URL: | http://216.98.5.138 |
Full analysis: | https://app.any.run/tasks/a91abed2-5bb9-4fe3-938b-95144e1d5a58 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 14:20:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | BD325F2DBC01F6F91C49564066A67F4F |
SHA1: | 71FFF8B183C452B06997E66913B110009EA41AB6 |
SHA256: | F6189840E5FC8E7B5A658601167D1E2BBD2122A1B60E67A3A361CA54DCF94C77 |
SSDEEP: | 3:N1K5oa:C3 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2660 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://216.98.5.138" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2508 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2660 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (2660) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2660) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (2660) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30977622 | |||
(PID) Process: | (2660) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (2660) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30977622 | |||
(PID) Process: | (2660) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2660) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2660) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2660) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2660) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\Default[1].htm | html | |
MD5:0EC461914DB9FAB2E64B46BB7950F28D | SHA256:44A832396120E0E2FDBCD9BB99CA0A2AA9F822F450BF6C98A3B712E760619B2B | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\Head_v1[1].js | text | |
MD5:B2389B9EDBF980B51AF2571C7F405664 | SHA256:CB77BDEED29C981648962A898ABCD76D1BC200A1649A7714830851C6BA5E6913 | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\CX_SAN_076_HTH1-B[1].jpg | image | |
MD5:5226DACBC44B5A8EDF2B3A58A6C9EBAD | SHA256:CCD44703510DFA8114476FE17D61871A2F10B881936D8C53B2CB957CF0A16DCC | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\CX_GEO_004_HTH1-B[1].jpg | image | |
MD5:50B73BFDCB82B45720C9D8B49CDAB6BC | SHA256:75FFB525727B53013ED7F38E58373AEB02A03751880CFE3E861C178BF60AF7B0 | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\CX_AVE_104_HTH1-B[1].jpg | image | |
MD5:4662DDF0174D9946F2BCB34DB684B688 | SHA256:21D240D18147ED022CD3638F139E2BD73844FEB4A4D2722D949671CA468CCFDA | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3WHC3Y7N.txt | text | |
MD5:29C4E58A42C6207FEBBC080BDA029844 | SHA256:EC0D3BDED400E8455AB99D81055A7CD3FACEA19777E64E288BE8AECFA53C8A93 | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\css[1].css | text | |
MD5:DAB4F564D959354644FBC5CB05A2C1B7 | SHA256:7CB3DA1C6918A6F53FADAA7137C6BBA295B1E216352C245B0FBD344E14194233 | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\CX_SAN_077_HTH1-B[1].jpg | image | |
MD5:A5709F30253C744EF608B9AD20052983 | SHA256:11EA83988A41FCE76DABB65F66A3814084D338A65592F3BEC4396C007E7EF57B | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\autocomplete[1].js | text | |
MD5:D381426F5E1995E6B84C641BC817D3E4 | SHA256:B0FB64C6A1AE821F726F363FD7B7EB4E718FDBF093BB4A07611D02E48C7F0FF8 | |||
2508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ShopStyle[1].css | text | |
MD5:E4109B6F4DF50F2D0BF7ED8356CFE062 | SHA256:C2553DCA473593CC086E77EE7B08C9E1D2F36A347AE994FE768D0EC99A95CA7C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2508 | iexplore.exe | GET | 200 | 216.98.5.138:80 | http://www.sosonline.com/Default.asp? | US | html | 59.2 Kb | unknown |
2508 | iexplore.exe | GET | — | 216.98.5.138:80 | http://www.sosonline.com/Scripts/config.js | US | — | — | unknown |
2508 | iexplore.exe | GET | 200 | 216.98.5.138:80 | http://www.sosonline.com/eGen/src/css/ShopStyle.asp | US | text | 39.6 Kb | unknown |
2508 | iexplore.exe | GET | — | 163.171.128.172:80 | http://content.etilize.com/spr/extras/Theater_769x300/CX_AVE_104_HTH1-B.jpg | US | — | — | malicious |
2508 | iexplore.exe | GET | — | 163.171.128.172:80 | http://content.etilize.com/spr/extras/Theater_769x300/CX_GEO_004_HTH1-B.jpg | US | — | — | malicious |
2508 | iexplore.exe | GET | 200 | 216.98.5.138:80 | http://www.sosonline.com/eGen/cnt/MenuEcom/Head_v1.js | US | text | 3.59 Kb | unknown |
2508 | iexplore.exe | GET | 200 | 172.217.16.202:80 | http://fonts.googleapis.com/css?family=Open+Sans:400,600,800,700,300 | US | text | 256 b | whitelisted |
2508 | iexplore.exe | GET | — | 163.171.128.172:80 | http://content.etilize.com/spr/extras/Theater_769x300/CX_SAN_077_HTH1-B.jpg | US | — | — | malicious |
2508 | iexplore.exe | GET | 200 | 216.98.5.138:80 | http://www.sosonline.com/Scripts/autocomplete.js | US | text | 15.3 Kb | unknown |
2508 | iexplore.exe | GET | — | 163.171.128.172:80 | http://content.etilize.com/spr/extras/Theater_769x300/CX_SPI_001_HTH1-B.jpg | US | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2508 | iexplore.exe | 172.217.18.10:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
— | — | 172.217.16.202:80 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2508 | iexplore.exe | 216.98.5.138:80 | www.sosonline.com | Atlantic.net, Inc. | US | unknown |
— | — | 163.171.128.172:80 | content.etilize.com | — | US | suspicious |
2508 | iexplore.exe | 67.27.233.126:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
2508 | iexplore.exe | 163.171.128.172:80 | content.etilize.com | — | US | suspicious |
2508 | iexplore.exe | 163.171.128.172:443 | content.etilize.com | — | US | suspicious |
2508 | iexplore.exe | 142.250.186.67:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2508 | iexplore.exe | 192.124.249.22:80 | ocsp.godaddy.com | Sucuri | US | suspicious |
2660 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.sosonline.com |
| unknown |
fonts.googleapis.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
content.etilize.com |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |
chimpstatic.com |
| whitelisted |