URL: | https://bit.ly/3znmeDY |
Full analysis: | https://app.any.run/tasks/9c32df76-a4a2-465a-ade6-082924f2b6f6 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 20:57:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 4B39399557FC2A1C490151E244C90DD5 |
SHA1: | E89ACF3CC6235D53F93B0FB3EDE28BBD90470DB9 |
SHA256: | 038B72D867E1FE4585F3FD3037CEC3AEBF4BAE1589D65CF5461E42EBD38756DF |
SSDEEP: | 3:N8kSjIV:2HIV |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
676 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://bit.ly/3znmeDY" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3132 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:676 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\3znmeDY[1].htm | html | |
MD5:E80330CB415D7B27E31DA419FCB29B64 | SHA256:A34CFB809329CB3DACCCDA24B29346EB2A6A9DA33BF8B581F827D941FA73E2C7 | |||
676 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:7D8FDA34E5FC1316EE71370E4EF82857 | SHA256:704909C3874A6C48FCD27CFF135152FDFAD18598914773C70BC10D38E981FAC9 | |||
676 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:18087D5E77A634F44D96714E4AC17A69 | SHA256:584E1B2EDED6719012C50944CAFB544AE4634CA4FB950908FAEE2383D1A2E247 | |||
3132 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF | binary | |
MD5:199732989BD62D43B1F9120A94E2CC43 | SHA256:B41C9AF78F9AF8D5FF684D18D114285C279A55F9126923877E316FF4783EC3E8 | |||
676 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:DD6E27997968DABBA417C93634C11C3E | SHA256:DDCC8B869C2AB6DAFA6F5983877130BAE4CAEAC141AA653D65220DCD6AB1F728 | |||
3132 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0270780F846F08BEFE0DD8112D932FEF | der | |
MD5:B8FB011D46BD8990B00C5E84B91AE94A | SHA256:008B7ACF4CA332789258F32168B8AD01CC3198782361AD2B865E725B49EAB1C4 | |||
3132 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | binary | |
MD5:4ED2A9AC6532D07005CBC5ECC1BD7793 | SHA256:484024B291F18A622996573ED3F870824F96A501589349F6EAA11F6D8C25ECAE | |||
3132 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | der | |
MD5:377F0621034125C7B5052E9B7A33AA4F | SHA256:39831141DA93CAF997E77D6C1AA88EBDE0400D4BB4476C2CD55BDB0C3A0962C9 | |||
676 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:EE87BB11E233C12009CC11725035DBDC | SHA256:D82930A5B051B3C3F1639C24E83BDDF41D5AA66E467A0944D1AC3D59AE6330C5 | |||
3132 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4D1ED785E3365DE6C966A82E99CCE8EA_BE51B43F9F95B8E556690D4EA2757FD1 | der | |
MD5:92E86D4AC09860E29EE6161870A1A226 | SHA256:520878A1D16FC85C66647E3FB25B2BA9C1DC4DB6B70092E40C77EC853F75CA68 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3132 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl | US | der | 592 b | whitelisted |
3132 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3132 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAoIoPYH8AScgXOj0yKW3ww%3D | US | der | 471 b | whitelisted |
3132 | iexplore.exe | GET | 200 | 142.250.185.131:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
3132 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
676 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
676 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3132 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCExeTrNqM4MK | US | der | 1.74 Kb | whitelisted |
676 | iexplore.exe | GET | 200 | 8.249.63.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?09e3987e4879c330 | US | compressed | 4.70 Kb | whitelisted |
676 | iexplore.exe | GET | 200 | 8.249.63.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2f858e4afebb5e2a | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
676 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
676 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3132 | iexplore.exe | 67.199.248.10:443 | bit.ly | Bitly Inc | US | shared |
3132 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3132 | iexplore.exe | 67.199.248.11:443 | bit.ly | Bitly Inc | US | shared |
676 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3132 | iexplore.exe | 182.50.135.102:443 | www.people-trainers.com | GoDaddy.com, LLC | SG | malicious |
3132 | iexplore.exe | 192.124.249.23:80 | ocsp.godaddy.com | Sucuri | US | suspicious |
3132 | iexplore.exe | 142.250.185.136:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
3132 | iexplore.exe | 173.201.249.4:443 | seal.godaddy.com | GoDaddy.com, LLC | US | unknown |
Domain | IP | Reputation |
---|---|---|
bit.ly |
| shared |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |
www.people-trainers.com |
| malicious |
ocsp.godaddy.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |