URL: | http://www.friendlyduck.com/AF_TA/rel/index.cfm?RST=UNF&TAD=439376&fn=windows%20kernel%20hook%20driver&SubID=cc621228916dfbfa29cbf74a2b415cyB_4789bf46_e3a7fc8c_RU |
Full analysis: | https://app.any.run/tasks/afd6e781-1f71-49ce-b474-13988b22878b |
Verdict: | Malicious activity |
Analysis date: | September 18, 2019, 14:59:57 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 6B5F902E5642DF2A0EEF07DCE271FDFD |
SHA1: | 934342964A5DD33BA61D89589DAB7AEE6095D996 |
SHA256: | FBA90B7C59A14AB81ED861C8A62D69A4FF1927F10D713B1BF1B652938798671F |
SSDEEP: | 3:N1KJS4L9/w7KUAsKKB4yUaGPDbpBzK8kzAPazXrgYG+aT4jLDk16oxGB:Cc4Z/uAmfG7b54MazfaToLDmxK |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2756 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.friendlyduck.com/AF_TA/rel/index.cfm?RST=UNF&TAD=439376&fn=windows%20kernel%20hook%20driver&SubID=cc621228916dfbfa29cbf74a2b415cyB_4789bf46_e3a7fc8c_RU" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3212 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2756 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2932 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3212 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt | — | |
MD5:— | SHA256:— | |||
2756 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2756 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AGNK6JER\index[1].cfm | — | |
MD5:— | SHA256:— | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2SU4KFI7\css[1].txt | text | |
MD5:57A1996B99FBA1905B15391817BBE285 | SHA256:4B8215F47CA864EF8AC25944CB6A6AF41DB8D3B5B5C3ACA3A4FCA72C59F54E62 | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AGNK6JER\index[1].htm | html | |
MD5:87089362862601BFF8304E0BF53DEADF | SHA256:EB8DF4B41E6D33F2FB4AD238E441AEC4FD6573D2DCE39FE2677310CF0FAD6B1C | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt | text | |
MD5:577F3644E917E84876A45954D771BC58 | SHA256:BE715AF57BF221F0333D965AA81AACC1BBD01A884E8AA7CF7CD2EC16564A0FEE | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:181B3D628718ACAAE97068B1D9C9DABE | SHA256:FD3410852BD4FF868702EF6EBB78FE0125FBDB2574CC32AA8DE51A4DC479DCB3 | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@friendlyduck[1].txt | text | |
MD5:B715B24ABA32FD5363A479426182CAD0 | SHA256:C5387E071A2A3B34AD1818CAFE3FC1035B243A5D493B6BD98ACF5FB291FBB0C8 | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z62289AY\unf-style.min[1].css | text | |
MD5:038F13A90FC3083A24800E1FF476C705 | SHA256:87A2AA25298BB7B1CA5D039C0522D91A0BF6D0B5E4E82CFF529028AC6DB778B7 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3212 | iexplore.exe | GET | 302 | 104.18.50.109:80 | http://www.adturtle.biz/LP_TA/index.cfm?CTP=AF%5FTA%2CTSYqLzdTL1MtUFglIFIpJy4sTTwuM1ohWiM6R1I%2BKlYlSCgyNEdMSSsnKy47PUg%2BKE4gR0dGUTU4USs1SQpNSCktQ1IqUjI4LlxTTDBQNF9LOzJIWkAqLjs6IUc%2BLEpDOlg2QyhOI0lQVVBeSlY1XFBMTCQnSjU1XTteCk1YTCknWTlMIVM5XiY7ODpOTjlETlRLVyBHN1QjVjlRID8rM1siPD8kRlRDM0RMQTZTJSswKksiJ1EiIl0KTTohVzBbR0tBTF5UMSVNP004L18hVEtbLStAIyQ5UD8iVkw8OzFLSCBAKUhXJCUpIUMvTCYyQ184TkgmWAonREhNTUQgJi1PUCAgCg%3D%3D&FN=windows%20kernel%20hook%20driver | US | — | — | whitelisted |
3212 | iexplore.exe | GET | 302 | 104.20.220.106:80 | http://www.friendlyduck.com/AF_TA/rel/index.cfm?RST=UNF&TAD=439376&fn=windows%20kernel%20hook%20driver&SubID=cc621228916dfbfa29cbf74a2b415cyB_4789bf46_e3a7fc8c_RU | US | text | 138 b | whitelisted |
2756 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3212 | iexplore.exe | 216.58.210.10:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3212 | iexplore.exe | 216.58.206.3:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
3212 | iexplore.exe | 104.20.220.106:80 | www.friendlyduck.com | Cloudflare Inc | US | shared |
2756 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3212 | iexplore.exe | 104.18.50.109:443 | www.adturtle.biz | Cloudflare Inc | US | shared |
3212 | iexplore.exe | 104.18.50.109:80 | www.adturtle.biz | Cloudflare Inc | US | shared |
3212 | iexplore.exe | 173.194.76.155:443 | stats.g.doubleclick.net | Google Inc. | US | whitelisted |
2756 | iexplore.exe | 104.18.50.109:443 | www.adturtle.biz | Cloudflare Inc | US | shared |
3212 | iexplore.exe | 172.217.16.195:443 | www.google.lt | Google Inc. | US | whitelisted |
3212 | iexplore.exe | 172.217.21.196:443 | www.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.friendlyduck.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.adturtle.biz |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
stats.g.doubleclick.net |
| whitelisted |
www.google.com |
| whitelisted |
www.google.lt |
| whitelisted |
www.usenet.nl |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
3212 | iexplore.exe | Misc activity | ADWARE [PTsecurity] PUP Win32/InstallMonstr.QJ checkin |
3212 | iexplore.exe | Misc activity | ADWARE [PTsecurity] InstallMonstr |
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .biz TLD |