URL: | https://hidrive.ionos.com/share/6jfe.gdsco |
Full analysis: | https://app.any.run/tasks/ac9de66a-5d19-4a21-9924-3966498e02fb |
Verdict: | Malicious activity |
Analysis date: | December 06, 2022, 02:43:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 64AF7FDA089158A9E45EB7926315C1BA |
SHA1: | 751C69341607283E84394E05043372051C7A3EE6 |
SHA256: | 0249B216332E5B4A0238F50C53569F6E244B9903C344157BDCD527C1F866C16C |
SSDEEP: | 3:N8whMTAJyKmNCfALr:2whMTiyKmNIY |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2800 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://hidrive.ionos.com/share/6jfe.gdsco" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2972 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2800 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3272 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 83.0 Modules
| |||||||||||||||
3244 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | ||||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 83.0 Modules
| |||||||||||||||
2756 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.0.1022103905\112773986" -parentBuildID 20201112153044 -prefsHandle 1116 -prefMapHandle 908 -prefsLen 1 -prefMapSize 238726 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 1200 gpu | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 83.0 Modules
| |||||||||||||||
3424 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.6.904269341\1887590794" -childID 1 -isForBrowser -prefsHandle 4420 -prefMapHandle 4416 -prefsLen 245 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 4432 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 83.0 Modules
| |||||||||||||||
1760 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.13.893578151\408090212" -childID 2 -isForBrowser -prefsHandle 2772 -prefMapHandle 2768 -prefsLen 6644 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 2664 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 83.0 Modules
| |||||||||||||||
560 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.20.307675642\69405161" -childID 3 -isForBrowser -prefsHandle 1696 -prefMapHandle 2680 -prefsLen 7470 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 1948 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 83.0 Modules
| |||||||||||||||
556 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.21.636924495\1245508781" -childID 4 -isForBrowser -prefsHandle 1968 -prefMapHandle 1952 -prefsLen 7470 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 1852 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 83.0 Modules
| |||||||||||||||
3936 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3244.34.1915723525\2004123509" -childID 5 -isForBrowser -prefsHandle 3192 -prefMapHandle 3772 -prefsLen 8051 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3244 "\\.\pipe\gecko-crash-server-pipe.3244" 3720 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 83.0 Modules
|
(PID) Process: | (2800) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2800) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (2800) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 31000860 | |||
(PID) Process: | (2800) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (2800) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 31000860 | |||
(PID) Process: | (2800) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2800) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2800) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2800) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2800) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2972 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C | der | |
MD5:3F9C67B7D7AE608452C63CD881F5DC2F | SHA256:7E16184543895B302D63326C26769A7F1964D960065271167C7D541EAC95A54B | |||
2800 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:503AD061073A29CEE4CB12D552F6A5B3 | SHA256:D2A97423F8B71CA1DAAC39F8A037DCA022303C1ADFBD49995EFF3B36AFFF33F9 | |||
2972 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C | binary | |
MD5:8320634D9FD08E2BB7EE80CAE6EF7E45 | SHA256:99999396A31EF2082E96F46C06F2CA30C8404D1F7201A09C957DC20AD44B8213 | |||
2800 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:F70374BBAE293F408CCEBDD5E26B90A5 | SHA256:35B040B4EB2A7ED44368A4F1318F3535CBA24CE3B0E35DE7AA5E68256A6F7904 | |||
2800 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | binary | |
MD5:1FF600DCA6075F42F1FBF1837A573117 | SHA256:E85BB4987A830F9C2D95F36F536C45EFF41BF0D4D89A5EF245FFE21BC5593AD6 | |||
2972 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_43880EDEF15B5A20B88889CE602E76F4 | binary | |
MD5:AE2B627A94C0183DF23F904E82599F9C | SHA256:7F2FCD55758E58D23D7EDE628D0226A0A9BF5C6375E5FADE9BBDCBDC0EBC4EDF | |||
2972 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\hdshare-vendor.4aa5838acfa2853a118f[1].js | text | |
MD5:931F32C863F62A9CEDAF45EFF771EE87 | SHA256:1A948456F3CA1D481FA0296A68679B7ADEE9EDABFEE24EC063D6B5CC757F55C6 | |||
2972 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4344B8AF97AF3A423D9EE52899963CDE_43880EDEF15B5A20B88889CE602E76F4 | der | |
MD5:76CC2D9805A2E8721AA8FFC93B10ACBD | SHA256:BDFB8816E626D1E9031C21023510DA0CDD5484C20AE932360796D6A7C5F65252 | |||
2972 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\bootstrap.6ec2e6eec5d93c72ff3d[1].js | text | |
MD5:88623A71D1EBDF0A845C64B9BD5BF7FD | SHA256:2CD7E3B13B07515AD4EA0C9D7F0864A134A25F15A39085038DC3E055451F3BAC | |||
2972 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\hdshare-images.35fda89710fc92754dd1[1].js | text | |
MD5:6FB1F2C40A38EB730E7C775773D1EA70 | SHA256:E7AA77651162B619BD136297FF13FA87A903177CA830C29CAE2F57268717AE16 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2972 | iexplore.exe | GET | 304 | 8.248.117.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1b946f80c2af1f78 | US | — | — | whitelisted |
2800 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
2800 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3244 | firefox.exe | POST | 200 | 184.24.77.54:80 | http://r3.o.lencr.org/ | US | der | 503 b | shared |
2972 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAxWUwVuyJybTQKjYvP7E2M%3D | US | der | 471 b | whitelisted |
3244 | firefox.exe | POST | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gts1c3 | US | der | 472 b | whitelisted |
3244 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2800 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
3244 | firefox.exe | GET | 200 | 34.107.221.82:80 | http://detectportal.firefox.com/success.txt?ipv4 | US | text | 8 b | whitelisted |
3244 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://status.geotrust.com/ | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2800 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
2800 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
2972 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
2972 | iexplore.exe | 85.214.3.95:443 | hidrive.ionos.com | Strato AG | DE | suspicious |
2800 | iexplore.exe | 178.79.242.0:80 | ctldl.windowsupdate.com | LLNW | DE | whitelisted |
2972 | iexplore.exe | 8.248.117.254:80 | ctldl.windowsupdate.com | LEVEL3 | US | malicious |
2800 | iexplore.exe | 85.214.3.95:443 | hidrive.ionos.com | Strato AG | DE | suspicious |
2800 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | EDGECAST | US | whitelisted |
3244 | firefox.exe | 34.107.221.82:80 | detectportal.firefox.com | GOOGLE | US | whitelisted |
— | — | 152.199.19.161:443 | iecvlist.microsoft.com | EDGECAST | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
status.geotrust.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
detectportal.firefox.com |
| whitelisted |
prod.detectportal.prod.cloudops.mozgcp.net |
| whitelisted |
example.org |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3244 | firefox.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
3244 | firefox.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
2736 | opera.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2736 | opera.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2736 | opera.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2736 | opera.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2736 | opera.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2736 | opera.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2736 | opera.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3228 | firefox.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |