URL: | http://ec2-54-189-84-127.us-west-2.compute.amazonaws.com/x/d?c=17485376&l=ce10663c-febf-473c-9e15-31082f25fe97&r=31948223-d945-44ad-bf7a-2863fd39c177 |
Full analysis: | https://app.any.run/tasks/94b79f6f-461f-49ba-8c78-81442357334d |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 20:07:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 051944CB50015450B863D97D2D93C426 |
SHA1: | 5362A34A6A5B074B9CDA92A60AA1E02482EC0D37 |
SHA256: | 0C4A7761EEAB6FF3A98A43CA0C1A9B2D39F7DF4C5F863F279E47151F5DA34A62 |
SSDEEP: | 3:N1KbiuEcPLAWuium9Eo7WtdKBNYu+Yz+xBM5QD5SLJRdvrsRUrTWdbGUhn:CP1cPiztBV3B5QD5iJMqrXUh |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2984 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://ec2-54-189-84-127.us-west-2.compute.amazonaws.com/x/d?c=17485376&l=ce10663c-febf-473c-9e15-31082f25fe97&r=31948223-d945-44ad-bf7a-2863fd39c177" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3644 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | der | |
MD5:49639B4124119DFEB7616D8DD50F9BB7 | SHA256:7F935C9D0A9BD17558459D5A6387B61452011BEA4589AD94A6F2435540A373B5 | |||
2984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:95981783FA41285C05D9D1C01F1B9401 | SHA256:A0B7C15CD83282DCEF16AE7E3816506C27E21C32E36149B1452EEEBA9442EA3D | |||
2984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:94C547F975797837ED612672B8E987C2 | SHA256:7133BBBBA8C48D60C8ACE87642C5DA5D55FF09E8B370734D86A9734569A927B6 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\X1ZNBCNF.htm | html | |
MD5:9AD8208F21DA7E1AF5141EA8F8CFDBC1 | SHA256:390A6EBA8BEDBE998F20ED088BAA35513706F4D5A119E457E60CDC84A4F38892 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\ai[1].js | text | |
MD5:F3D7E7DB1FDF36C97EEFEBAAEDC116E9 | SHA256:C9E3FA3AAD7F7D5D3BB2CBE10F959A6FB6E768F58D3ADC606C3D7057DB6BB953 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | der | |
MD5:3764883055DA6FFC81E4A929CA5072C1 | SHA256:7FF45E2195491FA6A2F3CECEE4B52D9E964CB6719448431B1C7B702E98076920 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:97CC26CC554A93C67076C003C1A7C4AF | SHA256:BA5CFD50B42ADF59FE920FF23F0C9F7CEB8CB8F3596694294301CF24EF6BE75E | |||
2984 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\9ESR5212 | text | |
MD5:FDA44910DEB1A460BE4AC5D56D61D837 | SHA256:933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3644 | iexplore.exe | GET | 200 | 104.18.31.182:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
3644 | iexplore.exe | GET | 200 | 104.18.31.182:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
3644 | iexplore.exe | GET | 200 | 23.45.105.185:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
3644 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3644 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC2PrP09fGo%2BgoAAAABK3x6 | US | der | 472 b | whitelisted |
3644 | iexplore.exe | GET | 302 | 54.189.84.127:80 | http://ec2-54-189-84-127.us-west-2.compute.amazonaws.com/x/d?c=17485376&l=ce10663c-febf-473c-9e15-31082f25fe97&r=31948223-d945-44ad-bf7a-2863fd39c177 | US | html | 208 b | shared |
3644 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCNSku3hulioQoAAAABK4BF | US | der | 472 b | whitelisted |
3644 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDgAde1VeKYIQoAAAABK4GI | US | der | 472 b | whitelisted |
3644 | iexplore.exe | GET | 200 | 18.66.242.45:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
3644 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCQK%2BuAklrlLAoAAAABK4BB | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2984 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3644 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2984 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3644 | iexplore.exe | 23.32.238.201:80 | ctldl.windowsupdate.com | XO Communications | US | suspicious |
3644 | iexplore.exe | 142.250.184.200:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
— | — | 104.21.53.87:443 | ai4retail2021.com | Cloudflare Inc | US | unknown |
3644 | iexplore.exe | 54.189.84.127:80 | ec2-54-189-84-127.us-west-2.compute.amazonaws.com | Amazon.com, Inc. | US | shared |
3644 | iexplore.exe | 104.21.53.87:443 | ai4retail2021.com | Cloudflare Inc | US | unknown |
3644 | iexplore.exe | 188.114.97.7:443 | aiconferences.co | Cloudflare Inc | US | malicious |
3644 | iexplore.exe | 69.16.175.10:443 | code.jquery.com | Highwinds Network Group, Inc. | US | malicious |
Domain | IP | Reputation |
---|---|---|
ec2-54-189-84-127.us-west-2.compute.amazonaws.com |
| shared |
ai4retail2021.com |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
aiconferences.co |
| malicious |
www.googletagmanager.com |
| whitelisted |
code.jquery.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |