URL: | https://tinyurl.com/y3eyzrb7 |
Full analysis: | https://app.any.run/tasks/64fd3fde-6915-425b-94f3-9ebc0aab1de9 |
Verdict: | Malicious activity |
Analysis date: | March 21, 2019, 22:13:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | D93566CC071EEAE7658420F11A50E2F6 |
SHA1: | 602F71B4001C6FA45D52EB8D25DB2ABE9E70A96B |
SHA256: | F870B07153B545CE5A6647107F2F1FE7CE7E74ACCD18A95FA570D87C8B9493A6 |
SSDEEP: | 3:N8EzLdIHKSn:2EndsJ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3464 | "C:\Program Files\Internet Explorer\iexplore.exe" https://tinyurl.com/y3eyzrb7 | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3996 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3464 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3464 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3464 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3996 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tinyurl[1].txt | — | |
MD5:— | SHA256:— | |||
3996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXONND65\freshadb[1].txt | — | |
MD5:— | SHA256:— | |||
3996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F2LJ4UMI\ie9gradients[1].htm | — | |
MD5:— | SHA256:— | |||
3996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F2LJ4UMI\ie9gradients[1].htc | — | |
MD5:— | SHA256:— | |||
3996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DKGXSGXO\maintenance[1].php | — | |
MD5:— | SHA256:— | |||
3996 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:7868221C3E3FCC7FFB0E955D66D2F8D5 | SHA256:26F70EE0474229C982C35E687E37E949262D78E7B04DC7003755193756DD5403 | |||
3996 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DKGXSGXO\v6JyFUy[1].jpg | image | |
MD5:44041CD8006501917D4355B06196F83C | SHA256:10E4BA7E68BD9645825723F85CB4056DAB549A31B66BA58A10048922EE0EED8D | |||
3996 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tinyurl[2].txt | text | |
MD5:F1DDFD0823190CF3E153AED5E7FCC23A | SHA256:AC5295E0EB65CA92DFCE96F1C496995F172DC272B19E0199B10C23C1CB2E1DA1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3464 | iexplore.exe | GET | 200 | 208.113.172.140:80 | http://www.cytochipinc.com/favicon.ico | US | — | — | suspicious |
3996 | iexplore.exe | GET | 200 | 208.113.172.140:80 | http://www.cytochipinc.com/js/plugins/do/freshadb/freshadb/ | US | html | 5.67 Kb | suspicious |
3996 | iexplore.exe | GET | 301 | 208.113.172.140:80 | http://cytochipinc.com/js/plugins/do/freshadb/freshadb/ | US | html | 217 b | suspicious |
3996 | iexplore.exe | GET | 200 | 208.113.172.140:80 | http://www.cytochipinc.com/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-username.png | US | binary | 20 b | suspicious |
3464 | iexplore.exe | GET | 200 | 208.113.172.140:80 | http://www.cytochipinc.com/favicon.ico | US | — | — | suspicious |
3996 | iexplore.exe | GET | 200 | 208.113.172.140:80 | http://www.cytochipinc.com/cPanel_magic_revision_1335428096/unprotected/cjt/ie9gradients.htc | US | html | 2.71 Kb | suspicious |
3996 | iexplore.exe | POST | 200 | 208.113.172.140:80 | http://www.cytochipinc.com/js/plugins/do/freshadb/freshadb/maintenance.php | US | html | 579 b | suspicious |
3996 | iexplore.exe | GET | 200 | 208.113.172.140:80 | http://www.cytochipinc.com/cPanel_magic_revision_1335428098/unprotected/cpanel/images/icon-password.png | US | binary | 20 b | suspicious |
3996 | iexplore.exe | GET | 200 | 208.113.172.140:80 | http://www.cytochipinc.com/cPanel_magic_revision_1335428098/unprotected/cpanel/images/locale-map.png | US | binary | 20 b | suspicious |
3996 | iexplore.exe | GET | 200 | 208.113.172.140:80 | http://www.cytochipinc.com/cPanel_magic_revision_1352765682/unprotected/cpanel/images/notice-error.png | US | binary | 20 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3996 | iexplore.exe | 104.20.218.42:443 | tinyurl.com | Cloudflare Inc | US | shared |
3996 | iexplore.exe | 23.34.185.248:443 | www.adobe.com | Akamai Technologies, Inc. | NL | whitelisted |
3464 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3996 | iexplore.exe | 151.101.120.193:443 | i.imgur.com | Fastly | US | malicious |
3996 | iexplore.exe | 208.113.172.140:80 | cytochipinc.com | New Dream Network, LLC | US | suspicious |
3464 | iexplore.exe | 208.113.172.140:80 | cytochipinc.com | New Dream Network, LLC | US | suspicious |
3996 | iexplore.exe | 192.147.130.204:443 | adobe.com | Adobe Systems Inc. | US | whitelisted |
3464 | iexplore.exe | 23.34.185.248:443 | www.adobe.com | Akamai Technologies, Inc. | NL | whitelisted |
3996 | iexplore.exe | 13.32.156.176:443 | static.adobelogin.com | Amazon.com, Inc. | US | unknown |
3996 | iexplore.exe | 23.45.98.72:443 | use.typekit.net | Akamai International B.V. | NL | whitelisted |
Domain | IP | Reputation |
---|---|---|
tinyurl.com |
| shared |
www.bing.com |
| whitelisted |
cytochipinc.com |
| suspicious |
www.cytochipinc.com |
| suspicious |
i.imgur.com |
| shared |
adobe.com |
| whitelisted |
www.adobe.com |
| whitelisted |
use.typekit.net |
| whitelisted |
static.adobelogin.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3996 | iexplore.exe | Potentially Bad Traffic | ET CURRENT_EVENTS Possible Adobe PDF Phishing Landing - Title over non SSL |