URL: | https://ydray.com/get/l/dD15856384064825/iLOXGTHJsmF |
Full analysis: | https://app.any.run/tasks/ab185004-8cbe-4046-a9cf-5b68c257cfa7 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 08:12:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 96F9FF884BCC55159CBB35D183B6D009 |
SHA1: | EB11F50E9F034D7847D469E9E3BA88DF8EF8904C |
SHA256: | 0EB914EDF2756E3D49E3AFD11ECAA88523557BE1DB9CB859F15A8DA1AD71C1D4 |
SSDEEP: | 3:N8k1yGDRfChazYKw7j:2k1bfC4EXj |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2880 | "C:\Program Files\Internet Explorer\iexplore.exe" https://ydray.com/get/l/dD15856384064825/iLOXGTHJsmF | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3248 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2880 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2600 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2880 CREDAT:726295 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2572 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\YDRAY-Remittance-Advice.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | iexplore.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
272 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2880 CREDAT:78849 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2880 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3248 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab9841.tmp | — | |
MD5:— | SHA256:— | |||
3248 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar9851.tmp | — | |
MD5:— | SHA256:— | |||
3248 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\PGXAICWX.txt | — | |
MD5:— | SHA256:— | |||
3248 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 | der | |
MD5:65BE59C388C0FB8BD8E8FE798B95BE8E | SHA256:E8FC758B893CA0C9B1A4D1DDD14BC830A2455487089B34307EFB9F96B5719A3B | |||
3248 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D | der | |
MD5:15E1EAD6D64A568D0280273659B287FD | SHA256:8AFF1C859B0881467119BCDB4909221255214AA19D4769B977676D38E2BF1537 | |||
3248 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_29CAB1D7CDE033F9100636E7D473C129 | binary | |
MD5:B99F6F3F306CBE095DE6BB79662D097D | SHA256:7054E5DA96BCB28F1957BC246EE2705D2560E8C9C8B8A85BE339EC170D1A9175 | |||
3248 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 | binary | |
MD5:BDD3327FC60F0B1AE00CBA48A8E09D9D | SHA256:BCFD856B07FB180DF6270BD85B406E622BA28FE36EAC2E47C2C627CF7B068807 | |||
3248 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3PCSQWH5.txt | text | |
MD5:3846381F4CAB7736013C970E05A61A06 | SHA256:832B97AF525B19CFD8A3E3DB8FFFF7041065BF4BB34F6A53C448BE4B3DCE2DC4 | |||
3248 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D | binary | |
MD5:E1325A91E59A03550B2A4DB93A310F4A | SHA256:365498A363F0F762B2E00D05CFBD478045CBD21B1F5C9B6EF8259579AE9F45ED |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3248 | iexplore.exe | GET | 200 | 216.58.208.35:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
3248 | iexplore.exe | GET | 200 | 216.58.208.35:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDfMYPZCGzPzwgAAAAAMgoG | US | der | 472 b | whitelisted |
3248 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQDhmF2Wom2VPwQCTLXgdbVi | US | der | 472 b | whitelisted |
3248 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://crl.usertrust.com/AddTrustExternalCARoot.crl | US | der | 673 b | whitelisted |
3248 | iexplore.exe | GET | 200 | 216.58.208.35:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
3248 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D | US | der | 727 b | whitelisted |
3248 | iexplore.exe | GET | 200 | 216.58.208.35:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
3248 | iexplore.exe | GET | 200 | 216.58.208.35:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDy4NKedukSQwgAAAAAMgpY | US | der | 472 b | whitelisted |
3248 | iexplore.exe | GET | 200 | 13.225.87.121:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
3248 | iexplore.exe | GET | 200 | 216.58.208.35:80 | http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEFeh1L3VO0beCAAAAAAyCgc%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2880 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3248 | iexplore.exe | 172.217.16.138:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3248 | iexplore.exe | 172.217.18.110:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
3248 | iexplore.exe | 172.217.23.130:443 | pagead2.googlesyndication.com | Google Inc. | US | whitelisted |
3248 | iexplore.exe | 13.224.194.14:443 | d31qbv1cthcecs.cloudfront.net | — | US | unknown |
3248 | iexplore.exe | 51.91.48.189:443 | ydray.com | — | GB | suspicious |
3248 | iexplore.exe | 151.139.128.14:80 | ocsp.usertrust.com | Highwinds Network Group, Inc. | US | suspicious |
3248 | iexplore.exe | 216.58.208.35:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3248 | iexplore.exe | 143.204.97.13:443 | certify.alexametrics.com | — | US | unknown |
3248 | iexplore.exe | 173.194.76.154:443 | stats.g.doubleclick.net | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
ydray.com |
| suspicious |
ocsp.usertrust.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
crl.usertrust.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
pagead2.googlesyndication.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
d31qbv1cthcecs.cloudfront.net |
| shared |