URL: | http://www.giftsbymint.com/ |
Full analysis: | https://app.any.run/tasks/c3d17731-626a-4a36-a382-a353f3e47594 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 12:19:49 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 992BBCFAC9A461525D2686DE4CE17601 |
SHA1: | A8DEFC6446D8FE9458D8B323C996223BC9A714E2 |
SHA256: | 01BBC4CE188C9CFCF988057EE23C0340B5763FF9F26E2BEC8F0390F8F310555A |
SSDEEP: | 3:N1KJS4VWZMP3:Cc4sG3 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2472 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.giftsbymint.com/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3212 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2472 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3212 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab713F.tmp | compressed | |
MD5:308336E7F515478969B24C13DED11EDE | SHA256:889B832323726A9F10AD03F85562048FDCFE20C9FF6F9D37412CF477B4E92FF9 | |||
3212 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:308336E7F515478969B24C13DED11EDE | SHA256:889B832323726A9F10AD03F85562048FDCFE20C9FF6F9D37412CF477B4E92FF9 | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab7141.tmp | compressed | |
MD5:308336E7F515478969B24C13DED11EDE | SHA256:889B832323726A9F10AD03F85562048FDCFE20C9FF6F9D37412CF477B4E92FF9 | |||
3212 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3A3D981CCFD57556F1B1696917031403 | binary | |
MD5:A5C20BE163368A30E1CFB3E17516FA8F | SHA256:DFE8E2FFBF44763ADF3479FDE226DBFDF898EB2FA4183AD8369F07C9A42A78B8 | |||
3212 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:C87C10213F8090EE08699ADD6B3A4E62 | SHA256:5C07EEDD0382B82C9EB5480651D87CE6C41B886F220DFE73BEDF781DDC278B07 | |||
2472 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3L7S90Z5.txt | text | |
MD5:130A21693143F1693052ECACDE4D52EE | SHA256:09C7B618E140FE5A24AD7D9117809DA7AA2178E4F341760D0FA89EA936029868 | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\97PIX31W.txt | text | |
MD5:CFDC3F4173FB59B2599F92271035BED2 | SHA256:75CBE062ED7C3E5E7018C4582ADDF43AA0F59F9DD46BD649456860C2D812E2C6 | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar7140.tmp | cat | |
MD5:2D8A5090656DE9FB55DD0F3BA20F9299 | SHA256:44AE1E61A4E6305C15AAA52FD1B29DDB060E69233703CBA611F5E781D766442E | |||
3212 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:E0A4D063DD81AB085EEF0F8CA7F1414E | SHA256:2F6CBB26107BC7165FC52FFEF51A81D0E9C72B9F61AC965C6DD97D52BB26148E |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3212 | iexplore.exe | GET | 301 | 23.227.38.74:80 | http://www.giftsbymint.com/ | CA | html | 90 b | malicious |
3212 | iexplore.exe | GET | 200 | 67.26.137.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e23a1cf438697d91 | US | compressed | 4.70 Kb | whitelisted |
3212 | iexplore.exe | GET | 200 | 96.16.145.230:80 | http://x1.c.lencr.org/ | US | der | 717 b | whitelisted |
3212 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
3212 | iexplore.exe | GET | 200 | 192.124.249.24:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
2472 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3212 | iexplore.exe | GET | 200 | 143.204.101.78:80 | http://s.ss2.us/r.crl | US | der | 434 b | whitelisted |
3212 | iexplore.exe | GET | 200 | 67.26.137.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c2ead0a9a167a904 | US | compressed | 60.0 Kb | whitelisted |
3212 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://crl.pki.goog/gtsr1/gtsr1.crl | US | der | 760 b | whitelisted |
3212 | iexplore.exe | GET | 200 | 184.24.77.73:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNG1TDWa3qeGCcmKCAXw9BQUA%3D%3D | US | der | 503 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3212 | iexplore.exe | 67.26.137.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | malicious |
3212 | iexplore.exe | 23.227.38.65:443 | giftsbymint.com | Shopify, Inc. | CA | malicious |
3212 | iexplore.exe | 104.16.255.71:443 | cdn.shopify.com | Cloudflare Inc | US | unknown |
3212 | iexplore.exe | 96.16.145.230:80 | x1.c.lencr.org | Akamai Technologies, Inc. | US | suspicious |
2472 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2472 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3212 | iexplore.exe | 23.227.38.74:80 | www.giftsbymint.com | Shopify, Inc. | CA | malicious |
3212 | iexplore.exe | 184.24.77.73:80 | r3.o.lencr.org | Time Warner Cable Internet LLC | US | unknown |
3212 | iexplore.exe | 142.250.185.104:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
3212 | iexplore.exe | 143.204.89.2:443 | d3hw6dc1ow8pp2.cloudfront.net | — | US | malicious |
Domain | IP | Reputation |
---|---|---|
www.microsoft.com |
| whitelisted |
www.giftsbymint.com |
| malicious |
giftsbymint.com |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |
ocsp.digicert.com |
| whitelisted |
dns.msftncsi.com |
| shared |