URL: | https://www.spacecowboy.online/بنك-الاهلي-اون-لاين-تسجيل-دخول.html |
Full analysis: | https://app.any.run/tasks/69c4d62c-d51e-45e7-9aa3-0a3777f6bf08 |
Verdict: | Malicious activity |
Analysis date: | February 22, 2020, 13:26:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 86FE0BCCC4D43654AF95D2371BAB386D |
SHA1: | 0E7F003211007FD59BFDFAD8A37EDE8C5B0B2A1E |
SHA256: | EB5A344D4DF67122DC8C70E4B255DD4278BEA6790A0CAB41C1907F74E9D3C69B |
SSDEEP: | 3:N8DSLNb68AmApw0Yr8j:2OLN/Au0T |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2952 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.spacecowboy.online/بنك-الاهلي-اون-لاين-تسجيل-دخول.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3900 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2952 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2844 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2952 CREDAT:4068645 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3900 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab7094.tmp | — | |
MD5:— | SHA256:— | |||
3900 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar7095.tmp | — | |
MD5:— | SHA256:— | |||
3900 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\8QU1CQCK.txt | text | |
MD5:E0A66306DC1231FBC1D8F0211DC05C7D | SHA256:7F00FDDDBEB9549A2632A093C1F470DD9CBFB2E9D1A4183247A0E5BE8E51ACA3 | |||
3900 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\Ahli-Online[1].jpg | image | |
MD5:21DCB4F03631D2486F235C67F40A0BE0 | SHA256:F6F3188F2B8296F5CC9B7565EDFE3DB162DBA559F840DDF8639EC52492EC8D29 | |||
3900 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\بنك-الاهلي-اون-لاين-تسجيل-دخول[1].htm | html | |
MD5:B4964BDA4C5B27B5B8001B97AFBE4E2E | SHA256:30CC7171D671C736D774ADDDABFCD08C961BA49BB75A9428A7CCC16ECAE9E541 | |||
3900 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\Registration-page[1].jpg | image | |
MD5:3F684FD5B22C503A46517FD8351E4CD9 | SHA256:E789D9002D53CDA1B493A8972624923AE5F0262733C1E4ABB85940D9E23DCEC9 | |||
3900 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1 | binary | |
MD5:A86B2DE4301982D6C994890C73985BFA | SHA256:CFB8717A36E0941AEF79F1983EBCF5A64B0CEA28F5D716BB93CCD99B63A1D03B | |||
3900 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1 | der | |
MD5:528DBD67AC06C41710FE8E6ED0CA30E3 | SHA256:A8D1B70A68DE6A2624D1BDFE90ED1DED2CE094E9A8288C280BB929509DE95CA5 | |||
3900 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\medium_default[1].png | image | |
MD5:B581D0CA6BD69E5248C2C998C82BFB19 | SHA256:A80FA8EC38D8BFE8358588B4A2BD68B35E314AE02A6FD25F44B5E5CCADE06810 | |||
3900 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:E550DA03AEE5B546B436CD553D3233B9 | SHA256:9ABFD4E29B96CCA442502B1DE6071FE0293455DF22B4EFF19FA3E6DF060947E7 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3900 | iexplore.exe | GET | 302 | 213.5.173.67:80 | http://www.alahlicapital.com/SiteAssets/ContentsMedia/system20170516105610Tadawul_online_trading-b.jpg?RenditionID=3 | SA | — | — | unknown |
3900 | iexplore.exe | GET | 302 | 213.5.173.67:80 | http://www.alahlicapital.com/SiteAssets/HomeImages/SliderImages/aramco%20Arabic.jpg | SA | — | — | unknown |
3900 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D | US | der | 1.47 Kb | whitelisted |
3900 | iexplore.exe | GET | 301 | 104.31.83.76:80 | http://taqsetk.com/wp-content/uploads/2019/10/%D8%AA%D9%82%D8%B3%D9%8A%D8%B7-%D8%A7%D9%84%D8%A8%D9%86%D9%83-%D8%A7%D9%84%D8%A7%D9%87%D9%84%D9%8A-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A-%D8%AA%D9%82%D8%B3%D9%8A%D8%B7-%D8%A7%D9%84%D8%A8%D9%86%D9%83-%D8%A7%D9%84%D8%A7%D9%87%D9%84%D9%8A-%D8%B4%D8%B1%D9%88%D8%B7-%D8%AA%D9%82%D8%B3%D9%8A%D8%B7-%D8%A7%D9%84%D8%A8%D9%86%D9%83-%D8%A7%D9%84%D8%A7%D9%87%D9%84%D9%8A.jpg | US | — | — | malicious |
3900 | iexplore.exe | GET | 301 | 104.27.151.181:80 | http://5khtawat.com/wp-content/uploads/2015/10/elbank-elahly-2015-5khtawat-com.jpg | US | — | — | whitelisted |
3900 | iexplore.exe | GET | 302 | 160.153.128.205:80 | http://nbg.com.eg/images/newimages/359.cfirst_image_a.jpg | US | html | 242 b | unknown |
3900 | iexplore.exe | GET | 200 | 72.21.91.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ5rEWLwbJFq%2FmAU80sm7E%3D | US | der | 471 b | whitelisted |
3900 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ5rEWLwbJFq%2FmAU80sm7E%3D | US | der | 471 b | whitelisted |
3900 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
3900 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3900 | iexplore.exe | 172.217.18.10:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3900 | iexplore.exe | 104.27.151.181:80 | 5khtawat.com | Cloudflare Inc | US | unknown |
3900 | iexplore.exe | 209.197.3.15:443 | stackpath.bootstrapcdn.com | Highwinds Network Group, Inc. | US | whitelisted |
3900 | iexplore.exe | 72.21.91.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3900 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3900 | iexplore.exe | 209.197.3.24:443 | code.jquery.com | Highwinds Network Group, Inc. | US | malicious |
3900 | iexplore.exe | 104.24.108.61:443 | — | Cloudflare Inc | US | shared |
3900 | iexplore.exe | 217.160.0.70:443 | takhail.org | 1&1 Internet SE | DE | malicious |
3900 | iexplore.exe | 95.211.193.10:443 | awhmagazine.com | LeaseWeb Netherlands B.V. | NL | unknown |
3900 | iexplore.exe | 104.27.134.40:443 | www.traidnt.net | Cloudflare Inc | US | suspicious |
Domain | IP | Reputation |
---|---|---|
www.spacecowboy.online |
| suspicious |
ocsp.digicert.com |
| whitelisted |
stackpath.bootstrapcdn.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
code.jquery.com |
| whitelisted |
maxcdn.bootstrapcdn.com |
| whitelisted |
5khtawat.com |
| whitelisted |
takhail.org |
| malicious |
www.almrsal.com |
| unknown |
awhmagazine.com |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
3900 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3900 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3900 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3900 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3900 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |