URL: | http://track.amishbrand.com |
Full analysis: | https://app.any.run/tasks/8027c003-6a89-45e0-a07c-0cfa9e78955f |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 17:19:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 2BB932057D997C53F146DD8B15F39CB4 |
SHA1: | D61CDC4DBA8810FDC34FD7C34659FD7684E6A321 |
SHA256: | DBDD572A116BEAE7FFBA96B644E69244E595FD4B46D359F46E151168A725E313 |
SSDEEP: | 3:N1KKXEGaXZT:CKXvET |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3368 | "C:\Program Files\Internet Explorer\iexplore.exe" http://track.amishbrand.com | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3988 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3368 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3192 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\s_code[1].js" | C:\Windows\System32\WScript.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3988 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\track_amishbrand_com[1].htm | — | |
MD5:— | SHA256:— | |||
3368 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3368 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3368 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315\index.dat | dat | |
MD5:426AA4A8C2869AA999542D04E5476B8D | SHA256:66D6F0F5049B86D2CCDDC02EC0B0386E57A98E844DD760342CD71681C6A3114A | |||
3368 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:C805264D42780260F0FF8051AD9D8F58 | SHA256:55D5E5F9A7F4EE418C46769768C3791677B82AD341D2E284F88BCB140A4F0B9E | |||
3988 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315\index.dat | dat | |
MD5:6C0D6FF6403749BC7B98C2E002B0E839 | SHA256:50C447193F5D1ECE99BF8E2886E64729F2BB7178B657AE7B91F20CA12C98380C | |||
3368 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\s_code[1].js:Zone.Identifier | text | |
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B | SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 | |||
3368 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3988 | iexplore.exe | GET | 200 | 81.4.122.193:80 | http://track.amishbrand.com/ | NL | — | — | malicious |
3368 | iexplore.exe | GET | 200 | 81.4.122.193:80 | http://track.amishbrand.com/favicon.ico | NL | — | — | malicious |
3988 | iexplore.exe | GET | 200 | 81.4.122.193:80 | http://track.amishbrand.com/s_code.js | NL | — | — | malicious |
3988 | iexplore.exe | GET | 200 | 81.4.122.193:80 | http://track.amishbrand.com/s_code.js | NL | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3368 | iexplore.exe | 81.4.122.193:80 | track.amishbrand.com | RouteLabel V.O.F. | NL | malicious |
3368 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3988 | iexplore.exe | 81.4.122.193:80 | track.amishbrand.com | RouteLabel V.O.F. | NL | malicious |
Domain | IP | Reputation |
---|---|---|
track.amishbrand.com |
| unknown |
www.bing.com |
| whitelisted |