Blackhole Exploit Kit Activity

Infected website:

hxxp://somerandomiframedomain. com

Activity:

Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 92.38.232.92 - 80
Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - GET - somerandomiframedomain.com - /forum.php?tp=9c7447caf251fe78
File Created - %ProgramFiles%\Internet Explorer\iexplore.exe - %UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5\OJZMJR51\forum[1].htm - 05BF0A782B09E63E962AF592C04CF640 - 16304 bytes - attr: [] - -
Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 64.4.52.169 - 80
Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - POST - activex.microsoft.com - /objects/ocget.dll
Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 92.38.232.92 - 80
Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - GET - somerandomiframedomain.com - /k.php?f=44&e=4
Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - POST - codecs.microsoft.com - /isapi/ocget.dll
File Modified - %ProgramFiles%\Internet Explorer\iexplore.exe - %UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5\B2H662ZO\info[1].exe
File Created - %ProgramFiles%\Internet Explorer\iexplore.exe - %UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5\B2H662ZO\info[1].exe - 7B6A870B66170AA254850D290D0E3BF1 - 16038 bytes - attr: [] - -
File Created - %ProgramFiles%\Internet Explorer\iexplore.exe - %UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5\B2H662ZO\CACPYZ8H.HTM - D54404273005B88BE8E663BB2FFFA833 - 1178 bytes - attr: [] - -
File Modified - %ProgramFiles%\Internet Explorer\iexplore.exe - %UserProfile%\adobeupdate.exe
Process Created - %ProgramFiles%\Internet Explorer\iexplore.exe - %UserProfile%\adobeupdate.exe - l - E29AB3125BA3743C591AFE34B7CF3983 - 27136 bytes
File Created - %ProgramFiles%\Internet Explorer\iexplore.exe - %UserProfile%\adobeupdate.exe - E29AB3125BA3743C591AFE34B7CF3983 - 27136 bytes - attr: [] - PE
Connection Established - %UserProfile%\adobeupdate.exe - TCP - 84.51.38.170 - 80
Web Request - %UserProfile%\adobeupdate.exe - GET - www.bilalbabalikli.com - /flash/Output.exe
File Modified - %UserProfile%\adobeupdate.exe - %UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5\OJZMJR51\Output[1].exe
File Created - %UserProfile%\adobeupdate.exe - %UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5\OJZMJR51\Output[1].exe - 3C122FF114213CC13D2026F6BB35B916 - 11347 bytes - attr: [] - -
File Modified - %UserProfile%\adobeupdate.exe - %AppData%\IMPOST~1\Temp\APxKq.exe
Process Created - %UserProfile%\adobeupdate.exe - %AppData%\IMPOST~1\Temp\APxKq.exe - Unknown Publisher - 699BA174BC7DE1AECC615F23AE7124D7 - 798720 bytes
Process Created - %UserProfile%\adobeupdate.exe - %UserProfile%\adobeupdate.exe - l - E29AB3125BA3743C591AFE34B7CF3983 - 27136 bytes
Process Created - %AppData%\IMPOST~1\Temp\APxKq.exe - %AppData%\IMPOST~1\Temp\APxKq.exe - Unknown Publisher - 699BA174BC7DE1AECC615F23AE7124D7 - 798720 bytes
File Modified - C:\WINDOWS\Explorer.EXE - C:\RECYCLER\98D634CFE30.exe
Process Created - C:\WINDOWS\Explorer.EXE - C:\RECYCLER\98D634CFE30.exe - Unknown Publisher - 699BA174BC7DE1AECC615F23AE7124D7 - 798720 bytes
File Created - C:\WINDOWS\Explorer.EXE - C:\RECYCLER\98D634CFE30.exe - 699BA174BC7DE1AECC615F23AE7124D7 - 798720 bytes - attr: [] - PE
Process Created - C:\RECYCLER\98D634CFE30.exe - C:\RECYCLER\98D634CFE30.exe - Unknown Publisher - 699BA174BC7DE1AECC615F23AE7124D7 - 798720 bytes
File Created - C:\RECYCLER\98D634CFE30.exe - C:\RECYCLER\AC5C937E7FCCD47 - 6CDC7010B83EB5DE5501A8B48B636E82 - 360009 bytes - attr: [] - -
Connection Established - C:\WINDOWS\Explorer.EXE - TCP - 212.150.164.206 - 80

Infected website:

hxxp://stocunintermussfp.4dq. com

Activity:

Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 174.37.210.229 - 80
Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - GET - stocunintermussfp.4dq.com - /index.php?tp=94df3dd696eea086
File Created - %ProgramFiles%\Internet Explorer\iexplore.exe - %UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5\OJZMJR51\index[1].htm - 57B396000D456745B41DFF19C3CD34D4 - 8493 bytes - attr: [] - -
Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 174.37.210.229 - 80
Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - GET - stocunintermussfp.4dq.com - /d.php?f=50&e=4
File Modified - %ProgramFiles%\Internet Explorer\iexplore.exe - %UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5\WRLEMEZ4\calc[1].exe
File Created - %ProgramFiles%\Internet Explorer\iexplore.exe - %UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5\WRLEMEZ4\calc[1].exe - EB3026D4C49B0D2355670856800139F7 - 8227 bytes - attr: [] - -
File Modified - %ProgramFiles%\Internet Explorer\iexplore.exe - C:\adobeupdate.dll
File Created - %ProgramFiles%\Internet Explorer\iexplore.exe - C:\adobeupdate.dll - 1ECAEDB5A4B0EA7DE7C6F0E053968422 - 96256 bytes - attr: [] - PE
Process Created - %ProgramFiles%\Internet Explorer\iexplore.exe - C:\WINDOWS\system32\regsvr32.exe - Microsoft Corporation - DA9623D7E0CA24DD3E08523287E05A4C - 12288 bytes
Connection Established - C:\WINDOWS\system32\regsvr32.exe - TCP - 67.210.105.166 - 80
Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 64.4.52.169 - 80

Random Posts

Previous Posts