URL: | http://trk.wastewatch.net/c/4/?T=OTkyNjA2OTc%3AMDItYjE5MTM0LTBiNmQwYzgxNDJjZTQ1NmVhODhjMjkwM2UyODdjZTFm%3Ac2FuZGVyc29uQHhyaXRlLmNvbQ%3ANDg4MTgwMw%3AZmFsc2U%3AMg%3A%3AaHR0cHM6Ly9jb25zZXJ2YXRpdmVidXp6LmNvbS9iaWRlbnRydW1wZXh0P2FmZl9zdWI9QUNURU5HQlQmYWZmX3N1YjI9Q0NBR1cwNTE1MTkmYWZmaWxpYXRlX2lkPTQ4NDQzMiZjb29raWVwcmV2aWV3PWZhbHNlJm5vYXV0b3BsYXk9ZmFsc2Umbm9wb3B1cD1mYWxzZQ&K=oOnp9a2vxd4mhZsjs0pfrw |
Full analysis: | https://app.any.run/tasks/ff60d514-29ac-4fd4-baa2-27d795e7cc16 |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 02:07:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 6C90EB6AA1AED5C0C2F02A0CF4C2F3F8 |
SHA1: | E88CEE146C8CF853B82B341AD2E374ACA25B7332 |
SHA256: | FB5F67C6FD8AAB7BD55954C9AA00F1CC83EEBD079A536EFBF953D28F66A76A6A |
SSDEEP: | 6:CKXgxsTqsE3fzJbShPHhOF+UWtdX0P89qfFBHMn2kfsUzDUOiq0GSAGbW8fNIGd:/grvPcRd59qfFKn2kfsGS9AGyENdd |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3948 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3704 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3948 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3948 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3948 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3704 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4VTT1EBP\bidentrumpext[1].txt | — | |
MD5:— | SHA256:— | |||
3704 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:3A8375104F0F29320047D401D935CD18 | SHA256:D820779CB1A185EEA023133FD62BA5ED580DA26D2B8D3FC77C1240CB04B39AB0 | |||
3704 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4VTT1EBP\bidentrumpext[1].htm | html | |
MD5:0C7874AAED32007A64279AC008109A74 | SHA256:001D214CCACD40812B7BEACFD8387B71A933AFA64513155A40D033C2A199D302 | |||
3704 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4VTT1EBP\lander[1].css | text | |
MD5:3CF8C00B3FA63A66ABBB42425094F8D8 | SHA256:640BD905D9E8A8C79270A5333DB7BEE609C32010578A1A0E48BC92420C5BE34E | |||
3704 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:D4162E326FE59694160B553F35C6C23F | SHA256:085A5D19431DFE62F3DC01D1E932B97049E5A0408CD85A0ECA46A1EA9E62D6AA | |||
3948 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@conservativebuzz[1].txt | text | |
MD5:CE34C6773C807A5ADB0EEE5157F63F1D | SHA256:C02EAA4B973FDF2FA430DE74CA8788D6E6CCF23E75734DEA80B41DA266475FEA | |||
3704 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@conservativebuzz[1].txt | text | |
MD5:9B3109122B7F2C0CAC854D7D09C985C4 | SHA256:62656E6274AB0D7F7BF4B3D04C5D3A3B4E8B55C9CE19A7E29BDA4FE88A388228 | |||
3704 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT | smt | |
MD5:8617C59BA568EE9987F41FAD74AFBFB9 | SHA256:B4DFD597DBED9A9667AE81641097F19AC64E5C497A0EB362ED5726B70C08AB70 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3704 | iexplore.exe | GET | 302 | 34.236.81.214:80 | http://trk.wastewatch.net/c/4/?T=OTkyNjA2OTc%3AMDItYjE5MTM0LTBiNmQwYzgxNDJjZTQ1NmVhODhjMjkwM2UyODdjZTFm%3Ac2FuZGVyc29uQHhyaXRlLmNvbQ%3ANDg4MTgwMw%3AZmFsc2U%3AMg%3A%3AaHR0cHM6Ly9jb25zZXJ2YXRpdmVidXp6LmNvbS9iaWRlbnRydW1wZXh0P2FmZl9zdWI9QUNURU5HQlQmYWZmX3N1YjI9Q0NBR1cwNTE1MTkmYWZmaWxpYXRlX2lkPTQ4NDQzMiZjb29raWVwcmV2aWV3PWZhbHNlJm5vYXV0b3BsYXk9ZmFsc2Umbm9wb3B1cD1mYWxzZQ&K=oOnp9a2vxd4mhZsjs0pfrw | US | — | — | whitelisted |
3948 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3704 | iexplore.exe | 209.197.3.15:443 | maxcdn.bootstrapcdn.com | Highwinds Network Group, Inc. | US | whitelisted |
3948 | iexplore.exe | 104.25.219.115:443 | conservativebuzz.com | Cloudflare Inc | US | shared |
3704 | iexplore.exe | 104.25.219.115:443 | conservativebuzz.com | Cloudflare Inc | US | shared |
3948 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3704 | iexplore.exe | 34.236.81.214:80 | trk.wastewatch.net | Amazon.com, Inc. | US | unknown |
3704 | iexplore.exe | 104.16.16.194:443 | www.clickfunnels.com | Cloudflare Inc | US | shared |
3704 | iexplore.exe | 104.16.13.194:443 | www.clickfunnels.com | Cloudflare Inc | US | shared |
3704 | iexplore.exe | 172.217.22.106:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3704 | iexplore.exe | 157.240.20.19:443 | connect.facebook.net | Facebook, Inc. | US | whitelisted |
3704 | iexplore.exe | 104.19.197.151:443 | cdnjs.cloudflare.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
trk.wastewatch.net |
| unknown |
conservativebuzz.com |
| unknown |
www.clickfunnels.com |
| whitelisted |
maxcdn.bootstrapcdn.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
images.clickfunnels.com |
| whitelisted |
assets.clickfunnels.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |