Networking
HTTP traffic contains suspicious features which may be indicative of malware related traffic Show sources
| network_anomaly | HTTP traffic contains a POST request with no referer header |
| network_anomaly | http://ocsp.int-x3.letsencrypt.org/ |
| network_anomaly | http://ocsp.digicert.com/ |
| network_anomaly | http://www.crusharcade.com/ |
| network_anomaly | http://www.crusharcade.com/themes/common/content/css/style.css |
| network_anomaly | http://www.crusharcade.com/favicon/favicon.ico |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/7/895/screenshot/0000017895_s1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/067/screenshot/0000018067_s1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/0/0/915/screenshot/0000000915_s1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/047/screenshot/0000018047_s1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/063/screenshot/0000018063_s1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/0/2/811/screenshot/0000002811_s1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/041/screenshot/0000018041_s1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/250/screenshot/0000018250_s1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/544/image/0000018544_i1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/527/image/0000018527_i1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/525/image/0000018525_i1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/555/image/0000018555_i1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/549/image/0000018549_i1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/543/image/0000018543_i1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/545/image/0000018545_i1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/526/image/0000018526_i1.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/524/image/0000018524_i1.jpg |
| network_anomaly | http://web2.hostingcdn.com/gsg/css/bootstrap.min.css |
| network_anomaly | http://web2.hostingcdn.com/gsg/css/ie10-viewport-bug-workaround.css |
| network_anomaly | http://web2.hostingcdn.com/cprmjaa/css/template.css?a=2 |
| network_anomaly | http://web2.hostingcdn.com/cprmjaa/img/logo.png |
| network_anomaly | http://web2.hostingcdn.com/gsg/js/js.cookie.js |
| network_anomaly | http://web2.hostingcdn.com/gsg/js/bootstrap.min.js |
| network_anomaly | http://web2.hostingcdn.com/gsg/js/jquery-1.12.1.min.js |
| network_anomaly | http://web2.hostingcdn.com/gsg/js/main.js |
| network_anomaly | http://web2.hostingcdn.com/gsg/js/ie10-viewport-bug-workaround.js |
| network_anomaly | http://tt.crusharcade.com/sitecmn |
| network_anomaly | http://ocsp.comodoca.com/ |
| network_anomaly | http://clients1.google.com/ocsp |
| network_anomaly | http://web2.hostingcdn.com/cprmjaa/img/header_bg.jpg |
| network_anomaly | http://tt.crusharcade.com/gmbn?sid=crusharcade&size=300x250 |
| network_anomaly | http://tt.crusharcade.com/gmbn?sid=crusharcade&size=728x90 |
| network_anomaly | http://tt.crusharcade.com/com?p=YTI5MTQyMDQ3MDUvw0KS6q8GH7eyKloa%2Flm8aZKb8yFLGqwWthvQcnCrDxOUIvDO6pdyC9fERycFam%2BaWXr2Oh6ZSPh5rf9ZkRMa14IK29rxgIWpnyvrKK%2FWBBZmMB7%2FbI%2FSWexFwoEHr%2BFUcr5C1WxotEI6gbKwf%2B8I6Uz%2BIIj5a%2Bo%3D&d=0 |
| network_anomaly | http://www.crusharcade.com/themes/common/content/img/sign-up-button-bg.png |
| network_anomaly | http://www.crusharcade.com/themes/common/content/img/sign-up-button-star-bg.png |
| network_anomaly | http://web2.hostingcdn.com/cprmjaa/img/sunburst.png |
| network_anomaly | http://web2.hostingcdn.com/cprmjaa/img/fade2.png |
| network_anomaly | http://web2.hostingcdn.com/gsg/fonts/glyphicons-halflings-regular.woff2 |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/7/736/screenshot/0000017736_s4.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/7/904/screenshot/0000017904_s4.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/250/screenshot/0000018250_s4.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/7/895/screenshot/0000017895_s4.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/041/screenshot/0000018041_s4.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/0/0/078/screenshot/0000000078_s4.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/0/0/068/screenshot/0000000068_s4.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/0/0/090/screenshot/0000000090_s4.jpg |
| network_anomaly | http://web3.hostingcdn.com/content/files/1/8/323/screenshot/0000018323_s4.jpg |
| network_anomaly | http://fagc.crusharcade.com/piwik/piwik.js |
| network_anomaly | http://static.cmptch.com/v/lib/u.js?1517926463 |
| network_anomaly | http://static.cmptch.com/v/lib/s.js?1517926463 |
| network_anomaly | http://ocsp.pki.goog/GTSGIAG3 |
| network_anomaly | http://static.cmptch.com/v/lib/tr.js?1517926463 |
| network_anomaly | http://static.cmptch.com/v/lib/pmjson.js?1517926463 |
| network_anomaly | http://static.cmptch.com/v/lib/ablk.js?p=1&banner_id=24 |
| network_anomaly | http://static.cmptch.com/v/lib/style.css?1517926463 |
| network_anomaly | http://static.cmptch.com/v/lib/md.js?1517926463 |
| network_anomaly | http://fagc.crusharcade.com/piwik/piwik.php?action_name=CrushArcade%20-%20Explosively%20fun%20games!%20Blast%20into%20action%20games%2C%20arcade%20games%2C%20strategy%20games%20and%20more!&idsite=54&rec=1&r=923070&h=2&m=46&s=50&url=http%3A%2F%2Fwww.crusharcade.com%2F&_id=de887e4c39544e2b&_idts=1520902011&_idvc=1&_idn=0&_refts=0&_viewts=1520902011&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=1&java=1&gears=0&ag=0&cookie=1&res=800x600>_ms=265&pv_id=6OYOJ3 |
| network_anomaly | http://ocsp.godaddy.com/ |
| network_anomaly | http://partners.cmptch.com/cks?p=YTM1NTMxNzU5MjB43Hc81pthuXs9sXMpOETAGvzRWry462HfoeWzp9pU2V%2F0YSLYVfI98eNYM0Y767vHN92RcwxWTq3z7vOo4serp5TLsqhGLj0%3D |
Performs some HTTP requests Show sources
| network_url | http://d1.crusharcade.com/partners/1082/?options=YTMzMTUxNDU3NzV43Hc81pthuSBzThYc%2BTIMTdKxlTn6axvev%2FqUUWsVpVJS1kOqGuVCGEhPTuQvQ5cEb2ZPOqLA0CAPkQt3E%2Bkv |
| network_url | http://crusharcade.com/ca/ract?s=4OLc9bCts62wsLa3%2F%2BTuwtHgs%2FDVxtfqzOjw%2BcfRwMHL%2F7C0xre3wrC1x8bFusG0u%2F%2FFwsrPxsf%2F0Nfc19PHx8zUzcXCys%2F%2F |
| network_url | http://crusharcade.com/ca/thankyou?s=5O7C0eCz8NXG1%2BrM6PD5x9HAwcv%2FsLTGt7fCsLXHxsW6wbS7%2F8XCys%2FGxw%3D%3D |
| network_url | http://ocsp.int-x3.letsencrypt.org/ |
| network_url | http://ocsp.digicert.com/ |
| network_url | http://www.crusharcade.com/ |
| network_url | http://www.crusharcade.com/themes/common/content/css/style.css |
| network_url | http://www.crusharcade.com/favicon/favicon.ico |
| network_url | http://web3.hostingcdn.com/content/files/1/7/895/screenshot/0000017895_s1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/067/screenshot/0000018067_s1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/0/0/915/screenshot/0000000915_s1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/047/screenshot/0000018047_s1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/063/screenshot/0000018063_s1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/0/2/811/screenshot/0000002811_s1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/041/screenshot/0000018041_s1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/250/screenshot/0000018250_s1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/544/image/0000018544_i1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/527/image/0000018527_i1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/525/image/0000018525_i1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/555/image/0000018555_i1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/549/image/0000018549_i1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/543/image/0000018543_i1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/545/image/0000018545_i1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/526/image/0000018526_i1.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/524/image/0000018524_i1.jpg |
| network_url | http://web2.hostingcdn.com/gsg/css/bootstrap.min.css |
| network_url | http://web2.hostingcdn.com/gsg/css/ie10-viewport-bug-workaround.css |
| network_url | http://web2.hostingcdn.com/cprmjaa/css/template.css?a=2 |
| network_url | http://web2.hostingcdn.com/cprmjaa/img/logo.png |
| network_url | http://web2.hostingcdn.com/gsg/js/js.cookie.js |
| network_url | http://web2.hostingcdn.com/gsg/js/bootstrap.min.js |
| network_url | http://web2.hostingcdn.com/gsg/js/jquery-1.12.1.min.js |
| network_url | http://web2.hostingcdn.com/gsg/js/main.js |
| network_url | http://web2.hostingcdn.com/gsg/js/ie10-viewport-bug-workaround.js |
| network_url | http://tt.crusharcade.com/sitecmn |
| network_url | http://ocsp.comodoca.com/ |
| network_url | http://clients1.google.com/ocsp |
| network_url | http://web2.hostingcdn.com/cprmjaa/img/header_bg.jpg |
| network_url | http://tt.crusharcade.com/gmbn?sid=crusharcade&size=300x250 |
| network_url | http://tt.crusharcade.com/gmbn?sid=crusharcade&size=728x90 |
| network_url | http://tt.crusharcade.com/com?p=YTI5MTQyMDQ3MDUvw0KS6q8GH7eyKloa%2Flm8aZKb8yFLGqwWthvQcnCrDxOUIvDO6pdyC9fERycFam%2BaWXr2Oh6ZSPh5rf9ZkRMa14IK29rxgIWpnyvrKK%2FWBBZmMB7%2FbI%2FSWexFwoEHr%2BFUcr5C1WxotEI6gbKwf%2B8I6Uz%2BIIj5a%2Bo%3D&d=0 |
| network_url | http://www.crusharcade.com/themes/common/content/img/sign-up-button-bg.png |
| network_url | http://www.crusharcade.com/themes/common/content/img/sign-up-button-star-bg.png |
| network_url | http://web2.hostingcdn.com/cprmjaa/img/sunburst.png |
| network_url | http://web2.hostingcdn.com/cprmjaa/img/fade2.png |
| network_url | http://web2.hostingcdn.com/gsg/fonts/glyphicons-halflings-regular.woff2 |
| network_url | http://web3.hostingcdn.com/content/files/1/7/736/screenshot/0000017736_s4.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/7/904/screenshot/0000017904_s4.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/250/screenshot/0000018250_s4.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/7/895/screenshot/0000017895_s4.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/041/screenshot/0000018041_s4.jpg |
| network_url | http://web3.hostingcdn.com/content/files/0/0/078/screenshot/0000000078_s4.jpg |
| network_url | http://web3.hostingcdn.com/content/files/0/0/068/screenshot/0000000068_s4.jpg |
| network_url | http://web3.hostingcdn.com/content/files/0/0/090/screenshot/0000000090_s4.jpg |
| network_url | http://web3.hostingcdn.com/content/files/1/8/323/screenshot/0000018323_s4.jpg |
| network_url | http://fagc.crusharcade.com/piwik/piwik.js |
| network_url | http://static.cmptch.com/v/lib/u.js?1517926463 |
| network_url | http://static.cmptch.com/v/lib/s.js?1517926463 |
| network_url | http://ocsp.pki.goog/GTSGIAG3 |
| network_url | http://static.cmptch.com/v/lib/tr.js?1517926463 |
| network_url | http://static.cmptch.com/v/lib/pmjson.js?1517926463 |
| network_url | http://static.cmptch.com/v/lib/ablk.js?p=1&banner_id=24 |
| network_url | http://static.cmptch.com/v/lib/style.css?1517926463 |
| network_url | http://static.cmptch.com/v/lib/md.js?1517926463 |
| network_url | http://fagc.crusharcade.com/piwik/piwik.php?action_name=CrushArcade%20-%20Explosively%20fun%20games!%20Blast%20into%20action%20games%2C%20arcade%20games%2C%20strategy%20games%20and%20more!&idsite=54&rec=1&r=923070&h=2&m=46&s=50&url=http%3A%2F%2Fwww.crusharcade.com%2F&_id=de887e4c39544e2b&_idts=1520902011&_idvc=1&_idn=0&_refts=0&_viewts=1520902011&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=1&java=1&gears=0&ag=0&cookie=1&res=800x600>_ms=265&pv_id=6OYOJ3 |
| network_url | http://ocsp.godaddy.com/ |
| network_url | http://partners.cmptch.com/cks?p=YTM1NTMxNzU5MjB43Hc81pthuXs9sXMpOETAGvzRWry462HfoeWzp9pU2V%2F0YSLYVfI98eNYM0Y767vHN92RcwxWTq3z7vOo4serp5TLsqhGLj0%3D |
Network activity contains more than one unique useragent. Show sources
| Process | 402c20a6374a83c16e2b9c993cbf970c17713efc.exe |
| User-Agent | ca_v2.0.3354 |
| Process | 402c20a6374a83c16e2b9c993cbf970c17713efc.exe |
| User-Agent | ca_v3.0.3354 |
Malware Analysis System Evasion
A process attempted to delay the analysis task. Show sources
| api_process_name | 402c20a6374a83c16e2b9c993cbf970c17713efc.exe tried to sleep 301 seconds, actually delayed analysis time by 0 seconds |
Checks the CPU name from registry, possibly for anti-virtualization Show sources
| registry_read | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString |
Hooking and other Techniques for Hiding Protection
Creates RWX memory Show sources
| injection_rwx_memory | 0x00000040, NtAllocateVirtualMemory or VirtualProtectEx |