URL: | http://www.360hao.com/ |
Full analysis: | https://app.any.run/tasks/075a8d47-da1a-44c6-8023-686a4e123340 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 20:59:28 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | D56052C206381C8A1275A03EA4785978 |
SHA1: | 5A1DEE6F03988DE954083923ED66F29B46898236 |
SHA256: | DBFD4A374D57AC76CFA93A78562D7F5C97E018B02A880EF2D6BD189B0CB799E5 |
SSDEEP: | 3:N1KJS4METTK:Cc4FfK |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3420 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.360hao.com/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3960 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3420 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2540 | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 32.0 r0 Version: 32,0,0,453 Modules
|
(PID) Process: | (3420) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (3420) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (3420) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30977678 | |||
(PID) Process: | (3420) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (3420) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30977678 | |||
(PID) Process: | (3420) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3420) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3420) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3420) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (3420) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3960 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\common_n6[1].js | text | |
MD5:7C14D53F3F962E55F58772362AE85EA4 | SHA256:9E225102496B53214B01B2485A0AC9EA1EE25068778EDD66E84F09D8D1C02527 | |||
3960 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\bd_1b[1].gif | image | |
MD5:2214393AE2BEDD2A015EF305725FDB86 | SHA256:67BDA1AB83D6E254E294A459AE00AD31EF127EF983CC4772B5D839BC23B80234 | |||
3960 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\funb2_n20110503[1].js | text | |
MD5:AA3FB8108DAFF27EE31FB76AF23FC016 | SHA256:430DBBA4F30BD7362577E96D94964EE0B66C805B50D2E40B75F2674847C30BE4 | |||
3960 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\D3MB195X.htm | html | |
MD5:F33F0EF2BF7A326DC2690BBBC053DA3A | SHA256:B24E4B3A5CFF107312AD7B50D1673E99AA44D90088B33B4E5F541FE2DBCD7596 | |||
3960 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D | der | |
MD5:828E05B64E177D6CC3BF2A76D8F01B0C | SHA256:268525D09E569FE05F3873E7A063FF2A76EEB4F5501AB323E96E0BB15BC86FEF | |||
3960 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:0347E3FC987707F530B18D84A0DE1C0A | SHA256:83499A768459F6EF3FB153EF75373A517FF554B5F7E0C47651FEEE88B5804164 | |||
3960 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\wea_n1[1].css | text | |
MD5:A52A30D5DD5E714A63EEFD6445AF2CB4 | SHA256:AC5D8FB9EDA95B9825A1372E1262B42D5A6E1CFC4D7C78F8427573DE98F1976A | |||
3960 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\vancl_420X60[1].jpg | image | |
MD5:A4EA1AE4A251974D7E226817B3F721C5 | SHA256:65C50145C63B489D6472695C70070523F3FF52E0BF3560A2A34FEBAF0BAE2C19 | |||
3960 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\funb_n20110503[1].js | html | |
MD5:E2B056617B6E16B5830B29532D28AFE2 | SHA256:1A0A18C165984CFA38786D64C950969D896C977F96A226AE47513AA5CC8B8DEC | |||
3960 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\gg_1b[1].gif | image | |
MD5:31CD918AC45B9EDA687D158C1FDE7B2B | SHA256:BDE2E804917870AA53F5F22C96D2975346A778473832B9A316A5D9DCFCA78B4E |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3960 | iexplore.exe | GET | 200 | 45.79.81.198:80 | http://www.360hao.com/css/wea_n1.css | US | text | 861 b | unknown |
3960 | iexplore.exe | GET | 200 | 45.79.81.198:80 | http://www.360hao.com/ | US | html | 12.8 Kb | unknown |
3960 | iexplore.exe | GET | 200 | 45.79.81.198:80 | http://www.360hao.com/css/common_n6.js | US | text | 2.56 Kb | unknown |
3960 | iexplore.exe | GET | 200 | 45.79.81.198:80 | http://www.360hao.com/css/index_n20110503.css | US | text | 3.85 Kb | unknown |
3960 | iexplore.exe | GET | 200 | 45.79.81.198:80 | http://www.360hao.com/i/search/gg_1b.gif | US | image | 1.65 Kb | unknown |
3960 | iexplore.exe | GET | 200 | 45.79.81.198:80 | http://www.360hao.com/images/home_new.gif | US | image | 585 b | unknown |
3960 | iexplore.exe | GET | 200 | 45.79.81.198:80 | http://www.360hao.com/css/n10sd_2.css | US | text | 532 b | unknown |
3960 | iexplore.exe | GET | 200 | 45.79.81.198:80 | http://www.360hao.com/css/funb_n20110503.js | US | html | 7.78 Kb | unknown |
3960 | iexplore.exe | GET | 200 | 45.79.81.198:80 | http://www.360hao.com/css/funb2_n20110503.js | US | text | 4.58 Kb | unknown |
3960 | iexplore.exe | GET | 200 | 45.79.81.198:80 | http://www.360hao.com/ad/vancl_420X60.jpg | US | image | 9.91 Kb | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3960 | iexplore.exe | 120.52.95.234:443 | i.tianqi.com | China Unicom IP network | CN | suspicious |
3420 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3420 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3960 | iexplore.exe | 45.79.81.198:80 | www.360hao.com | Linode, LLC | US | unknown |
3420 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3960 | iexplore.exe | 142.250.185.206:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
3960 | iexplore.exe | 142.250.185.131:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3960 | iexplore.exe | 220.185.164.250:443 | s5.cnzz.com | No.31,Jin-rong Street | CN | suspicious |
3960 | iexplore.exe | 111.206.105.194:443 | plugin.tianqistatic.com | China Unicom Beijing Province Network | CN | unknown |
Domain | IP | Reputation |
---|---|---|
www.360hao.com |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
i.tianqi.com |
| malicious |
www.google-analytics.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
plugin.tianqistatic.com |
| malicious |
s5.cnzz.com |
| whitelisted |