URL: | http://agilitrix.com/mwg-internal/de5fs23hu73ds/progress?id=1g2-HSamp8nQFZ6Cpof9a-XCY30IX80m89NPM8Nf1aM,&dl |
Full analysis: | https://app.any.run/tasks/af71af32-ef55-4b42-bb9d-d29dde20a328 |
Verdict: | Malicious activity |
Analysis date: | July 18, 2019, 11:39:25 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 93BBB2CF0A57F5B5E857DEDF99FFA97C |
SHA1: | 58A7930E4E687F5137F01E599FFCC5FC3875D08D |
SHA256: | EA06ECAEFE4CD8092502D059D690A7355F6C0252DB356EC1AD776BB453683ACA |
SSDEEP: | 3:N1KfxMRX6GTKIjs2QDWHWIdMB5UQ070ukcrUIEoJD/n:C5MRX6KKIBWWHJOBmQyIIEa/n |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3876 | "C:\Program Files\Opera\opera.exe" "http://agilitrix.com/mwg-internal/de5fs23hu73ds/progress?id=1g2-HSamp8nQFZ6Cpof9a-XCY30IX80m89NPM8Nf1aM,&dl" | C:\Program Files\Opera\opera.exe | explorer.exe | ||||||||||||
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Version: 1748 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3876 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprFBE5.tmp | — | |
MD5:— | SHA256:— | |||
3876 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprFBF5.tmp | — | |
MD5:— | SHA256:— | |||
3876 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprFC35.tmp | — | |
MD5:— | SHA256:— | |||
3876 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp | — | |
MD5:— | SHA256:— | |||
3876 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BT4UBNXJBYYC3TMIAHRP.temp | — | |
MD5:— | SHA256:— | |||
3876 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fagilitrix.com%2Fwp-content%2Fuploads%2F2018%2F04%2FAgilitrix-Favicon-150x150.png | — | |
MD5:— | SHA256:— | |||
3876 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini | text | |
MD5:5405D4C902FA29FA439A2B902CB42955 | SHA256:BE4A61FEE7FCCEAD9D6E3EF611232FE3AF5AAC7127C194591FE194C2EAAF02FB | |||
3876 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat | binary | |
MD5:A8FC7D69A8A93442F071D1291C434BDE | SHA256:4C892F2E69CF08113DB4E2DA8B6C885853BAB1A4927E44BEF39F708BA08B788E | |||
3876 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml | xml | |
MD5:4010FE33F2FA603A836668BF658B5475 | SHA256:2EFBE263A549116F765F25EF824824C4E7E07A628E94BF4358A8438B953A6D62 | |||
3876 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\cache\CACHEDIR.TAG | text | |
MD5:E717F92FA29AE97DBE4F6F5C04B7A3D9 | SHA256:5BBD5DCBF87FD8CD7544C522BADF22A2951CF010AD9F25C40F9726F09EA2B552 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3876 | opera.exe | GET | — | 104.197.149.35:80 | http://agilitrix.com/mwg-internal/de5fs23hu73ds/progress?id=1g2-HSamp8nQFZ6Cpof9a-XCY30IX80m89NPM8Nf1aM,&dl | US | — | — | unknown |
3876 | opera.exe | GET | — | 104.197.149.35:80 | http://agilitrix.com/wp-content/plugins/ap-custom-testimonial-pro/css/example.css?ver=5.1.1 | US | — | — | unknown |
3876 | opera.exe | GET | — | 104.197.149.35:80 | http://agilitrix.com/wp-includes/css/dist/block-library/style.min.css?ver=5.1.1 | US | — | — | unknown |
3876 | opera.exe | GET | — | 104.197.149.35:80 | http://agilitrix.com/wp-content/plugins/ap-custom-testimonial-pro/css/frontend.css?ver=1.2.7 | US | — | — | unknown |
3876 | opera.exe | GET | — | 104.197.149.35:80 | http://agilitrix.com/wp-includes/css/buttons.min.css?ver=5.1.1 | US | — | — | unknown |
3876 | opera.exe | GET | — | 104.197.149.35:80 | http://agilitrix.com/wp-content/uploads/2018/04/Agilitrix-Logo-Horz-Slogan-Colour.png | US | — | — | unknown |
3876 | opera.exe | GET | — | 104.197.149.35:80 | http://agilitrix.com/wp-includes/js/imgareaselect/imgareaselect.css?ver=0.9.8 | US | — | — | unknown |
3876 | opera.exe | GET | — | 104.197.149.35:80 | http://agilitrix.com/wp-content/plugins/download-manager/assets/css/front.css?ver=5.1.1 | US | — | — | unknown |
3876 | opera.exe | GET | — | 104.197.149.35:80 | http://agilitrix.com/wp-content/plugins/ap-custom-testimonial-pro/css/jquery.bxslider.css?ver=1.2.7 | US | — | — | unknown |
3876 | opera.exe | GET | — | 104.197.149.35:80 | http://agilitrix.com/wp-includes/css/media-views.min.css?ver=5.1.1 | US | — | — | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3876 | opera.exe | 185.26.182.94:443 | certs.opera.com | Opera Software AS | — | whitelisted |
— | — | 216.58.206.8:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
3876 | opera.exe | 93.184.220.29:80 | crl4.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3876 | opera.exe | 104.197.149.35:80 | agilitrix.com | Google Inc. | US | unknown |
3876 | opera.exe | 2.19.43.118:80 | platform-api.sharethis.com | Akamai International B.V. | — | whitelisted |
3876 | opera.exe | 216.58.210.10:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
— | — | 216.58.206.3:80 | crl.pki.goog | Google Inc. | US | whitelisted |
— | — | 54.244.183.249:80 | adpxl.co | Amazon.com, Inc. | US | unknown |
3876 | opera.exe | 185.26.182.93:80 | certs.opera.com | Opera Software AS | — | whitelisted |
— | — | 104.16.159.106:443 | cj369.infusionsoft.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
agilitrix.com |
| unknown |
certs.opera.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |
sitecheck2.opera.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
platform-api.sharethis.com |
| whitelisted |
adpxl.co |
| malicious |
fonts.googleapis.com |
| whitelisted |
cj369.infusionsoft.com |
| unknown |
crl.pki.goog |
| whitelisted |