URL: | https://agen-slot.club/fab.php |
Full analysis: | https://app.any.run/tasks/cc388f51-2fc4-48ae-8016-bb725b1b5946 |
Verdict: | Malicious activity |
Analysis date: | February 22, 2020, 10:55:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | E2AAACB02468B9C63D1D37535AF6228E |
SHA1: | B95213FE7CB99011542FEAA0CAE2A9E22B392886 |
SHA256: | F09C931A1BC48993E5196238D86A287242D20BE413309549291CE4F267F9AC64 |
SSDEEP: | 3:N8eLdbo:2eLFo |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3924 | "C:\Program Files\Internet Explorer\iexplore.exe" https://agen-slot.club/fab.php | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1832 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3924 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1832 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 | — | |
MD5:— | SHA256:— | |||
3924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab8006.tmp | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar8007.tmp | — | |
MD5:— | SHA256:— | |||
3924 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\CabC4EE.tmp | — | |
MD5:— | SHA256:— | |||
3924 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\TarC4EF.tmp | — | |
MD5:— | SHA256:— | |||
3924 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE2B9.tmp | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA | binary | |
MD5:6A2FB8D5DE5A167E6199F1B01C07446E | SHA256:AFDE0D213057B546A0E94675465F7714AB6FAE0753009824B9BAF219230B8194 | |||
1832 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 | der | |
MD5:BD71E02F5C466D35149B68EBE0A04E55 | SHA256:CF3A2D15C2F3128892EDB29B2884280A1F801089BA23E16E57627A4EB156ACD6 | |||
1832 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA | der | |
MD5:21324AC6841B97BAC28FD30BA2BDFFB4 | SHA256:0B10C68ADB90821EE8EF3DA10D53948B1A0046121EBDE43F0763718E2E330E4F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1832 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D | US | der | 471 b | whitelisted |
1832 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D | US | der | 471 b | whitelisted |
3924 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3924 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3924 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
1832 | iexplore.exe | GET | 200 | 45.77.245.214:80 | http://agen-slot.club/wp-content/uploads/2019/10/cai-shen-ye.png | US | image | 80.3 Kb | suspicious |
1832 | iexplore.exe | GET | 200 | 45.77.245.214:80 | http://agen-slot.club/wp-content/uploads/2019/10/AGEN-SBOBET-mstar69.gif | US | image | 80.1 Kb | suspicious |
1832 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTOpjOEf6LG1z52jqAxwDlTxoaOCgQUQAlhZ%2FC8g3FP3hIILG%2FU1Ct2PZYCEQCLjki1zp2PMJNgNUO3LK5%2B | US | der | 280 b | whitelisted |
1832 | iexplore.exe | GET | 200 | 45.77.245.214:80 | http://agen-slot.club/wp-content/uploads/2019/10/agen-slot-online-terpercaya-di-indonesia.jpg | US | image | 474 Kb | suspicious |
1832 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.trust-provider.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEENSAj%2F6qJAfE5%2Fj9OXBRE4%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3924 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3924 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3924 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1832 | iexplore.exe | 151.139.128.14:80 | ocsp.usertrust.com | Highwinds Network Group, Inc. | US | suspicious |
3924 | iexplore.exe | 45.77.245.214:443 | — | — | US | suspicious |
1832 | iexplore.exe | 45.77.245.214:443 | — | — | US | suspicious |
1832 | iexplore.exe | 172.217.16.131:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
1832 | iexplore.exe | 172.217.22.40:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
1832 | iexplore.exe | 45.77.245.214:80 | — | — | US | suspicious |
1832 | iexplore.exe | 172.217.22.14:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
agen-slot.club |
| suspicious |
ocsp.usertrust.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |