URL: | http://wwrcgjhzlrr.gq |
Full analysis: | https://app.any.run/tasks/675b853d-e1b6-40fb-8b31-1174a0f0f8da |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 19:40:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 7C606D8F1BBA2956AC9B93CE42C69097 |
SHA1: | E700CDDFA3DA8230C7F1A1C17615482101EBCEDD |
SHA256: | DD3BB0C57513F993DAD96518D8E1E2A9C0AF0EA3798A6CA237F160F39989D67D |
SSDEEP: | 3:N1KJSFjWU:CcBWU |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2848 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3140 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2848 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2848 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2848 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\wwrcgjhzlrr_gq[1].txt | — | |
MD5:— | SHA256:— | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\http_404[1] | html | |
MD5:4CD84A1B063BF6DEA53E06755EF9E24D | SHA256:988CC4B451673F847D823C9D9BA14AD50D3CA1141BC1E17C6415B8F64B6E1C22 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@wwrcgjhzlrr[1].txt | text | |
MD5:8DB2E4C815D2487351639BC2331218CF | SHA256:4D3512B27B7F12D1D387AAFDB8AB2CF24DCC6F8910F4CF9E4230B3C7E75CA22A | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\addthis_widget[1].js | text | |
MD5:2DCDC09915E27096AAC1811C236E328B | SHA256:AE3EA387B378C0292D88B248F89469115159836AA628D33862E409F2CC7BA67A | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\http_404[2] | html | |
MD5:4CD84A1B063BF6DEA53E06755EF9E24D | SHA256:988CC4B451673F847D823C9D9BA14AD50D3CA1141BC1E17C6415B8F64B6E1C22 | |||
2848 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315\index.dat | dat | |
MD5:2E8F2BA8C71B7CA644A8F44388230065 | SHA256:6864212460B6E0DE1856BEBAF597C93E091B99B6C32E377F47F135931FD4886E | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@freebooks[1].txt | text | |
MD5:4091BB2A4BB6BB6C5727B7E606FBAEFC | SHA256:08ACE8C2BCC4F3BDB452C78D71FB16CC8404C276171EC813DA4BD56236E2C701 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\wwrcgjhzlrr_gq[1].htm | html | |
MD5:ED647240671DB5AA0E37C8B15FBFF25F | SHA256:9B2F064CCC276A1A969757037847208044416E54EB09245DFAE8BB9900A6BF22 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3140 | iexplore.exe | GET | 301 | 104.24.122.127:80 | http://freebooks.me/get-file.pdf?q=2003_isuzu_rodeo_radio_wiring_diagram | US | — | — | shared |
3140 | iexplore.exe | GET | 301 | 104.24.122.127:80 | http://freebooks.me/get-file.pdf?q=2003_isuzu_rodeo_wiring | US | — | — | shared |
3140 | iexplore.exe | GET | 200 | 23.210.248.44:80 | http://s7.addthis.com/js/300/addthis_widget.js | NL | text | 109 Kb | whitelisted |
3140 | iexplore.exe | GET | 200 | 104.28.6.147:80 | http://wwrcgjhzlrr.gq/ | US | html | 1.60 Kb | suspicious |
3140 | iexplore.exe | GET | 404 | 104.24.123.127:80 | http://www.freebooks.me/get-file.pdf?q=2003_isuzu_rodeo_radio_wiring_diagram | US | html | 221 b | shared |
3140 | iexplore.exe | GET | 302 | 104.28.6.147:80 | http://wwrcgjhzlrr.gq/6938d2/2003_isuzu_rodeo_radio_wiring_diagram.pdf | US | compressed | 187 b | suspicious |
3140 | iexplore.exe | GET | 301 | 104.24.122.127:80 | http://freebooks.me/get-file.pdf?q=2003_hyundai_santa_fe_fuse_box_diagram | US | — | — | shared |
3140 | iexplore.exe | GET | 301 | 104.24.122.127:80 | http://freebooks.me/get-file.pdf?q=2003_interior_fuse_box | US | — | — | shared |
3140 | iexplore.exe | GET | 302 | 104.28.6.147:80 | http://wwrcgjhzlrr.gq/bd24e1/2003_isuzu_rodeo_wiring.pdf | US | compressed | 187 b | suspicious |
3140 | iexplore.exe | GET | 404 | 104.24.123.127:80 | http://www.freebooks.me/get-file.pdf?q=2003_interior_fuse_box | US | html | 221 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2848 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3140 | iexplore.exe | 23.210.248.44:80 | s7.addthis.com | Akamai International B.V. | NL | whitelisted |
3140 | iexplore.exe | 209.197.3.15:443 | maxcdn.bootstrapcdn.com | Highwinds Network Group, Inc. | US | whitelisted |
2848 | iexplore.exe | 104.28.6.147:80 | wwrcgjhzlrr.gq | Cloudflare Inc | US | shared |
3140 | iexplore.exe | 104.24.123.127:80 | freebooks.me | Cloudflare Inc | US | shared |
3140 | iexplore.exe | 104.24.122.127:80 | freebooks.me | Cloudflare Inc | US | shared |
2848 | iexplore.exe | 104.28.7.147:80 | wwrcgjhzlrr.gq | Cloudflare Inc | US | shared |
3140 | iexplore.exe | 104.28.6.147:80 | wwrcgjhzlrr.gq | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
wwrcgjhzlrr.gq |
| suspicious |
s7.addthis.com |
| whitelisted |
maxcdn.bootstrapcdn.com |
| whitelisted |
freebooks.me |
| unknown |
www.freebooks.me |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO DNS Query for Suspicious .gq Domain |