File name: | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RFf4211.TMP |
Full analysis: | https://app.any.run/tasks/10ac63e8-c748-4f28-99c6-18c53593e281 |
Verdict: | Malicious activity |
Analysis date: | April 23, 2019, 09:50:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/octet-stream |
File info: | data |
MD5: | 131DC75F6D4142CA9244945A91A71E8D |
SHA1: | 145517F1571264BDC71A33342539CA9D921AC0DF |
SHA256: | F17C463C77B5DA9E795770A82E0A7FB1023023F44397F6E080721E9811B2A0C4 |
SSDEEP: | 96:+ZkCzFqvsqvJCwo2ZkCzFqvsEHyqvJCworu1XH97GGlUVb:+ZHio2ZHKHnoru1NGh |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2188 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\d93f411851d7c929.customDestinations-ms~RFf4211.TMP | C:\Windows\system32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2416 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | rundll32.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3956 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2416 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3956 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bing[2].txt | — | |
MD5:— | SHA256:— | |||
3956 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BG1BK6DX\search[1].txt | — | |
MD5:— | SHA256:— | |||
3956 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BG1BK6DX\search[1].htm | html | |
MD5:E8D68D34D661E4BD8544B5701526AC92 | SHA256:CE6A564A82A8AA7F3EA6CB14F583906C3AB7206E1DC6F43DE47ECE70460D8AA5 | |||
3956 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q76JFWNL\9a358300[1].js | text | |
MD5:26D5C5DD7C280FA90F88A152BB557441 | SHA256:63BF2C3D1A4B69EC7D9681BEF931C76713DA9C94CC5C1CF9D9F8B142917C9362 | |||
3956 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019042320190424\index.dat | dat | |
MD5:D30B8EACF177C54EFCF959BE7DA3B083 | SHA256:7E37C48FA3E774FA7F19A53E0D4DAE9511E86C9AE5CB4263E11CF3AE6669FC3F | |||
3956 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT | dbf | |
MD5:D52DB6EBED3A4ED299CBDD902599D416 | SHA256:4FC4B4DF6FBD2DC5CCF87E67C59EE49B7284819830E76DFD036CA85B121C250D | |||
2416 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3956 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:349357A0968596B8006260FBBD095D1C | SHA256:7964F0480E44D44DD8CBCB41BC5810DEA57AC53C046A6D384E89BE59C21EA542 | |||
2416 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019042320190424\index.dat | dat | |
MD5:450748A62638FCF8FE31FD5355A0744D | SHA256:605990E9FBC2211E01D9315A0AD0861CDE8A3705A143382952B548190E81C002 | |||
3956 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:6DBD5264B3328F78E40E4069DA86AD01 | SHA256:39ACCA3149C1EAE03B4FE1A5F1CB4FF92367BEB0742ACE9B8655D6C64965F7B0 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3956 | iexplore.exe | GET | 302 | 172.227.168.22:80 | http://go.microsoft.com/fwlink/?LinkId=57426&Ext=TMP | US | — | — | whitelisted |
3956 | iexplore.exe | GET | 301 | 2.16.186.24:80 | http://shell.windows.com/fileassoc/fileassoc.asp?Ext=TMP | unknown | — | — | whitelisted |
2416 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2416 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2416 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2416 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3956 | iexplore.exe | 2.16.186.24:80 | shell.windows.com | Akamai International B.V. | — | whitelisted |
3956 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 172.227.168.22:80 | go.microsoft.com | Akamai International B.V. | US | whitelisted |
3956 | iexplore.exe | 157.55.135.132:443 | login.live.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
shell.windows.com |
| whitelisted |
tse1.mm.bing.net |
| whitelisted |
login.live.com |
| whitelisted |