URL: | https://workupload.com/start/JFGtDndxLHp |
Full analysis: | https://app.any.run/tasks/da712d4e-31da-499f-9422-4adab1e0169b |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 23:44:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | A540F23DAE58AA1F5A977905C40B72F9 |
SHA1: | F90F01000B8A4F53F62DAA728AE4C223688F9F9E |
SHA256: | 12DBC9209E87F7DE939A4CF8B1C9BF6C1232BC480DA36E93C30AD41317A4B179 |
SSDEEP: | 3:N8bXOrZDJiRDdJ:2itDJyBJ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
760 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://workupload.com/start/JFGtDndxLHp" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
932 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:760 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
736 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\BlitzedGrabber6969.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3636 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
3264 | "C:\Users\admin\Desktop\BlitzedGrabber6969\Kyanite.exe" | C:\Users\admin\Desktop\BlitzedGrabber6969\Kyanite.exe | Explorer.EXE | |
User: admin Integrity Level: MEDIUM Description: Kyanite Version: 1.0.0.0 | ||||
3912 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\yempkxu1.cmdline" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | — | Kyanite.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Visual C# Command Line Compiler Exit code: 1 Version: 4.0.30319.34209 built by: FX452RTMGDR | ||||
2516 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\tgphx2cy.cmdline" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | — | Kyanite.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Visual C# Command Line Compiler Exit code: 1 Version: 4.0.30319.34209 built by: FX452RTMGDR |
PID | Process | Filename | Type | |
---|---|---|---|---|
932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\15D6CD41EC127C739654F6DCE221B581 | der | |
MD5:6E4373CCE4A362B2174E34D1CC326AC2 | SHA256:7D79EDBD54E91E3DA420C8FBB29229C3259519C8B789F359F57E923AD11E9B68 | |||
932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | der | |
MD5:54E9306F95F32E50CCD58AF19753D929 | SHA256:45F94DCEB18A8F738A26DA09CE4558995A4FE02B971882E8116FC9B59813BB72 | |||
932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:381A5FB3A26701743DF78064742875A3 | SHA256:6609F4CE7D86E6576A2A43A503B3375727B95B82995F866C2BDFD804A8B3BAB0 | |||
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:AC8FE9D561E9E7288AECF13F03AEA3D1 | SHA256:CECD911136F3CCBE6F4869CBCBD9FD15B3FA91CD2FD49B9655FA3BCF8E932C05 | |||
932 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabE064.tmp | compressed | |
MD5:B9F21D8DB36E88831E5352BB82C438B3 | SHA256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E | |||
932 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\790Q91CU.txt | text | |
MD5:C979D08DE3421FCB235B95767015D103 | SHA256:0C852982C72CBD35BBD190C1C32065167AB5F41D0A4400F5ED990A4057E58F90 | |||
932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:4C0440F1F6117667D3AE87F5A435E360 | SHA256:E47F261A38CA11D5918A355961446DF1F3B8C8571972A5B1ACE382DCCA730738 | |||
932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:B9F21D8DB36E88831E5352BB82C438B3 | SHA256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E | |||
932 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarE075.tmp | cat | |
MD5:E721613517543768F0DE47A6EEEE3475 | SHA256:3163B82D1289693122EF99ED6C3C1911F68AA2A7296907CEBF84C897141CED4E | |||
932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\15D6CD41EC127C739654F6DCE221B581 | binary | |
MD5:08D415E65D950EC21106E0452C321391 | SHA256:DD73183A4EF90EC8983439EA79267F24A7BCF1634EF69BDC546C93D21C4633BC |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
932 | iexplore.exe | GET | 200 | 104.90.178.254:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
932 | iexplore.exe | GET | 200 | 142.250.184.227:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEG3aTvFLTYzNCmxS2fUJutw%3D | US | der | 471 b | whitelisted |
932 | iexplore.exe | GET | 200 | 142.250.184.227:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDwQ9JNOs3IcArkp%2FBu7NbU | US | der | 472 b | whitelisted |
760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D | US | der | 471 b | whitelisted |
760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
932 | iexplore.exe | GET | 200 | 92.123.195.28:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPJRD8gx2YU%2FI6sdUU76qBCNQ%3D%3D | unknown | der | 503 b | shared |
932 | iexplore.exe | GET | 200 | 178.79.242.128:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6973aa0a37a4c3a8 | DE | compressed | 60.0 Kb | whitelisted |
760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
932 | iexplore.exe | GET | 200 | 142.250.184.227:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
932 | iexplore.exe | GET | 200 | 142.250.184.227:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEFsL8ccV6MRJElibH7RYju4%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
760 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
760 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
932 | iexplore.exe | 142.132.152.244:443 | workupload.com | MRNet | CA | unknown |
932 | iexplore.exe | 142.250.185.228:443 | www.google.com | Google Inc. | US | whitelisted |
932 | iexplore.exe | 178.79.242.128:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | DE | malicious |
932 | iexplore.exe | 92.123.195.28:80 | r3.o.lencr.org | Akamai International B.V. | — | suspicious |
932 | iexplore.exe | 104.90.178.254:80 | x1.c.lencr.org | Akamai Technologies, Inc. | NL | unknown |
760 | iexplore.exe | 142.132.152.244:443 | workupload.com | MRNet | CA | unknown |
760 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
932 | iexplore.exe | 142.250.184.227:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
workupload.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |
www.google.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
www.google-analytics.com |
| whitelisted |