download: | index.html |
Full analysis: | https://app.any.run/tasks/8aa541e9-7a0f-4570-9d43-53d22bb81726 |
Verdict: | Malicious activity |
Threats: | Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email. |
Analysis date: | October 20, 2020, 06:50:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | D3BAFC03BF6529D04E7F9AC0DD3AED49 |
SHA1: | 83DF1527B8EF69CC0EE9D1A4F4F9CEFA2FBCC68D |
SHA256: | E27E5FD4EBD54568F636C69891546DCC59A3F4136FDFCCACA3009533389B682B |
SSDEEP: | 1536:kdgOiAEFgfRMIEIIUIwISXj9xWn0K6DmQWNwO8ZGqJtlBDwhard:AHHZVrd |
.htm/html | | | HyperText Markup Language with DOCTYPE (80.6) |
---|---|---|
.html | | | HyperText Markup Language (19.3) |
themeColor: | #11BB88 |
---|---|
appleItunesApp: | app-id=483524731 |
msapplicationWide310x150logo: | //s.rbk.ru/v10_rbcnews_static/common/common-10.4.19/images/mstile-310x150.png |
msapplicationSquare310x310logo: | //s.rbk.ru/v10_rbcnews_static/common/common-10.4.19/images/mstile-310x310.png |
msapplicationSquare150x150logo: | //s.rbk.ru/v10_rbcnews_static/common/common-10.4.19/images/mstile-150x150.png |
msapplicationSquare70x70logo: | //s.rbk.ru/v10_rbcnews_static/common/common-10.4.19/images/mstile-70x70.png |
msapplicationTileImage: | //s.rbk.ru/v10_rbcnews_static/common/common-10.4.19/images/mstile-144x144.png |
msapplicationTileColor: | #ffffff |
twitterCard: | summary |
ReplyTo: | [email protected] |
Keywords: | новости, доллар, политика, курс, акции, облигации, нефть, рубль, евро, финансы, экономика, банк, кредит, вексель, информация, фондовый, инвестиционный, рынок, недвижимость, валюта, эмитент, комментарии, аналитика, продаж/продажа, цена, компания, товары, исследование, прогноз, индекс, рейтинг, биржа, семинар, фондовый, ПИФ, доходность, IPO, паевой |
twitterImage: | РБК – новости в реальном времени |
twitterDescription: | Главные новости политики, экономики и бизнеса, комментарии аналитиков, финансовые данные с российских и мировых биржевых систем на сайте rbc.ru. |
twitterTitle: | РБК – новости в реальном времени |
twitterCreator: | @ru_rbc |
twitterSite: | @ru_rbc |
Copyright: | «РосБизнесКонсалтинг» |
Description: | Последние новости России и мира на РБК. «РосБизнесКонсалтинг» — ведущая российская компания, работающая в сферах масс-медиа и информационных технологий. Самые свежие новости, главные темы дня в политике, экономике, бизнесе и жизни. |
Title: | Новости дня в России и мире — РБК |
csrfParam: | csrf_token |
csrfToken: | 97bc592b27a9ada2d9a4bb418ed0ebed |
formatDetection: | address=no |
HandheldFriendly: | |
viewport: | width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0 |
CacheControl: | no-cache |
HTTPEquivXUACompatible: | IE=edge,chrome=1 |
ContentType: | text/html; charset=utf-8 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
964 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2460 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:964 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2396 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
3272 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f75a9d0,0x6f75a9e0,0x6f75a9ec | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
2172 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1940 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
2968 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=952,16547744353758978579,976638741725569956,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=18411893422290071314 --mojo-platform-channel-handle=1016 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100 | ||||
2248 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=952,16547744353758978579,976638741725569956,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=7954858671046769657 --mojo-platform-channel-handle=1632 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
1168 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=952,16547744353758978579,976638741725569956,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11884394910118704899 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
2796 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=952,16547744353758978579,976638741725569956,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11107867235772591062 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100 | ||||
1788 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=952,16547744353758978579,976638741725569956,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4583677687680254058 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
964 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFC71DA450A6113E34.TMP | — | |
MD5:— | SHA256:— | |||
964 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF34D7377D98013E16.TMP | — | |
MD5:— | SHA256:— | |||
964 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF1DFDA1C6303E4478.TMP | — | |
MD5:— | SHA256:— | |||
964 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFA2100FA3A0B26965.TMP | — | |
MD5:— | SHA256:— | |||
964 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{98A62629-12A0-11EB-B41E-12A9866C77DE}.dat | — | |
MD5:— | SHA256:— | |||
964 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFCB6AEBB62B9B27EA.TMP | — | |
MD5:— | SHA256:— | |||
2396 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F8E88E1-95C.pma | — | |
MD5:— | SHA256:— | |||
2396 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\819f70a2-328a-4ae2-bac4-44957f8a4884.tmp | — | |
MD5:— | SHA256:— | |||
2396 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2248 | chrome.exe | GET | 301 | 92.53.118.140:80 | http://stk-pegas.ru/js/lightbox.min.js/JIM | RU | html | 251 b | malicious |
2248 | chrome.exe | GET | 200 | 92.53.118.140:80 | http://stk-pegas.ru/img/x.png | RU | image | 1.66 Kb | malicious |
2248 | chrome.exe | GET | 200 | 92.53.118.140:80 | http://stk-pegas.ru/ | RU | html | 5.41 Kb | malicious |
2248 | chrome.exe | GET | 404 | 92.53.118.140:80 | http://stk-pegas.ru/js/lightbox.min.js/JIM/ | RU | html | 559 b | malicious |
2248 | chrome.exe | GET | 200 | 92.53.118.140:80 | http://stk-pegas.ru/css/swiper.css?132 | RU | text | 3.21 Kb | malicious |
964 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
2248 | chrome.exe | GET | 200 | 92.53.118.140:80 | http://stk-pegas.ru/js/jquery-3.1.1.min.js | RU | text | 29.3 Kb | malicious |
2248 | chrome.exe | GET | 200 | 92.53.118.140:80 | http://stk-pegas.ru/img/phone.png | RU | image | 1.16 Kb | malicious |
2248 | chrome.exe | GET | 200 | 92.53.118.140:80 | http://stk-pegas.ru/favicon.ico | RU | image | 96 b | malicious |
2248 | chrome.exe | GET | 200 | 92.53.118.140:80 | http://stk-pegas.ru/css/lightbox.css | RU | text | 1.00 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
964 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2248 | chrome.exe | 172.217.21.195:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
4 | System | 185.72.229.2:445 | s.rbk.ru | Rosbusinessconsulting Cjsc | RU | unknown |
2248 | chrome.exe | 172.217.21.237:443 | accounts.google.com | Google Inc. | US | whitelisted |
2248 | chrome.exe | 172.217.21.196:443 | www.google.com | Google Inc. | US | whitelisted |
— | — | 185.72.229.2:137 | s.rbk.ru | Rosbusinessconsulting Cjsc | RU | unknown |
4 | System | 80.68.253.2:445 | s.rbk.ru | Rosbusinessconsulting Cjsc | RU | unknown |
2248 | chrome.exe | 142.250.74.202:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2248 | chrome.exe | 172.217.22.46:443 | clients2.google.com | Google Inc. | US | whitelisted |
2248 | chrome.exe | 172.217.16.195:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
s.rbk.ru |
| whitelisted |
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
www.google.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |