URL: | http://www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz/erwrtyo8blqeyz4 |
Full analysis: | https://app.any.run/tasks/e5bcf8e1-a2c3-48d0-a36c-f862edd8b8b9 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 07:05:56 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 5EED7F1987F51EF1E04C091E7AF65618 |
SHA1: | 459E2EF613E3E57C383F74BB57FAC560FB41C77F |
SHA256: | 09D376B368BC98102888F98A21536120F23EA27795398B38882A082B5B2F2E2F |
SSDEEP: | 3:N1KJS41AsUK6p8IbcQ30Cm:Cc4KNiP40Cm |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2828 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz/erwrtyo8blqeyz4" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3328 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2828 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3328 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\main[1].css | text | |
MD5:FAA524DF1765FE3D45A9B3905BC27785 | SHA256:FB8729E2F9515B7D1D4D3EC9611B73B8D0D144070510D8607C3B0251A5F26FE7 | |||
3328 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\main[1].css | text | |
MD5:FAA524DF1765FE3D45A9B3905BC27785 | SHA256:FB8729E2F9515B7D1D4D3EC9611B73B8D0D144070510D8607C3B0251A5F26FE7 | |||
3328 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\RLKJG9YX.txt | text | |
MD5:BADD8934014E3FAB184E17A41D271FCC | SHA256:31685D78DD5B0E392B5DCBF96A1DF7F7463605560B6CC7A402A8F4A0DFCC0A86 | |||
2828 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\EXBK4PL1.txt | text | |
MD5:7D1AA8462B83A9FEC61404E230FD6633 | SHA256:2851460A257E093A3CD83991E5EDD1E527015C79E2D5A704DCB7C8B2F8AFDCFE | |||
2828 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:5531AC54420D98AB6CAD68C52F0BF329 | SHA256:FB55FC705BE24B22F975E19412D5E1E2AAD1752DC4ABA972715178A9ED61AB1E | |||
2828 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:3079F80145DC4F7A13C09201714A0F61 | SHA256:572011BE7C8A698770240CABA3E7429ADF6DFB79E16D5EDED6AF28C76B3A1200 | |||
3328 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\6HMN2EP3.txt | text | |
MD5:A5B5E4764E7D425472461618128C9FBE | SHA256:5ECE6599342F7A0F1B1C59AF24D636FA3C705FAA675E878DF57CB5E6823282BA | |||
2828 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
2828 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\1G2JFQWX.txt | text | |
MD5:E0DCB9370CB589C099710411292153F1 | SHA256:6FB51EBF9AF0ECA375905CFD3602FD2147467809A87E95DF3F94A2AFB7EAEDD6 | |||
3328 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1G1FQ2YY.txt | text | |
MD5:8D01E1462CC49E4090250D0AFF8AF322 | SHA256:113CD109A908B0F3DFAC5439A5234CFDDCB731B03DB8ED3279628ED3C5B7D9E7 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3328 | iexplore.exe | GET | 200 | 172.67.193.102:80 | http://www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz/cdn-cgi/styles/main.css | US | text | 1.97 Kb | suspicious |
2828 | iexplore.exe | GET | — | 172.67.193.102:80 | http://www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz/favicon.ico | US | — | — | suspicious |
3328 | iexplore.exe | GET | — | 172.67.193.102:80 | http://www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz/cdn-cgi/images/cf-icon-cloud.png | US | — | — | suspicious |
3328 | iexplore.exe | GET | — | 172.67.193.102:80 | http://www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz/cdn-cgi/images/cf-icon-server.png | US | — | — | suspicious |
3328 | iexplore.exe | GET | — | 172.67.193.102:80 | http://www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz/cdn-cgi/images/cf-icon-ok.png | US | — | — | suspicious |
2828 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2828 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3328 | iexplore.exe | GET | 521 | 172.67.193.102:80 | http://www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz/erwrtyo8blqeyz4 | US | html | 7.38 Kb | suspicious |
3328 | iexplore.exe | GET | 521 | 172.67.193.102:80 | http://www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz/erwrtyo8blqeyz4 | US | html | 7.42 Kb | suspicious |
2828 | iexplore.exe | GET | 521 | 172.67.193.102:80 | http://www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz/favicon.ico | US | html | 7.38 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2828 | iexplore.exe | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2828 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2828 | iexplore.exe | 8.248.149.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3328 | iexplore.exe | 172.67.193.102:80 | www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz | — | US | malicious |
2828 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2828 | iexplore.exe | 172.67.193.102:80 | www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz | — | US | malicious |
Domain | IP | Reputation |
---|---|---|
www.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz |
| suspicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3328 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
3328 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
3328 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
3328 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
3328 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
3328 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
2828 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
3328 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
3328 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |
3328 | iexplore.exe | Potentially Bad Traffic | AV INFO HTTP Request to a *.xyz domain |