download: | index.html |
Full analysis: | https://app.any.run/tasks/98b09bf6-4543-49fa-a2ff-749b72afd143 |
Verdict: | Malicious activity |
Analysis date: | December 03, 2019, 00:22:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | F6CD1F084094BE8C3B80548BC08963BC |
SHA1: | CD572019AC94FEEF5979E45313C44A6BDC044622 |
SHA256: | F4AD1F7BEF83AEB7F6F9D4A36337DEE3369106BB207676E53A9066A7DB9473EF |
SSDEEP: | 192:YZGPZx4U4v6AeK7e5WAHXX2WSJw2iK2iPqGyIi0TLE:YZGxGvIKi5WAHHIwFKbPqGyDWE |
.html | | | HyperText Markup Language (100) |
---|
HTTPEquivXUACompatible: | IE=edge |
---|---|
Title: | mywaydefault |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1044 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2328 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1044 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2124 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1044 CREDAT:203009 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2128 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1044 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
1044 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1044 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF47D862D47C0AB348.TMP | — | |
MD5:— | SHA256:— | |||
2124 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\85YVE9FC\ie8[1].js | — | |
MD5:— | SHA256:— | |||
1044 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:EAB2620C8FA69740CF2119E565C7AD5E | SHA256:A7B43E95368C4EFE3B863AB1E20B428EF5062C73CA0092EF3A8008BAEC4FC355 | |||
2124 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1J9ASVX6\index[1].html | html | |
MD5:F6CD1F084094BE8C3B80548BC08963BC | SHA256:F4AD1F7BEF83AEB7F6F9D4A36337DEE3369106BB207676E53A9066A7DB9473EF | |||
2124 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:0EF49BF677A5B46819C0311A04532052 | SHA256:A8267E7D740C133E34E5040B6D42A836AB1F57A23F8D68888CCDF10538293D68 | |||
2124 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:07C777639A685B79BD244F0848F52022 | SHA256:1E39B078F9128890D0EF355E913E59F69D7306D1EF541240B750E490F1E51985 | |||
2124 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120320191204\index.dat | dat | |
MD5:14571E609235B7764EB23A81F18662B5 | SHA256:AE9C301E0CA524DC2C42460D25021EC40F0A1158BDB7C21AA052095F541613B9 | |||
2328 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120320191204\index.dat | dat | |
MD5:39AD2897732ABD5B87D70B78058A1B77 | SHA256:6C1DF4999F5C04D77C91FB9A3B5E17C6E80CA0480AB2D8931B54CEF5AEF917F8 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2124 | iexplore.exe | GET | 200 | 23.38.53.120:80 | http://ak.staticimgfarm.com/images/webtooltab/ttdetect-2/prd/ttdetect.html | NL | html | 4.23 Kb | whitelisted |
2124 | iexplore.exe | GET | 200 | 23.38.53.120:80 | http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_trivago.png | NL | image | 1.54 Kb | whitelisted |
2124 | iexplore.exe | GET | 200 | 23.38.53.120:80 | http://ak.staticimgfarm.com/images/webtooltab/dynamicAmazonGeo-v2.jsonp?v=1575332577425&callback=dynGeo | NL | text | 383 b | whitelisted |
2124 | iexplore.exe | GET | 200 | 23.38.53.120:80 | http://ak.staticimgfarm.com/images/webtooltab/chiclets/youtube.png | NL | image | 824 b | whitelisted |
2124 | iexplore.exe | GET | 200 | 23.38.53.120:80 | http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_booking.png | NL | image | 885 b | whitelisted |
2124 | iexplore.exe | GET | 200 | 23.38.53.120:80 | http://ak.staticimgfarm.com/images/webtooltab/chiclets/chiclet_priceline.png | NL | image | 1.04 Kb | whitelisted |
2124 | iexplore.exe | GET | 200 | 23.38.53.120:80 | http://ak.staticimgfarm.com/images/webtooltab/chiclets/instagram.png | NL | image | 2.17 Kb | whitelisted |
2124 | iexplore.exe | GET | 200 | 23.38.53.120:80 | http://ak.staticimgfarm.com/images/webtooltab/chiclets/macys.png | NL | image | 1008 b | whitelisted |
2124 | iexplore.exe | GET | 200 | 23.38.53.120:80 | http://ak.staticimgfarm.com/images/webtooltab/chiclets/yahoo.png | NL | image | 650 b | whitelisted |
1044 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 23.38.53.120:443 | ak.staticimgfarm.com | Akamai International B.V. | NL | whitelisted |
2328 | iexplore.exe | 23.38.53.120:443 | ak.staticimgfarm.com | Akamai International B.V. | NL | whitelisted |
— | — | 23.38.53.120:80 | ak.staticimgfarm.com | Akamai International B.V. | NL | whitelisted |
2124 | iexplore.exe | 23.38.53.120:443 | ak.staticimgfarm.com | Akamai International B.V. | NL | whitelisted |
2124 | iexplore.exe | 34.102.222.207:443 | anx.tb.ask.com | — | US | malicious |
1044 | iexplore.exe | 23.38.53.120:80 | ak.staticimgfarm.com | Akamai International B.V. | NL | whitelisted |
2124 | iexplore.exe | 23.38.53.120:80 | ak.staticimgfarm.com | Akamai International B.V. | NL | whitelisted |
Domain | IP | Reputation |
---|---|---|
ak.staticimgfarm.com |
| whitelisted |
www.bing.com |
| whitelisted |
hp.myway.com |
| whitelisted |
anx.tb.ask.com |
| whitelisted |