URL: | http://turiqeri.com/rnd/right?dvkn=cPmW1jL0LFhnFCc7Kb7Oyg%3D%3D |
Full analysis: | https://app.any.run/tasks/f6487ec9-ddb3-4756-a300-b9c95c8b4aa9 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 00:34:03 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 4E9D6021ACE37FB17689F848E254C9C1 |
SHA1: | 9E602CBD6D98A7066BE5A3079508D6AE9731C031 |
SHA256: | 07D3485BEA143D9CF5D81D36C1526AE2C8C29D3A9448EE6492E97D7CB397F637 |
SSDEEP: | 3:N1KKQlMDDhPUFxSqmmn:CKxlPUFUrm |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
312 | "C:\Program Files\Internet Explorer\iexplore.exe" http://turiqeri.com/rnd/right?dvkn=cPmW1jL0LFhnFCc7Kb7Oyg%3D%3D | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3980 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:312 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
312 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3980 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab87BD.tmp | — | |
MD5:— | SHA256:— | |||
3980 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar87BE.tmp | — | |
MD5:— | SHA256:— | |||
3980 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y813X83Y.txt | — | |
MD5:— | SHA256:— | |||
3980 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | binary | |
MD5:1091F045FDA3D5B156F132E7D4E19DB0 | SHA256:598C1872F5FDD14500044D8FF5EB20DA89AD020DE1CD7E9682519B8B8BDF0B49 | |||
3980 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\73CA7F9E42235FBD7B2CA06D0E081BB3 | der | |
MD5:682A2B1B395CCC9365CF88F575AFB1DA | SHA256:551164C8645451D56793B31B0E4378D291C1A622C4533B3D3C46DD957FD4652B | |||
3980 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\73CA7F9E42235FBD7B2CA06D0E081BB3 | binary | |
MD5:30AF17FD886D1412646A9B8A7107C813 | SHA256:5386BB20F8493E18847158F954B6C9B672BAA46F0CD9514C9CCB6370E634C6E6 | |||
3980 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B | binary | |
MD5:6603A584800BE009FD7693FB02C56F8A | SHA256:F4F7D8BD16F90D9DE10343A6376D385E1F18D0BE9C75D6D9F638F3B2914D7C9C | |||
3980 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCWXWH9H.txt | text | |
MD5:7B258953C9BA53561E469E693C2FFB81 | SHA256:587A0FD2F3AD97E1CE4450301F43B2AAA4242123814A988B7F909741DB2E66C1 | |||
3980 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | der | |
MD5:2DC1C15204061C19EA2B5276C32D328C | SHA256:9DC4632399A3DC0859ED4E9717A0120E71A415B3EDEF1FCBD3158045608B368F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3980 | iexplore.exe | GET | 302 | 188.225.75.54:80 | http://ccgmaining.life/adcashpop?acsc=150347700 | RU | — | — | whitelisted |
3980 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECED%2FswPQTH03snp%2B9Juy6YJ8%3D | US | der | 471 b | whitelisted |
3980 | iexplore.exe | GET | 200 | 188.225.38.88:80 | http://188.225.38.88/?NDI4NjEx&RHymJ&BUIXItY=disagree&VcmZg=mustard&t4gbvf4=m3W_PUtKbFXNFXihRCCeVFjyYdaVFlB_6n9hkmAnxDPiJbR-hGLUTp1u9CdUbI&vVobYw=professional&COj=border&emfFg=community&WHR=mustard&eic=community&abWrDfc=community&f54hhgs=wXfQMvXcJwDQA4bGMvrESLtDNknQA0KK2If2_dqyEoH9c2nihNzUSkr06B2aC&cUE=professional&XLcNG=filly&pnvsa=mustard&QwOm=professional&TAOpENjAzMjg= | RU | html | 41.3 Kb | suspicious |
3980 | iexplore.exe | GET | 302 | 54.88.48.137:80 | http://ranewita.com/0-gbjharodasfdenwsadg?adTagId=cc723620-61ea-11ea-87b2-0a71705c5345&cpm=0.05&fallbackUrl=https%3A%2F%2Fessipool.com%2Fdyn%2Fmai%2F247 | US | — | — | shared |
312 | iexplore.exe | GET | 200 | 188.225.38.88:80 | http://188.225.38.88/favicon.ico | RU | — | — | suspicious |
3980 | iexplore.exe | GET | 200 | 188.225.38.88:80 | http://188.225.38.88/?NDI4NjEx&RHymJ&BUIXItY=disagree&VcmZg=mustard&t4gbvf4=m3W_PUtKbFXNFXihRCCeVFjyYdaVFlB_6n9hkmAnxDPiJbR-hGLUTp1u9CdUbI&vVobYw=professional&COj=border&emfFg=community&WHR=mustard&eic=community&abWrDfc=community&f54hhgs=wXfQMvXcJwDQA4bGMvrESLtDNknQA0KK2If2_dqyEoH9c2nihNzUSkr06B2aC&cUE=professional&XLcNG=filly&pnvsa=mustard&QwOm=professional&TAOpENjAzMjg= | RU | html | 41.5 Kb | suspicious |
3980 | iexplore.exe | GET | 200 | 188.225.38.88:80 | http://188.225.38.88/?NDI4NjEx&RHymJ&BUIXItY=disagree&VcmZg=mustard&t4gbvf4=m3W_PUtKbFXNFXihRCCeVFjyYdaVFlB_6n9hkmAnxDPiJbR-hGLUTp1u9CdUbI&vVobYw=professional&COj=border&emfFg=community&WHR=mustard&eic=community&abWrDfc=community&f54hhgs=wXfQMvXcJwDQA4bGMvrESLtDNknQA0KK2If2_dqyEoH9c2nihNzUSkr06B2aC&cUE=professional&XLcNG=filly&pnvsa=mustard&QwOm=professional&TAOpENjAzMjg= | RU | html | 41.3 Kb | suspicious |
3980 | iexplore.exe | GET | 200 | 188.225.38.88:80 | http://188.225.38.88/?NDI4NjEx&RHymJ&BUIXItY=disagree&VcmZg=mustard&t4gbvf4=m3W_PUtKbFXNFXihRCCeVFjyYdaVFlB_6n9hkmAnxDPiJbR-hGLUTp1u9CdUbI&vVobYw=professional&COj=border&emfFg=community&WHR=mustard&eic=community&abWrDfc=community&f54hhgs=wXfQMvXcJwDQA4bGMvrESLtDNknQA0KK2If2_dqyEoH9c2nihNzUSkr06B2aC&cUE=professional&XLcNG=filly&pnvsa=mustard&QwOm=professional&TAOpENjAzMjg= | RU | html | 41.5 Kb | suspicious |
3980 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECED%2FswPQTH03snp%2B9Juy6YJ8%3D | US | der | 471 b | whitelisted |
312 | iexplore.exe | GET | 200 | 188.225.38.88:80 | http://188.225.38.88/favicon.ico | RU | — | — | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
312 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3980 | iexplore.exe | 151.139.128.14:80 | ocsp.usertrust.com | Highwinds Network Group, Inc. | US | suspicious |
3980 | iexplore.exe | 104.26.2.36:80 | turiqeri.com | Cloudflare Inc | US | unknown |
3980 | iexplore.exe | 35.190.43.140:443 | www.predictiondexchange.com | Google Inc. | US | whitelisted |
3980 | iexplore.exe | 54.88.48.137:80 | ranewita.com | Amazon.com, Inc. | US | malicious |
3980 | iexplore.exe | 188.225.75.54:80 | ccgmaining.life | TimeWeb Ltd. | RU | suspicious |
312 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3980 | iexplore.exe | 188.225.38.88:80 | — | TimeWeb Ltd. | RU | suspicious |
312 | iexplore.exe | 188.225.38.88:80 | — | TimeWeb Ltd. | RU | suspicious |
312 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
turiqeri.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ranewita.com |
| shared |
www.predictiondexchange.com |
| suspicious |
ocsp.usertrust.com |
| whitelisted |
ocsp.sectigo.com |
| whitelisted |
ccgmaining.life |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .life TLD |
3980 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to Suspicious *.life Domain |
3980 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
3980 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
3980 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
3980 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
3980 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
3980 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
3980 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
3980 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |