URL: | http://askflixbrasil.top/ |
Full analysis: | https://app.any.run/tasks/aeebfa28-2f6c-471a-ac70-528da90a1bb0 |
Verdict: | Malicious activity |
Analysis date: | May 14, 2019, 20:51:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 7D020E6903443D1AB1F74F3309DB993F |
SHA1: | 659EACBBF205728D6C1622C437C551C5B6660D36 |
SHA256: | EA274835B2D33FC0BFEA1AE4E38DC56675240797228B44A2C29E2882506BE369 |
SSDEEP: | 3:N1KfotEF0Kn:CgtOzn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1892 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3372 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1892 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (1892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (1892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (1892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 | |||
(PID) Process: | (1892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones |
Operation: | write | Name: | SecuritySafe |
Value: 1 | |||
(PID) Process: | (1892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (1892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
(PID) Process: | (1892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active |
Operation: | write | Name: | {1279310F-768A-11E9-A370-5254004A04AF} |
Value: 0 | |||
(PID) Process: | (1892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
Operation: | write | Name: | Type |
Value: 4 | |||
(PID) Process: | (1892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
Operation: | write | Name: | Count |
Value: 1 | |||
(PID) Process: | (1892) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
Operation: | write | Name: | Time |
Value: E307050002000E00140033002900BF01 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1892 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
1892 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3372 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@askflixbrasil[1].txt | — | |
MD5:— | SHA256:— | |||
3372 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EDPXDD28\askflixbrasil_top[1].txt | — | |
MD5:— | SHA256:— | |||
3372 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SIY6BFCP\front.mobile[1].css | text | |
MD5:F9D6FFB8A8461A4FD6DC070DF6CBA424 | SHA256:50DF61863DF1D64094A93953A0A0BC885FD51CC3700EA4B1CAC228DA93BC3484 | |||
3372 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LPSR6BH2\front.style[1].css | text | |
MD5:EECCCDB37D3F110AA14215FC495E0747 | SHA256:1CF6F85FF152358D0B81EAFF7E059EBF10D622062E7ECD7F637B84ABC048C439 | |||
3372 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EDPXDD28\frontend.popup.min[1].css | text | |
MD5:635FDE21407F1D03806C2615ACFCEEFD | SHA256:515A706B2CFE97BA7F34F000EC0247DA4667530A4A3DD82DAE178CE179067A76 | |||
3372 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:8362FCBAD2CCBF82A0D5E200C273ED25 | SHA256:0B299DF94492B3DA3D46C2F56A99EB8B55BD382B0A9CF0C4BA0EDD651A896EA5 | |||
3372 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:485C24BF34DBC52595766A3F50DD78D1 | SHA256:19EB258B21E521F99C59AF58571168B98B4ED2CA87558167A85D88C6ACC45579 | |||
3372 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:10D36FC44299BB09B2AAE4AC8155816E | SHA256:3E3006CE649E773D718051627B87FB12A2E11574796B1F1EA8A772810757944E |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3372 | iexplore.exe | GET | 301 | 104.31.93.176:80 | http://askflixbrasil.top/ | US | — | — | suspicious |
3372 | iexplore.exe | GET | 200 | 104.31.92.176:80 | http://www.askflixbrasil.top/wp-content/plugins/popup-by-supsystic/modules/popup/css/frontend.popup.min.css?ver=1.9.47 | US | text | 710 b | suspicious |
3372 | iexplore.exe | GET | 200 | 104.31.92.176:80 | http://www.askflixbrasil.top/wp-content/themes/AskFlix/assets/css/front.icons.css?ver= | US | text | 1.45 Kb | suspicious |
3372 | iexplore.exe | GET | 200 | 104.31.92.176:80 | http://www.askflixbrasil.top/wp-content/plugins/popup-by-supsystic/modules/popup/js/frontend.popup.min.js?ver=1.9.47 | US | html | 7.43 Kb | suspicious |
3372 | iexplore.exe | GET | 200 | 104.31.92.176:80 | http://www.askflixbrasil.top/wp-content/themes/AskFlix/assets/css/front.style.css?ver= | US | text | 16.1 Kb | suspicious |
3372 | iexplore.exe | GET | 200 | 104.31.92.176:80 | http://www.askflixbrasil.top/wp-content/themes/AskFlix/assets/css/colors.dark.css?ver= | US | text | 7.66 Kb | suspicious |
3372 | iexplore.exe | GET | 200 | 104.31.92.176:80 | http://www.askflixbrasil.top/wp-includes/css/dist/block-library/style.min.css?ver=5.2 | US | text | 4.61 Kb | suspicious |
3372 | iexplore.exe | GET | 200 | 104.31.92.176:80 | http://www.askflixbrasil.top/wp-content/themes/AskFlix/assets/js/front.scrollbar.js?ver=2.1.3.8 | US | text | 11.0 Kb | suspicious |
3372 | iexplore.exe | GET | 200 | 104.31.92.176:80 | http://www.askflixbrasil.top/wp-content/themes/AskFlix/assets/css/front.crollbar.css?ver= | US | text | 1.24 Kb | suspicious |
3372 | iexplore.exe | GET | 200 | 104.31.92.176:80 | http://www.askflixbrasil.top/wp-content/themes/AskFlix/assets/css/front.mobile.css?ver= | US | text | 2.10 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3372 | iexplore.exe | 104.31.93.176:80 | askflixbrasil.top | Cloudflare Inc | US | shared |
3372 | iexplore.exe | 104.31.93.176:443 | askflixbrasil.top | Cloudflare Inc | US | shared |
3372 | iexplore.exe | 104.31.92.176:80 | askflixbrasil.top | Cloudflare Inc | US | shared |
3372 | iexplore.exe | 104.19.197.151:443 | cdnjs.cloudflare.com | Cloudflare Inc | US | shared |
1892 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3372 | iexplore.exe | 216.58.210.10:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3372 | iexplore.exe | 172.217.22.3:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
3372 | iexplore.exe | 151.101.120.193:443 | i.imgur.com | Fastly | US | malicious |
3372 | iexplore.exe | 13.32.128.111:443 | m.media-amazon.com | — | US | unknown |
3372 | iexplore.exe | 172.217.16.129:443 | 3.bp.blogspot.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
askflixbrasil.top |
| suspicious |
www.askflixbrasil.top |
| suspicious |
cdnjs.cloudflare.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
image.tmdb.org |
| whitelisted |
3.bp.blogspot.com |
| whitelisted |
s2.glbimg.com |
| unknown |
i.imgur.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.top domain - Likely Hostile |
3372 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |