URL: | https://link.zixcentral.com/u/1211f850/SLCqAhNE7RGaQ-oUh3soMg?u=http%3A%2F%2Fxz7w.s5cjeh.tatsuonocirurgiaplastica.com.br.%2F%2F%2Fbodcfv.%23.aHR0cHM6Ly9sbW8ubGVlYW5kYnVyZ2Vzcy5jb20vP3VzZXJuYW1lPWdlcnJ5Lmxld2lzQHVzcmFkaW9sb2d5LmNvbQ%3D%3D |
Full analysis: | https://app.any.run/tasks/6e31e4aa-638c-45e6-93fe-5785afa03af6 |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 20:02:09 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 012A65DB4A5D8E6B8A8974F1D4CF3FF9 |
SHA1: | 33752B359183C7F6112FD2ABC42612C28865A141 |
SHA256: | 0B5762AA5C60BBEAA381F48FB212EDD049D5AA3D251D444FE7994D0A94ED7C2A |
SSDEEP: | 6:2MgUbz1T30pk3szzLNVBbcDLA5yZtyynUAW:2Mg2T30gsvLNVBbQbnU7 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
600 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://link.zixcentral.com/u/1211f850/SLCqAhNE7RGaQ-oUh3soMg?u=http%3A%2F%2Fxz7w.s5cjeh.tatsuonocirurgiaplastica.com.br.%2F%2F%2Fbodcfv.%23.aHR0cHM6Ly9sbW8ubGVlYW5kYnVyZ2Vzcy5jb20vP3VzZXJuYW1lPWdlcnJ5Lmxld2lzQHVzcmFkaW9sb2d5LmNvbQ%3D%3D" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1244 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:600 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3708 | -modal 131368 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\admin\AppData\Local\Temp\NDF44B2.tmp -ep NetworkDiagnosticsWeb | C:\Windows\system32\msdt.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Diagnostics Troubleshooting Wizard Exit code: 4294967295 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3960 | C:\Windows\System32\sdiagnhost.exe -Embedding | C:\Windows\System32\sdiagnhost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Scripted Diagnostics Native Host Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
600 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:B8BDA0B382A7D056A4241B388338B778 | SHA256:7BAA967F6686CCE471826B20FFA5CB7FEB4BF3C5C0BF43F51F08E84EB5850DD2 | |||
600 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\NDF44B2.tmp | binary | |
MD5:18620FC1A9092A413946EAAC9B4A3A99 | SHA256:23F75A7CB2B5EB58A59827CC8497A6CE7DC629D71D56D19EE09D56E4138CF8A9 | |||
600 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | binary | |
MD5:45634FAC95929BFEE781DCB6F45022CF | SHA256:75C748FF68602B7060A47B259260D3A10ED4E0A18429EBF362B7290C7256198E | |||
600 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:A84B34D826ED3F5FC7AC6D9DB3463D5C | SHA256:6365090113AAA2D3F10D7BB8DE526CA763A7203A740F53943DAB66FF29EA64DD | |||
600 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
3708 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_33b7ab01-ff4c-42a5-a0ac-978af107e6c0\NetworkDiagnosticsTroubleshoot.ps1 | text | |
MD5:1D192CE36953DBB7DC7EE0D04C57AD8D | SHA256:935A231924AE5D4A017B0C99D4A5F3904EF280CEA4B3F727D365283E26E8A756 | |||
3708 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_33b7ab01-ff4c-42a5-a0ac-978af107e6c0\UtilityFirewall.ps1 | text | |
MD5:B004AFC224E9216115EC3B0BF5D43BA2 | SHA256:31B97632CA31D1BB21917A07757B2FF415DBB6A4E7DD7B533ECC52431ACF65B5 | |||
3708 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_33b7ab01-ff4c-42a5-a0ac-978af107e6c0\UtilitySetConstants.ps1 | text | |
MD5:0C75AE5E75C3E181D13768909C8240BA | SHA256:DE5C231C645D3AE1E13694284997721509F5DE64EE5C96C966CDFDA9E294DB3F | |||
3708 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_33b7ab01-ff4c-42a5-a0ac-978af107e6c0\DiagPackage.diagpkg | xml | |
MD5:C9FB87FA3460FAE6D5D599236CFD77E2 | SHA256:CDE728C08A4E50A02FCFF35C90EE2B3B33AB24C8B858F180B6A67BFA94DEF35F | |||
3708 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_33b7ab01-ff4c-42a5-a0ac-978af107e6c0\HTInteractiveRes.ps1 | text | |
MD5:C25ED2111C6EE9299E6D9BF51012F2F5 | SHA256:8E326EE0475208D4C943D885035058FAD7146BBA02B66305F7C9F31F6A57E81B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1244 | iexplore.exe | GET | 200 | 23.48.23.12:80 | http://crl.entrust.net/g2ca.crl | US | der | 1.66 Kb | whitelisted |
600 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
600 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1244 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEALYmhVz87O42hRbWDiYKQc%3D | US | der | 1.47 Kb | whitelisted |
600 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
1244 | iexplore.exe | GET | 200 | 96.16.142.215:80 | http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTMbSIc9rRVLC%2BHkV9a%2FvDh7s6DzAQUgqJwdN28Uz%2FPe9T3zX%2BnYMYKTL8CEHCOyacXVQWafbNmMlD3UTM%3D | US | der | 1.55 Kb | whitelisted |
600 | iexplore.exe | GET | 200 | 23.216.77.80:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0239d82df03436c5 | US | compressed | 4.70 Kb | whitelisted |
600 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
600 | iexplore.exe | GET | 200 | 23.216.77.80:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ed2734d1445fd5da | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
600 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | EDGECAST | US | whitelisted |
1244 | iexplore.exe | 199.30.234.131:443 | link.zixcentral.com | ASN-CUST | US | suspicious |
600 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
720 | svchost.exe | 199.30.234.131:443 | link.zixcentral.com | ASN-CUST | US | suspicious |
600 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
600 | iexplore.exe | 23.216.77.80:80 | ctldl.windowsupdate.com | Akamai International B.V. | DE | suspicious |
1244 | iexplore.exe | 23.48.23.12:80 | crl.entrust.net | Akamai International B.V. | DE | suspicious |
1244 | iexplore.exe | 96.16.142.215:80 | ocsp.entrust.net | AKAMAI-AS | DE | unknown |
1244 | iexplore.exe | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | CLOUDFLARENET | — | suspicious |
600 | iexplore.exe | 184.29.201.244:443 | go.microsoft.com | AKAMAI-AS | NL | suspicious |
Domain | IP | Reputation |
---|---|---|
link.zixcentral.com |
| shared |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp.entrust.net |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
crl.entrust.net |
| whitelisted |
maxcdn.bootstrapcdn.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
720 | svchost.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
720 | svchost.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1244 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1244 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1244 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1244 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1244 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1244 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |