URL: | http://subscriberhelp.govdelivery.com |
Full analysis: | https://app.any.run/tasks/bfe80e8a-8b93-4128-b97e-d6fab4148cbd |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 20:53:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 8DA42EC14A747EDDE2088201B3B970A9 |
SHA1: | 737B5A9FD9F375E56D055B9E5ACCFA85BFA25335 |
SHA256: | 07D85B07395D471B5D47233465097519C370B8DDD86E745F4D5880574A49B303 |
SSDEEP: | 3:N1KNQHWGXaTTBhzGKI:CC2zTTBFGT |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3636 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://subscriberhelp.govdelivery.com" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2092 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3636 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2092 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C11083FD8BAD269CF864618FA59583AC_AB604FF73F022AED0290A83D85376B45 | binary | |
MD5:010FEA27C51B2155D34865B5FDA5AC1D | SHA256:553108B26D381F7531EF9D6B5C273969FE02F6479456AA4F02A14A3DD85C68BE | |||
2092 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C | binary | |
MD5:CE0078EF271D6CEC2DAC755BDB65DCB4 | SHA256:AC9C3F6288A52B77C1A262D30842DBFC973F5B1242E5D450B7CBFB78A4CF51C0 | |||
2092 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:CB68ABF4B41646E57F79E34CC1217A16 | SHA256:0E25203551C74C9D521964B6C324308B01718FC65E921D1064E9FF1FAA975CDA | |||
2092 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\resources[1].js | text | |
MD5:77AD2083DD917E15B0C5DB3C5B37C07E | SHA256:D4574D6C907CD9109D1942304C76E4ECF8A7CC88F7AE543CDECCA1625D4A6EED | |||
2092 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\aura_prod_compat[1].js | text | |
MD5:5BB8A5AC9CF296BF67169DA12DC9D22C | SHA256:44E61533210A8DF24BF227CC0DFF11608F4AEE8C795B4CB8E13D11415455920B | |||
2092 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C | der | |
MD5:CCC044025FA54059762B72178D6E2230 | SHA256:ACB9E5FAD10CB40F5F38A7A627AC2D25BDC4A62D3926F0A275E739584D7F793D | |||
2092 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\F0KTC6ME.txt | text | |
MD5:CF6831352BA5E7EC4F584327DA1C52F1 | SHA256:B72A8E25278C866934075159644EA97379860704E199FEE8BD9F29483D5EEF68 | |||
2092 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\s[1].htm | html | |
MD5:C03CA3DF5D2843C5F69E955FC4B8714E | SHA256:EEE0D76032C8C0391E374D080A5B191DBACA5F3444CF5EAC6BBCDBC2E55C625D | |||
2092 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C11083FD8BAD269CF864618FA59583AC_AB604FF73F022AED0290A83D85376B45 | der | |
MD5:B627FA5E531AA9B633908E6E0D7CF8C6 | SHA256:891CFF34E56E627DB6B1CE5E40FF190091951405D11A94200D7D2581AF265B49 | |||
2092 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\app[1].css | text | |
MD5:409B08142A4BC7EB84140B3980CDAF8E | SHA256:A09F133D7485610E0E03C69A88A28271BD4283330A33E43F5A4F2E518EF2A83C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2092 | iexplore.exe | GET | 301 | 209.134.144.139:80 | http://subscriberhelp.govdelivery.com/ | US | — | — | unknown |
3636 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
2092 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D | US | der | 471 b | whitelisted |
2092 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D | US | der | 471 b | whitelisted |
2092 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAIvMFtTDB3eRjMpJzrzQTM%3D | US | der | 471 b | whitelisted |
2092 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAc67gCMSnxmaxvaen6mCDM%3D | US | der | 471 b | whitelisted |
3636 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEArSciitnpC1JwE8DRiQlTU%3D | US | der | 471 b | whitelisted |
3636 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2092 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAvOYmhpfmrn98bflC66kUA%3D | US | der | 471 b | whitelisted |
3636 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3636 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
2092 | iexplore.exe | 85.222.140.13:443 | subscriberhelp.granicus.com | SALESFORCE | US | suspicious |
2092 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
2092 | iexplore.exe | 23.216.77.80:80 | ctldl.windowsupdate.com | Akamai International B.V. | DE | suspicious |
2092 | iexplore.exe | 209.134.144.139:80 | subscriberhelp.govdelivery.com | VISI-AS | US | unknown |
— | — | 85.222.140.13:443 | subscriberhelp.granicus.com | SALESFORCE | US | suspicious |
2092 | iexplore.exe | 13.225.78.35:443 | consent.trustarc.com | AMAZON-02 | US | suspicious |
3636 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
2092 | iexplore.exe | 136.147.103.198:443 | granicus--c.na47.content.force.com | SALESFORCE | US | unknown |
2092 | iexplore.exe | 13.110.59.145:443 | granicus--c.na149.content.force.com | SALESFORCE | US | unknown |
Domain | IP | Reputation |
---|---|---|
subscriberhelp.govdelivery.com |
| unknown |
subscriberhelp.granicus.com |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
consent.trustarc.com |
| shared |
granicus--c.na47.content.force.com |
| suspicious |
granicus--c.na149.content.force.com |
| unknown |
support.granicus.com |
| unknown |