download: | tr |
Full analysis: | https://app.any.run/tasks/81c05fc4-deec-44b7-9a58-08270824bdec |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 08:11:22 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text |
MD5: | F54B4B0EAE8B154D0AE9DE560F5D80C7 |
SHA1: | 29F8EF1D12395748E7BEB47987387AF2B1D65E52 |
SHA256: | ED98F08182D06034F2CBF7C1852D357653B34ABFCC95C32A74E7B34C745B1102 |
SSDEEP: | 48:eNbqaJWr5XotJXUg58eVPwTBZrcpLC79JKiVFdLhK:8eaYVXGNDVoDLs |
.htm/html | | | HyperText Markup Language with DOCTYPE (80.6) |
---|---|---|
.html | | | HyperText Markup Language (19.3) |
Title: | - |
---|---|
ContentType: | text/html; charset=UTF-8 |
Robots: | noindex, nofollow |
referrer: | never |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2116 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\tr.htm | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2612 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2116 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3160 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2116 CREDAT:144390 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1788 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2116 CREDAT:464129 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2116 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2116 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab2334.tmp | — | |
MD5:— | SHA256:— | |||
2116 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar2335.tmp | — | |
MD5:— | SHA256:— | |||
2116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver2CFA.tmp | — | |
MD5:— | SHA256:— | |||
1788 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\0A8ZNJ3H.htm | html | |
MD5:BC98B663EE76AAB41BC25A35ADFDDC80 | SHA256:FB42557C26B7C073BAF39744110BC81543905A3BDDB1FA0FDEDFD7AA3EB76903 | |||
1788 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\min[1].js | text | |
MD5:5563332AD6AF63C9C94CEF15761BE544 | SHA256:4EFEC11A42893D4DF0249174CBE5AFAE24A5734F5DED35C5E84C56BF9F473EC2 | |||
1788 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\C9QXXTGC.htm | html | |
MD5:F3AB5A8519D8E9B6E35CAB07E71B1AAF | SHA256:3733CCE91700641882196775C779CE23D33C967056EEEBE54C274BE31087A885 | |||
2116 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203 | der | |
MD5:A2959A9251CDE41E2E2AF5E50230C435 | SHA256:88ABA492F4950C7AE7B4E616FEA36C74AAFBBBC0803AE16D17DEFAFF412A6DB0 | |||
2116 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203 | binary | |
MD5:2B3BC96569589487B4C2D3229584B902 | SHA256:81F45728202F81C0C70EA4EA729140518E874B54119368D3A05B675C022A4B81 | |||
2116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\urlblockindex[1].bin | binary | |
MD5:FA518E3DFAE8CA3A0E495460FD60C791 | SHA256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1788 | iexplore.exe | GET | 200 | 2.16.186.64:80 | http://i2.cdn-image.com/__media__/js/min.js?v2.2 | unknown | text | 2.97 Kb | whitelisted |
1788 | iexplore.exe | GET | 200 | 2.16.186.64:80 | http://i3.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot | unknown | eot | 110 Kb | whitelisted |
1788 | iexplore.exe | GET | 200 | 2.16.186.64:80 | http://i2.cdn-image.com/__media__/pics/12471/logo.png | unknown | image | 3.86 Kb | whitelisted |
2116 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2116 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
1788 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://iyfnzgb.com/?domain=ucmj.us&dn=ucmj.us&fp=8cwPmxqcfoAB0S%2BSj63Mmr%2F1gv1%2F%2Byr7TfNVxrifAb1VvpzT51AZ0EYAC1V%2FPevKKL6AF%2B5srqouwLu5je5%2BUu8shIFqltlnPHTA4iXkUJRWr6qrCpZCH%2F1a2clWVFk%2FREj6wgENkzlqfQBhtyG7XAnPx5PwuI0Qx32YpiLBKrc%3D&prvtof=m9%2FpgmdR2WCpC4MVfjLlfKBVF8%2FRn1txljzh0QdUPmU%3D&poru=VxcZKSrCM0K0QUkWUb2JGCpR5nctQBX3A7uI5LqhdfoPC%2FOSvn9eHy3tNcPECA0Hc38bRf4fqXX622wCnS1Ppg%3D%3D& | VG | html | 6.51 Kb | whitelisted |
1788 | iexplore.exe | GET | 200 | 208.91.196.46:80 | http://iyfnzgb.com/?pid=9PO1H9V71&dn=ucmj.us | VG | html | 1.51 Kb | whitelisted |
1788 | iexplore.exe | GET | 200 | 2.16.186.64:80 | http://i4.cdn-image.com/__media__/pics/12471/arrow.png | unknown | image | 1.04 Kb | whitelisted |
1788 | iexplore.exe | GET | 200 | 2.16.186.64:80 | http://i4.cdn-image.com/__media__/pics/12471/search-icon.png | unknown | image | 1.16 Kb | whitelisted |
1788 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i1.cdn-image.com/__media__/pics/12471/kwbg.jpg | unknown | image | 36.3 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2116 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2116 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1788 | iexplore.exe | 2.16.186.64:80 | i2.cdn-image.com | Akamai International B.V. | — | whitelisted |
4 | System | 52.218.85.107:445 | s3-eu-west-1.amazonaws.com | Amazon.com, Inc. | IE | unknown |
1788 | iexplore.exe | 208.91.196.46:80 | iyfnzgb.com | Confluence Networks Inc | VG | malicious |
1788 | iexplore.exe | 2.16.186.106:80 | i2.cdn-image.com | Akamai International B.V. | — | whitelisted |
4 | System | 52.218.85.107:139 | s3-eu-west-1.amazonaws.com | Amazon.com, Inc. | IE | unknown |
2116 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2116 | iexplore.exe | 208.91.196.46:80 | iyfnzgb.com | Confluence Networks Inc | VG | malicious |
Domain | IP | Reputation |
---|---|---|
s3-eu-west-1.amazonaws.com |
| shared |
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |
iyfnzgb.com |
| whitelisted |
i2.cdn-image.com |
| whitelisted |
i3.cdn-image.com |
| whitelisted |
i4.cdn-image.com |
| whitelisted |
i1.cdn-image.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |