URL: | https://google.com |
Full analysis: | https://app.any.run/tasks/13c2dd21-b9ea-4058-8162-7710c7bac224 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 17:48:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 99999EBCFDB78DF077AD2727FD00969F |
SHA1: | 72FE95C5576EC634E214814A32AB785568EDA76A |
SHA256: | 05046F26C83E8C88B3DDAB2EAB63D0D16224AC1E564535FC75CDCEEE47A0938D |
SSDEEP: | 3:N8r3uK:2LuK |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3476 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://google.com" | C:\Program Files\Internet Explorer\iexplore.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3468 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3476 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3400 | "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe" | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell ISE Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) | ||||
2396 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | — | PowerShell_ISE.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Pen and Touch Input Component Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3956 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | PowerShell_ISE.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Pen and Touch Input Component Exit code: 24 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2596 | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | PowerShell_ISE.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) |
(PID) Process: | (3476) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (3476) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (3476) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30977651 | |||
(PID) Process: | (3476) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (3476) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30977651 | |||
(PID) Process: | (3476) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3476) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3476) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3476) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (3476) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF667AC59A55344132.TMP | gmc | |
MD5:F9C679073C0233509DC3420CC4CCBA46 | SHA256:42DFE267C9B0E8A8EAF617F386EE095B5BDF63FF80FAC7DD9296A92987719669 | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF7FA4373A8FDD253A.TMP | gmc | |
MD5:4D26B6F52F25DA05010052DBF4F75069 | SHA256:D22308ECBD1218A02B9BDDD75FA033FCEA99D29E46FEDD4E64DD416278C36811 | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FD445F3B-1A66-11ED-8C90-12A9866C77DE}.dat | binary | |
MD5:DC5BF33A0F7A8FF69E7B773A669A2461 | SHA256:0EA1FCE3722704B20419FB9A7902A333986677A7A3871E523CF3AFFF45A817AB | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF7EDF1AF81EB33E4F.TMP | gmc | |
MD5:23FB53754414D266C61651FF64D6D3BB | SHA256:5B016641F77BE740EE12C747936EABBA22C6E29111FA093BE51F82EF5AD9F066 | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFFBA89F9C298B970C.TMP | gmc | |
MD5:5EB43844238B0EE91F3328E4B4347F51 | SHA256:BF26FCD010CAF4CA98A69105FA86041413D074204916AC74BE45C421E323F05E | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{FD445F3E-1A66-11ED-8C90-12A9866C77DE}.dat | binary | |
MD5:6F22A5EB285306B0D02D92D7003AF9E3 | SHA256:653FE729A218ECDD49A19F42CFE33550DA526C0346229B519084B05535CE1EDD | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{FD445F3D-1A66-11ED-8C90-12A9866C77DE}.dat | binary | |
MD5:BFC86EDC264DE878B9C9A248422CF937 | SHA256:5F70A7B5BB4B91C5AE24674AB61719C6F16A21D4239B1A8B4B0AFD800229C244 | |||
3400 | PowerShell_ISE.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache | binary | |
MD5:6CCB2ABD27741AB032EFA176D38CAB9D | SHA256:195A5D3334D395C844E96BD6B15C6879F10C6740154B939FD9D24B5D7B1F77E4 | |||
3476 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.dat | binary | |
MD5:A77AB9EC4664D5E095DC871C100CCA85 | SHA256:8276974485CCECAB0079FBB6E509238DD3A3191732C0AAD373934DD7C2A9414D | |||
3400 | PowerShell_ISE.exe | C:\Users\admin\AppData\Local\Temp\0xitewsb.0uz.ps1 | binary | |
MD5:C4CA4238A0B923820DCC509A6F75849B | SHA256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3468 | iexplore.exe | 172.217.16.142:443 | google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
google.com |
| whitelisted |