGH Description: Firefox Exit code: 0 Version: 18.05 | ||||
1132 | .\setup.exe /INI=C:\Users\admin\AppData\Local\Temp\nsc4289.tmp\config.ini | C:\Users\admin\AppData\Local\Temp\7zSC118D65A\setup.exe | download.exe | |
User: admin Company: Mozilla Corporation Integrity Level: HIGH Description: Firefox Installer Exit code: 0 Version: 63.0.3 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2920 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2920 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2920 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
1488 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\internet-explorer-downloads[1].txt | — | |
MD5:— | SHA256:— | |||
1488 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\meversion[1] | text | |
MD5:FC1C50416F559DA7F80776BDEED6E509 | SHA256:65DC5EF8A9EEEE3D9F0F8FBB8C478003F290E53F41EEB82A2609BE436D7712CF | |||
1488 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\internet-explorer-downloads[1].htm | html | |
MD5:C023EA3E5452242DEFD7F4B5FC660C1F | SHA256:5C6B5A180309DEE8F95DD471A018CD87458C0723203530C25EDAD5DA6A564880 | |||
1488 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\override[1].css | text | |
MD5:D83CD3BAD39DC39B8C22B2CAD04B8C6D | SHA256:3D8A9440C1CC7C677F56EC1869AC1CD7C36851DFB9430B7D554137BDB5A75387 | |||
1488 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\bf-d3d307[1] | text | |
MD5:56FEACE18A53472B3247DDB03A12400B | SHA256:F2E4E654F9A7134A8FD37557F4F296DD388FD42624E3500134E954D11535A011 | |||
1488 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\mwfmdl2-v2.94[1].eot | eot | |
MD5:B2BD64330A829779033E32FD5BF53FBE | SHA256:A17C0EFAA8550B6379EC5076C2ADDCA45EA9DEC7512A245AA51DC13D5EA9CE12 | |||
1488 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\a6-1fffa6[1].txt | text | |
MD5:FF5AC2BAF36E92AAC6E0AE1A40E6240F | SHA256:411FE789C7804027093C2A4D44B0744003FABC7FB71823E3EBB20779CC869D6E |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2708 | setup-stub.exe | GET | 200 | 52.10.26.75:80 | http://download-stats.mozilla.org/stub/v8/release/release/en-US/0/0/6/1/7601/1/0/0/2/0/42449032/42449032/0/0/4/4/0/0/22/1/0/0/1/61.0.2/20180807170231/63.0.3/20181114214635/1/1/0/3/52.222.152.199/0/0/0 | US | — | — | whitelisted |
3776 | firefox.exe | POST | 200 | 216.58.215.238:80 | http://ocsp.pki.goog/GTSGIAG3 | US | der | 463 b | whitelisted |
3776 | firefox.exe | POST | 200 | 188.121.36.239:80 | http://ocsp.godaddy.com/ | NL | der | 1.74 Kb | whitelisted |
2920 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3776 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3776 | firefox.exe | POST | 200 | 216.58.215.238:80 | http://ocsp.pki.goog/GTSGIAG3 | US | der | 463 b | whitelisted |
3776 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3776 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3776 | firefox.exe | POST | 200 | 188.121.36.239:80 | http://ocsp.godaddy.com/ | NL | der | 1.74 Kb | whitelisted |
3776 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1488 | iexplore.exe | 2.21.36.173:443 | support.microsoft.com | GTT Communications Inc. | FR | malicious |
2920 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1488 | iexplore.exe | 23.37.60.23:443 | windows.microsoft.com | Akamai Technologies, Inc. | NL | whitelisted |
1488 | iexplore.exe | 104.109.67.247:443 | mem.gfx.ms | Akamai International B.V. | NL | whitelisted |
2920 | iexplore.exe | 52.22.72.157:443 | secure.sharefile.com | Amazon.com, Inc. | US | unknown |
1488 | iexplore.exe | 2.16.186.26:443 | statics-uhf-neu.akamaized.net | Akamai International B.V. | — | whitelisted |
3192 | iexplore.exe | 52.22.72.157:443 | secure.sharefile.com | Amazon.com, Inc. | US | unknown |
1488 | iexplore.exe | 2.21.41.70:443 | www.microsoft.com | GTT Communications Inc. | FR | malicious |
2920 | iexplore.exe | 2.21.41.70:443 | www.microsoft.com | GTT Communications Inc. | FR | malicious |
1488 | iexplore.exe | 2.16.186.40:443 | img-prod-cms-rt-microsoft-com.akamaized.net | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
secure.sharefile.com |
| whitelisted |
windows.microsoft.com |
| whitelisted |
support.microsoft.com |
| whitelisted |
statics-uhf-neu.akamaized.net |
| whitelisted |
mem.gfx.ms |
| whitelisted |
www.microsoft.com |
| whitelisted |
img-prod-cms-rt-microsoft-com.akamaized.net |
| whitelisted |
www.getfirefox.com |
| suspicious |
www.mozilla.org |
| whitelisted |