URL: | https://slack-redir.net/link?url=https%3A%2F%2Fsway.office.com%2FUrr4itVOpnlJWsO9%3Fref%3DLink&v=3 |
Full analysis: | https://app.any.run/tasks/1fed958b-97ec-48b2-9021-abec07062f4f |
Verdict: | Malicious activity |
Analysis date: | March 30, 2020, 20:09:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 72EF848BC0951AD605446EDDCE2C95EC |
SHA1: | 0D73BA0F5000C6EAB9171EB593A42760544BEECF |
SHA256: | 077C2FC3B8D32F6C00A62E57AA9602CC845B97E6FB0F06701A3C2010BE56CAC8 |
SSDEEP: | 3:N8EvnVtMWXJIVHWCXjup33VTqxkWh7:2EsQJI3zup3lUki |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3000 | "C:\Program Files\Internet Explorer\iexplore.exe" https://slack-redir.net/link?url=https%3A%2F%2Fsway.office.com%2FUrr4itVOpnlJWsO9%3Fref%3DLink&v=3 | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2760 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3000 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2952 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3000 CREDAT:1250569 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2760 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab7E40.tmp | — | |
MD5:— | SHA256:— | |||
2760 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar7E51.tmp | — | |
MD5:— | SHA256:— | |||
3000 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | der | |
MD5:700A54D75CDDC961396748DCF3FE09D5 | SHA256:D81316CF23E6B61DFF1FAB187E0C20EB25089C8A3E5F7A902DC2B37782178DC2 | |||
2760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203 | binary | |
MD5:AED35E2D33E0F025606C987BD223F39E | SHA256:245A83CC9AEA8E725C41756EF2B94D59CBBA234A8296C98EB96E83F27A8ED80B | |||
2760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E11E75149C17A93653DA7DC0B8CF53F_C59E83AB1382839BEDB8131DFEE3F987 | der | |
MD5:D74521696B6CA33EBFC5B3829F20305D | SHA256:7A6D7539BDAAEB9AD86B65A7921B918B1F4C4320E6E2FDBC79D5357117EC0245 | |||
2760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E11E75149C17A93653DA7DC0B8CF53F_C59E83AB1382839BEDB8131DFEE3F987 | binary | |
MD5:4B0AA2BAC13D1114C67A6E2982BC0F1D | SHA256:59FCB078CA3DFC0DFDA315CFAE39761CD3767FD849DCCE43CE1F5A6ECA7BCDA2 | |||
2760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203 | der | |
MD5:B211134DC2B559A0A8FDD5600FCA0662 | SHA256:471E7C400B878CF174F3D1E67CFBFF5B099378A6EAA8E4E5E346E7D6B681981E | |||
2760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | binary | |
MD5:236A97416E429DBD63F2DD0F3BBB0581 | SHA256:693D39055AFD0E337891F06803D8CD95D162FA1DF32BD9EDC7D14E1049B4689C | |||
2760 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\link[1].htm | html | |
MD5:FDF3E9690B8DB04D9654BEBA918BE623 | SHA256:BEA0F55F9DBF98A9B5C51554204CD37C6EBACD317FA5FF38A1965D2A8454E2B3 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
2760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEA8cFUXPg%2FEo3yttRppzIeE%3D | US | der | 471 b | whitelisted |
2760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D | US | der | 1.47 Kb | whitelisted |
2760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D | US | der | 1.47 Kb | whitelisted |
2760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
2760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D | US | der | 1.47 Kb | whitelisted |
2760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D | US | der | 1.47 Kb | whitelisted |
2760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEA8cFUXPg%2FEo3yttRppzIeE%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3000 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2760 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2760 | iexplore.exe | 18.210.141.73:443 | slack-redir.net | — | US | unknown |
3000 | iexplore.exe | 3.218.47.163:443 | slack-redir.net | — | US | suspicious |
2760 | iexplore.exe | 52.109.12.50:443 | sway.office.com | Microsoft Corporation | US | whitelisted |
2760 | iexplore.exe | 23.77.209.169:443 | eus-www.sway-cdn.com | Akamai International B.V. | NL | unknown |
3000 | iexplore.exe | 23.77.209.169:443 | eus-www.sway-cdn.com | Akamai International B.V. | NL | unknown |
2760 | iexplore.exe | 95.101.185.171:443 | uhf.microsoft.com | CW Vodafone Group PLC | — | unknown |
2952 | iexplore.exe | 162.241.140.249:443 | greenwoodsa.com | CyrusOne LLC | US | suspicious |
2952 | iexplore.exe | 162.241.140.249:80 | greenwoodsa.com | CyrusOne LLC | US | suspicious |
Domain | IP | Reputation |
---|---|---|
slack-redir.net |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
sway.office.com |
| whitelisted |
eus-www.sway-cdn.com |
| whitelisted |
uhf.microsoft.com |
| whitelisted |
www.sway-cdn.com |
| whitelisted |
greenwoodsa.com |
| suspicious |
isrg.trustid.ocsp.identrust.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2952 | iexplore.exe | Potentially Bad Traffic | ET CURRENT_EVENTS Microsoft Account Phishing Landing 2018-08-07 |