URL: | http://feauhueudughuurk.top/ |
Full analysis: | https://app.any.run/tasks/34787bec-4301-413e-afa5-62f57dc43ff1 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 12:19:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | B24E951A86FBC4F8975B307198B349E9 |
SHA1: | 36257D876E0612E7023D87403478D275D2C147AE |
SHA256: | 087FE2C08DAC460EB96136D78E2AB747BADEFA8A41AA69BCBC4D33A566FAF688 |
SSDEEP: | 3:N1KYGCLdtg:CYGAU |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2520 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://feauhueudughuurk.top/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2920 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2520 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3016 | "C:\Program Files\Opera\opera.exe" | C:\Program Files\Opera\opera.exe | Explorer.EXE | ||||||||||||
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Exit code: 0 Version: 1748 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3016 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1TQ73Z2N41A4MO70A1BF.temp | binary | |
MD5:3F7590FD56AC999E0289444034C9CC80 | SHA256:632F80B7AD1F589FE608EF8546E3E7D1B0501A9EC3E38C0140EA1C10ED3E602B | |||
3016 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini | text | |
MD5:541CB6762AD6E018389519561E12B93C | SHA256:BAF65F1426F313D5E39F3D2FD6C595BA0BC3A15554CBEBA6B8890DD68C61C53F | |||
3016 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms | binary | |
MD5:3F7590FD56AC999E0289444034C9CC80 | SHA256:632F80B7AD1F589FE608EF8546E3E7D1B0501A9EC3E38C0140EA1C10ED3E602B | |||
3016 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprB118.tmp | xml | |
MD5:142A840D7051A1A09E0930E06928E720 | SHA256:AC10709968EA8D5651DF269D937F62063BAE78B2EEA0469B8F44B31AE1D229A7 | |||
3016 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml | xml | |
MD5:142A840D7051A1A09E0930E06928E720 | SHA256:AC10709968EA8D5651DF269D937F62063BAE78B2EEA0469B8F44B31AE1D229A7 | |||
3016 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprB0B9.tmp | text | |
MD5:541CB6762AD6E018389519561E12B93C | SHA256:BAF65F1426F313D5E39F3D2FD6C595BA0BC3A15554CBEBA6B8890DD68C61C53F | |||
3016 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprB946.tmp | text | |
MD5:3F5281B948860E52FE0E440FA12BE986 | SHA256:DD343F8DEFAFCF2E27B3EF50EDB66A7821A4B219A0D326E1373355C02E5289AF | |||
3016 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RFfb944.TMP | binary | |
MD5:DBC8C3C79F0DFF4745A5E25E13611AEF | SHA256:70C54F2C53CF246603B8DE4755D95C5AA51BF4B232340BEA5879724A1F84F675 | |||
3016 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml | xml | |
MD5:8F9BC25082526679D20832E134280689 | SHA256:0FEDE19A884E68AF700217770D350B22BFE9CEE4CF87BA9438D50F2341A85B2C | |||
3016 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win | text | |
MD5:3F5281B948860E52FE0E440FA12BE986 | SHA256:DD343F8DEFAFCF2E27B3EF50EDB66A7821A4B219A0D326E1373355C02E5289AF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2520 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2520 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2520 | iexplore.exe | GET | — | 23.216.77.69:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3d4cb99fff548bcc | US | — | — | whitelisted |
2520 | iexplore.exe | GET | — | 23.216.77.69:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f10da25d0f0151c8 | US | — | — | whitelisted |
2920 | iexplore.exe | GET | 404 | 208.100.26.245:80 | http://feauhueudughuurk.top/ | US | html | 141 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3016 | opera.exe | 185.26.182.93:443 | certs.opera.com | Opera Software AS | — | whitelisted |
3016 | opera.exe | 185.26.182.94:443 | certs.opera.com | Opera Software AS | — | whitelisted |
2920 | iexplore.exe | 208.100.26.245:80 | feauhueudughuurk.top | Steadfast | US | malicious |
2520 | iexplore.exe | 23.216.77.69:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
— | — | 192.168.100.2:53 | — | — | — | whitelisted |
2520 | iexplore.exe | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2520 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2520 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2520 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
feauhueudughuurk.top |
| malicious |
www.microsoft.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
certs.opera.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.top domain - Likely Hostile |
2920 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |