URL: | http://mabasetq.com/aaa/ |
Full analysis: | https://app.any.run/tasks/ac83eba4-89bc-4a7a-827c-c632b9054f30 |
Verdict: | Malicious activity |
Analysis date: | January 22, 2019, 20:52:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 3F1A1ED847199BF973EE7A2A2AD5A170 |
SHA1: | 9DCD3DE546C1B85E1DD502E27A69B0F4D23820E2 |
SHA256: | ECCE78F5AFE968B9AA232BD80E540BD7DCC6824C09F094BE52993359DB66BA6F |
SSDEEP: | 3:N1KTLx1Tf4:CvxJ4 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3520 | "C:\Program Files\Internet Explorer\iexplore.exe" http://mabasetq.com/aaa/ | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2248 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3520 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2248 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\aaa[1].txt | — | |
MD5:— | SHA256:— | |||
3520 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3520 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2248 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index2[1].php | — | |
MD5:— | SHA256:— | |||
2248 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index2[1].htm | html | |
MD5:539A698098D23A31C5D8CF8A8DD7E86F | SHA256:B4FF11A627FF734286F92DE222E7A8A52669E6ABBA8A8982139FA7A80446E942 | |||
2248 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019012220190123\index.dat | dat | |
MD5:C228D10C6C00C8F08A5A93A5E1642BF7 | SHA256:18AC1F566689D61DFB9F70CD00B0A63189C423DB79BAB2003B77C7D516CC7F30 | |||
3520 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019012220190123\index.dat | dat | |
MD5:15679462B59BC74866DAD88FED8EDE83 | SHA256:FF0F22D3527D9CCF5922924AD529644B7905DB6F40C4F7505ECC1B88BD388CB1 | |||
2248 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ellipsis_grey[1].svg | image | |
MD5:2B5D393DB04A5E6E1F739CB266E65B4C | SHA256:16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6 | |||
2248 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ellipsis_white[1].svg | image | |
MD5:5AC590EE72BFE06A7CECFD75B588AD73 | SHA256:6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA | |||
2248 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ellipsis_white[1].svg | image | |
MD5:5AC590EE72BFE06A7CECFD75B588AD73 | SHA256:6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2248 | iexplore.exe | GET | 200 | 94.177.246.230:80 | http://mabasetq.com/aaa/ | DE | html | 19.8 Kb | malicious |
2248 | iexplore.exe | GET | 404 | 94.177.246.230:80 | http://mabasetq.com/aaa/index_files/boot.worldwide.0.mouse.js | DE | html | 358 b | malicious |
2248 | iexplore.exe | GET | 200 | 94.177.246.230:80 | http://mabasetq.com/aaa/index_files/ellipsis_white.svg | DE | image | 915 b | malicious |
2248 | iexplore.exe | GET | 200 | 94.177.246.230:80 | http://mabasetq.com/aaa/index_files/microsoft_logo.svg | DE | image | 3.57 Kb | malicious |
2248 | iexplore.exe | GET | 302 | 94.177.246.230:80 | http://mabasetq.com/aaa/[email protected]&passwd=&ps=&psRNGCDefaultType=&psRNGCEntropy=&psRNGCSLK=&canary=4qQgTnDKNPGpFjIyyxWb%2BiZFSkaqH%2BYkJssPnR6gDy8%3D1%3A1&ctx=rQIIAdNiNtQztFIxgAAjXRCpa5CWZqibnApiIYEiIS6BRLtqhTc_brrMWmrusZ1l1cVVjPIZJSUFxVb6-vmlJTn5-dl6-Wlpmcmpesn5ufr55Yn6OxgZLzAyrmIyNzM2M7M0Mja1MDA3MrM0NLQ01rNMTjUxTTaz0E00NU7WNTE3TdG1SEux1DVMNk1OMzZOTDIyMr3FxO_vWFqSYQQi8osyq1I_MXGm5RflxhfkF5fMYk5wSS5xcst3THd2dAoq8kupCPYMc_SPNM1Iyikxig_LsjAKNXBOdzEs9owK9fRzDwvzNI1KdS_MC0vMq0wMME01Scmocs7KSQ3JjDD0K9ctysw0zksO8vLJDEjzMc9KK3dZxUxU6GxiZgN6OTc_7xQzW35Bal5mygUWxlcsPAasVhwcXAK8EmwKDD9YGBexAkNR4LtR2op8bde2TxX81-tZGE6x6psUBqaH5Ll4-wW4F7hleVZWVoQnaWdGuQVnJxZ6aEdmexUXB-QFmaW7VFrYGloZTmBjnMDG9oKN8QMbYwc7wy5OQtEAAA2&hpgrequestid=6632f710-6fa8-452b-86f2-780fd77f0400&flowToken=AQABAAEAAADXzZ3ifr-GRbDT45zNSEFEl-C_bh9vDXwBpmCPT_JVZD88DwuiI8QRin6Qiyu4ymKd6LEbBmslQA2QYDgiwq5XGFeRcQelzsfPL6GTvioEPgp2OLXK0dpe2APto9DukIKLbb_ofE3pXFwS503FZotevos6swUF0WECuZyXgvvco0NOuVd5i9CjMYsInmHzPQhiDHOZTnSrFh9YDRqxILdj3E9K9jOk882B3A2eXoEZ3Jl8apwMK8-UvQpmyCsRxmWJvbtRdPFxnypbmUaetCqgTCT-ZuHEdj7AuGVKOW3bvPMFsDXZZEBtaKv34Z9r2xw0TQ9OhzQJyFTyGTxogqVXDS2050RHj_ztjS66PzTuR6Ebt-8zY0-HV3R9mLLqOntYK9g5svb5rGub0YvQhX5WIAA&PPSX=&NewUser=1&FoundMSAs=&fspost=0&i21=0&CookieDisclosure=0&IsFidoSupported=1&i2=102&i17=&i18=&i19= | DE | — | — | malicious |
2248 | iexplore.exe | GET | 404 | 94.177.246.230:80 | http://mabasetq.com/aaa/index_files/boot.worldwide.1.mouse.js | DE | html | 358 b | malicious |
2248 | iexplore.exe | GET | 404 | 94.177.246.230:80 | http://mabasetq.com/aaa/"e;; | DE | html | 333 b | malicious |
2248 | iexplore.exe | GET | 404 | 94.177.246.230:80 | http://mabasetq.com/aaa/fonts/office365icons.eot? | DE | html | 345 b | malicious |
2248 | iexplore.exe | GET | 200 | 94.177.246.230:80 | http://mabasetq.com/aaa/index2.php | DE | html | 20.0 Kb | malicious |
2248 | iexplore.exe | GET | 404 | 94.177.246.230:80 | http://mabasetq.com/aaa/index_files/boot.worldwide.2.mouse.js | DE | html | 358 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3520 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2248 | iexplore.exe | 2.18.232.137:443 | r4.res.office365.com | Akamai International B.V. | — | whitelisted |
3520 | iexplore.exe | 94.177.246.230:80 | mabasetq.com | Aruba SAS | DE | suspicious |
2248 | iexplore.exe | 94.177.246.230:80 | mabasetq.com | Aruba SAS | DE | suspicious |
2248 | iexplore.exe | 13.32.223.110:443 | logo.clearbit.com | Amazon.com, Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
mabasetq.com |
| malicious |
www.bing.com |
| whitelisted |
r4.res.office365.com |
| whitelisted |
logo.clearbit.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
2248 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY Http Client Body contains passwd= in cleartext |
2248 | iexplore.exe | A Network Trojan was detected | MALWARE [PTsecurity] Phishing Microsoft Office365 |