URL: | http://bubblemark.com/ClientBin/SilverlightBalls.xap |
Full analysis: | https://app.any.run/tasks/baf29c11-6c38-4168-907f-90bff6583e9c |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 12:36:47 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 2310CBCD9323EA8439ACA566DBAD3ED9 |
SHA1: | D4C6027CE4D5C37C52EDF1410CCD1510B6E8006E |
SHA256: | F89E2AD569865AF9EB2470C935700B09F0B0BC47330B1230E685C9108C17C2C3 |
SSDEEP: | 3:N1KcSuEWXRnKKd+7gq8:Cc1XRRdk58 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2968 | "C:\Program Files\Internet Explorer\iexplore.exe" http://bubblemark.com/ClientBin/SilverlightBalls.xap | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3488 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2968 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2976 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\SilverlightBalls.zip" C:\Users\admin\Desktop\ | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1256 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2948 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\Desktop\SilverlightBalls.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2444 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2948 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
252 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | ctfmon.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2412 | "C:\Users\admin\Desktop\Silverlight.exe" | C:\Users\admin\Desktop\Silverlight.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Self-Extracting Cabinet Exit code: 0 Version: 5.1.50918.0 | ||||
4084 | c:\65c003ed8a5846164a24a7b7e0ab\install.exe | c:\65c003ed8a5846164a24a7b7e0ab\install.exe | — | Silverlight.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: External Installer Exit code: 3221226540 Version: VER_DOTPRODUCTVERSION | ||||
3388 | c:\65c003ed8a5846164a24a7b7e0ab\install.exe | c:\65c003ed8a5846164a24a7b7e0ab\install.exe | Silverlight.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: External Installer Exit code: 0 Version: VER_DOTPRODUCTVERSION |
PID | Process | Filename | Type | |
---|---|---|---|---|
2968 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFB6E8C061B61ECD66.TMP | — | |
MD5:— | SHA256:— | |||
2968 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFFADFC7852E6A8439.TMP | — | |
MD5:— | SHA256:— | |||
2968 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{231B3489-770E-11E9-B3B3-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
3488 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E8RQJY72\SilverlightBalls[1].zip | compressed | |
MD5:D92A07AF3EDC91FBC58418EFF22225F9 | SHA256:846671EC3641174B11F75CED64F49C739008BDAE5389BB07D262725CCF8D457E | |||
3488 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log | text | |
MD5:6ED2D8C44B90099F1D37DF3228EF740D | SHA256:88B4CEE12C00084AE540A95A5D5F7CCB90B217B27B7533B1BB7D7F1FDDAC5F63 | |||
252 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\SilverlightBalls.zip.lnk | lnk | |
MD5:96A566F0FDD75AD35A1453AB81268AB8 | SHA256:C47148AA0F613BBB0EE4CBB4C8AD3971D5D7AAA1539A1D71630784D1CCF72FC5 | |||
2976 | WinRAR.exe | C:\Users\admin\Desktop\SilverlightBalls.dll | executable | |
MD5:E190977FF8B09985F12EBEE4F9136B81 | SHA256:4E95A4C4C08E3E24AE2AFE1F715C8EABF3FA2C11F07918EF13635688AE93A012 | |||
2968 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{231B348A-770E-11E9-B3B3-5254004A04AF}.dat | binary | |
MD5:9F0798CBC5B6C14A4664E953A9849F30 | SHA256:041FDF2740F391832CDF24E4FB546E49E4D155B1E8120044183225A8845C820D | |||
2968 | iexplore.exe | C:\Users\admin\Desktop\SilverlightBalls.zip | compressed | |
MD5:9D8786728AE432AC8E2A3C20889F5FD3 | SHA256:B37FB164EA4D6EF35ED0EE32A77723C4A1B1A4B4988F69DBCA1B5852B8493188 | |||
3488 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:26EA9E4454EC0ACB5FBDAA71F6F5175F | SHA256:4FB1B4A2F6ECB1B4EFAE42A5436DC7948802AF21DBBB592E9799FB7D8CF06852 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2444 | iexplore.exe | GET | 302 | 104.96.149.181:80 | http://go.microsoft.com/fwlink/?LinkID=229320 | NL | — | — | whitelisted |
2444 | iexplore.exe | GET | 302 | 104.96.149.181:80 | http://go.microsoft.com/fwlink/?LinkID=124807 | NL | — | — | whitelisted |
— | — | HEAD | 200 | 173.223.11.161:80 | http://download.windowsupdate.com/v9/windowsupdate/redir/muv4wuredir.cab?1905151238 | NL | — | — | whitelisted |
2444 | iexplore.exe | GET | 200 | 2.18.233.19:80 | http://download.microsoft.com/download/d/2/9/d29e5571-4b68-4d95-b43a-4e81ba178455/2.0/ENU/InstallSilverlight.png | unknown | image | 13.8 Kb | whitelisted |
2444 | iexplore.exe | GET | 302 | 104.96.149.181:80 | http://go.microsoft.com/fwlink/?LinkId=108181 | NL | — | — | whitelisted |
3488 | iexplore.exe | GET | 200 | 75.125.38.3:80 | http://bubblemark.com/ClientBin/SilverlightBalls.xap | US | compressed | 91.4 Kb | unknown |
2948 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
— | — | HEAD | 302 | 104.111.243.236:80 | http://go2.microsoft.com/fwlink/?prd=12063&plcid=0x409&ar=UPDATE&sar=AUTO&pver=5.1.50918.0&os=19 | NL | — | — | whitelisted |
— | — | GET | 302 | 104.111.243.236:80 | http://go2.microsoft.com/fwlink/?prd=12063&plcid=0x409&ar=UPDATE&sar=AUTO&pver=5.1.50918.0&os=19 | NL | — | — | whitelisted |
— | — | HEAD | 200 | 205.185.216.42:80 | http://ds.download.windowsupdate.com/v11/2/microsoftupdate/redir/v6-legacy-muauth.cab?1905151238 | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2968 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2948 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2444 | iexplore.exe | 2.23.106.83:80 | www.microsoft.com | Akamai International B.V. | — | whitelisted |
3488 | iexplore.exe | 75.125.38.3:80 | bubblemark.com | SoftLayer Technologies Inc. | US | unknown |
2444 | iexplore.exe | 2.18.233.19:80 | download.microsoft.com | Akamai International B.V. | — | whitelisted |
2444 | iexplore.exe | 104.96.149.181:80 | go.microsoft.com | Akamai Technologies, Inc. | NL | whitelisted |
2444 | iexplore.exe | 2.18.233.19:443 | download.microsoft.com | Akamai International B.V. | — | whitelisted |
— | — | 2.18.233.19:443 | download.microsoft.com | Akamai International B.V. | — | whitelisted |
— | — | 205.185.216.42:80 | ds.download.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
— | — | 23.38.36.63:443 | go.microsoft.com | Akamai Technologies, Inc. | NL | whitelisted |
Domain | IP | Reputation |
---|---|---|
bubblemark.com |
| unknown |
www.bing.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
download.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
download.windowsupdate.com |
| whitelisted |
ds.download.windowsupdate.com |
| whitelisted |
go2.microsoft.com |
| whitelisted |