URL: | https://scanningllc.com/ |
Full analysis: | https://app.any.run/tasks/151eb705-2431-4481-8b7e-e7cc8b06f5e1 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 20:59:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | FABE88CE10AC30BEC3015F51613403D6 |
SHA1: | 2F5EEE6C088C8DA550001BF0DBE902BABD989E96 |
SHA256: | 0538F915837AD7FA4421AAAC7A3792D6C76266403DBF3E49DBDDD1C6CF4A738D |
SSDEEP: | 3:N8LiLML1LRn:2+4RLR |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2228 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://scanningllc.com/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3360 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2228 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2228 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:B6591E088C992589C3D92F866FDE8C5A | SHA256:B3163D5BCA9F4502C2E635A842F30ECACFE8BCDF38DC660B36BCA5A48F8D45A1 | |||
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\script[1].js | text | |
MD5:2B2A724416EB7618BB566BD3DF5D6502 | SHA256:C0357C71BF75EAD4CFDAD78939DA05ABD48DCD389AEB3CD8B69C34525DB18BB1 | |||
3360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 | der | |
MD5:BB0FB84654DDA3A617C4E69D9869C130 | SHA256:8B5B9D33A867771B958447C123A27FF27BC86D7A9FF7881B3B1A4749C14E51AC | |||
3360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9BACBE88C1F77CA57FC7F7163F938F54_8B0504C34252805BFEE11A457C549173 | der | |
MD5:CE632093724060558B2D075B7EE7D252 | SHA256:A4064AD334094F277D13592185E7D351322A2DF722FE1C245C8E7A601B7C5D11 | |||
3360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | binary | |
MD5:68BBF1F52D4D10A70381139DF6A42542 | SHA256:2E549B7D57AE0BAF17B482EF47D80D08FD4A3DA95687C5E83CDACD45CEF3C0D4 | |||
3360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | der | |
MD5:84AAEEF303C3231C7D4E0582E4755A4E | SHA256:D855D9F79F07EF0E52E835FAF50BE482AD314A0D4D660066595AB160CF785F93 | |||
3360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 | binary | |
MD5:EFC602B80D500A2D64DC4D3F97449779 | SHA256:68457F7663AFFF2A4D2A6CFFDEF2B241E4873F7A89AADCD5658A7982894BB58A | |||
3360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\script[1].js | text | |
MD5:904306C866DC12C698B22114C61A3EC4 | SHA256:C045EA12865971982D57D59712ACDA2994BA2147B0A3D78C60D5E6FF78A556DD | |||
3360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562 | binary | |
MD5:24146276BD45C8E8C9A9171D9CA7B313 | SHA256:D239912C519E862BBED8F361DF2DBE43DE0714438537D6A81E39569636DA3AC1 | |||
2228 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:7BAAD69A1E4A185D26772D5CEA89883B | SHA256:9AAD25997A888723957F45075B9C48D6CA3C48E1419D4205F76799F94FA5FB15 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2228 | iexplore.exe | GET | 200 | 8.253.207.120:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4a6aad859aa2dab4 | US | compressed | 4.70 Kb | whitelisted |
2228 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
3360 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.godaddy.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCQDbCOkjgNCciQ%3D%3D | US | der | 1.74 Kb | whitelisted |
3360 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
2228 | iexplore.exe | GET | 200 | 67.27.157.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c115194f302924bf | US | compressed | 4.70 Kb | whitelisted |
3360 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.starfieldtech.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA%3D%3D | US | der | 1.70 Kb | whitelisted |
3360 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.starfieldtech.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D | US | der | 1.74 Kb | whitelisted |
2228 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2228 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3360 | iexplore.exe | 160.153.136.3:443 | scanningllc.com | GoDaddy.com, LLC | US | malicious |
2228 | iexplore.exe | 67.27.157.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3360 | iexplore.exe | 192.124.249.23:80 | ocsp.godaddy.com | Sucuri | US | suspicious |
3360 | iexplore.exe | 104.104.52.81:443 | img1.wsimg.com | Akamai Technologies, Inc. | US | unknown |
2228 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2228 | iexplore.exe | 8.253.207.120:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | malicious |
2228 | iexplore.exe | 160.153.136.3:443 | scanningllc.com | GoDaddy.com, LLC | US | malicious |
2228 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 160.153.136.3:443 | scanningllc.com | GoDaddy.com, LLC | US | malicious |
Domain | IP | Reputation |
---|---|---|
scanningllc.com |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |
img1.wsimg.com |
| whitelisted |
ocsp.starfieldtech.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |