URL: | http://secure-web.cisco.com/14_789NMiF9lMiYoTnbmQMJ06ma8GpSmrKunkXmQ9XuGgK9EBSuSG6vksAaOZp32Cs4ab0oX3GfMBPPBJz_2YoZ3VefeJeeoLGf9a7u5UACExOakM0zrLAgGnGxfeogYsOXUhqJqT1akTDj7FSTsdanMQ8uqR7NZ_eD9so-S4stOKpz5kR-RnmETehd3Swe64pTzZvot6jL2pvKPqDMajWbFYxVBpsXAZwqjEllU8OpCFhDOWOIZGp2e-ZAPoMmfgRw6KReAggmCx2qttl75k8fdpmOy9az2ZnuoDUws1OKbjodEo0chIttZraFKSP5zgvOxu_AG0qikpOID35OT9ShAP7Fie04O5cgjqSRiD8HJ8ZcFYxfb5Q3M_UVnR1ncdr8_mnclylgC4P9xBLDH_aC9VxlDy3SDi_9uLJr9dStmMIYU4cEE8svyqB28ZnScEwd-ec-hIdyyiRduWGLpuw0t-coT4fDdDfgNOuhJb_6-zPB2vG2ejfHf5hGqXjWGjEvLVwdE0yDhXLEMVsTr3WA/http%3A%2F%2Fr.ccacademy.co%2Fmk%2Fcl%2Ff%2FgN9jNl3yimazi0EmYsRRWRyxv2qKPUw3iLe7sOfWEbQGlnG8pSO5shV9oiA9gGOSRgvvpcpYBvzuOYNFIbT6gKVsf3eqH_6xKBFPRmo4cYspFnRT3fqJvvAHGIvNHEUgHACaFb7wbZGr4Ct4Ea4PW9GIw9FRisWgz2pySsdokqLi11fbXM7yCOtl7StfswlZD51GZ-mBPm3FzhWWRP0p7u41psXIINF1k3cp93T7psecd9KRpNgYO-x53y8 |
Full analysis: | https://app.any.run/tasks/eafee220-3a71-4580-ac2d-337ba99fb583 |
Verdict: | Malicious activity |
Analysis date: | September 19, 2019, 08:22:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 9420967FEA4DB3E61E82373456FAF47C |
SHA1: | C145CCEF9AFA207E893BDD00E287DF8E87F76F3A |
SHA256: | 13E376FC7E60E60ACC3D3193FD0CAD97965426E5C91964626168B1199B4BDA54 |
SSDEEP: | 24:t3TRAd5sqF44hLAdNLWdNgOSTGWVfHqjBUn:9Kd3L4MUO8GSfHqVU |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2920 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3420 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3008 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /o /eo /l /b /id 3420 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | iexplore.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Exit code: 0 Version: 15.23.20070.215641 | ||||
3176 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /o /eo /l /b /id 3420 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | iexplore.exe | |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Version: 15.23.20070.215641 | ||||
2376 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /o /eo /l /b /id 3420 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | AcroRd32.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Version: 15.23.20070.215641 | ||||
2732 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16448250 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | AcroRd32.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe RdrCEF Version: 15.23.20053.211670 | ||||
2644 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2732.0.1334172633\1089853232" --allow-no-sandbox-job /prefetch:673131151 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 0 Version: 15.23.20053.211670 | ||||
3652 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2732.1.1464972337\1817853732" --allow-no-sandbox-job /prefetch:673131151 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Version: 15.23.20053.211670 | ||||
3480 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2732.2.404270401\372412493" --allow-no-sandbox-job /prefetch:673131151 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Version: 15.23.20053.211670 | ||||
3256 | "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:15.0 /MODE:3 | C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe | — | AcroRd32.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Reader and Acrobat Manager Version: 1.824.27.2646 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2920 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2920 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3420 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IAH0HXSA\BFPRmo4cYspFnRT3fqJvvAHGIvNHEUgHACaFb7wbZGr4Ct4Ea4PW9GIw9FRisWgz2pySsdokqLi11fbXM7yCOtl7StfswlZD51GZ-mBPm3FzhWWRP0p7u41psXIINF1k3cp93T7psecd9KRpNgYO-x53y8[1].txt | — | |
MD5:— | SHA256:— | |||
2376 | AcroRd32.exe | C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal | — | |
MD5:— | SHA256:— | |||
2376 | AcroRd32.exe | C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.2376 | — | |
MD5:— | SHA256:— | |||
2376 | AcroRd32.exe | C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.2376 | — | |
MD5:— | SHA256:— | |||
2376 | AcroRd32.exe | C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Rdwkmhm_msfug3_1u0.tmp | — | |
MD5:— | SHA256:— | |||
2376 | AcroRd32.exe | C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Ruqjffd_msfug5_1u0.tmp | — | |
MD5:— | SHA256:— | |||
2376 | AcroRd32.exe | C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R1eg03fn_msfug4_1u0.tmp | — | |
MD5:— | SHA256:— | |||
2376 | AcroRd32.exe | C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Rlg4kco_msfug6_1u0.tmp | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3420 | iexplore.exe | GET | 302 | 208.90.58.178:80 | http://secure-web.cisco.com/14_789NMiF9lMiYoTnbmQMJ06ma8GpSmrKunkXmQ9XuGgK9EBSuSG6vksAaOZp32Cs4ab0oX3GfMBPPBJz_2YoZ3VefeJeeoLGf9a7u5UACExOakM0zrLAgGnGxfeogYsOXUhqJqT1akTDj7FSTsdanMQ8uqR7NZ_eD9so-S4stOKpz5kR-RnmETehd3Swe64pTzZvot6jL2pvKPqDMajWbFYxVBpsXAZwqjEllU8OpCFhDOWOIZGp2e-ZAPoMmfgRw6KReAggmCx2qttl75k8fdpmOy9az2ZnuoDUws1OKbjodEo0chIttZraFKSP5zgvOxu_AG0qikpOID35OT9ShAP7Fie04O5cgjqSRiD8HJ8ZcFYxfb5Q3M_UVnR1ncdr8_mnclylgC4P9xBLDH_aC9VxlDy3SDi_9uLJr9dStmMIYU4cEE8svyqB28ZnScEwd-ec-hIdyyiRduWGLpuw0t-coT4fDdDfgNOuhJb_6-zPB2vG2ejfHf5hGqXjWGjEvLVwdE0yDhXLEMVsTr3WA/http%3A%2F%2Fr.ccacademy.co%2Fmk%2Fcl%2Ff%2FgN9jNl3yimazi0EmYsRRWRyxv2qKPUw3iLe7sOfWEbQGlnG8pSO5shV9oiA9gGOSRgvvpcpYBvzuOYNFIbT6gKVsf3eqH_6xKBFPRmo4cYspFnRT3fqJvvAHGIvNHEUgHACaFb7wbZGr4Ct4Ea4PW9GIw9FRisWgz2pySsdokqLi11fbXM7yCOtl7StfswlZD51GZ-mBPm3FzhWWRP0p7u41psXIINF1k3cp93T7psecd9KRpNgYO-x53y8 | US | — | — | whitelisted |
3176 | AcroRd32.exe | GET | 304 | 2.16.186.57:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/282_15_23_20070.zip | unknown | — | — | whitelisted |
2920 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3420 | iexplore.exe | GET | 301 | 54.76.158.109:80 | http://www.cconnection.org/wp-content/uploads/2019/06/CC19756_IOT-2019_4pp-brochure_24jun.pdf | IE | html | 182 b | unknown |
3176 | AcroRd32.exe | GET | 304 | 2.16.186.57:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/message.zip | unknown | — | — | whitelisted |
3176 | AcroRd32.exe | GET | 304 | 2.16.186.57:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/283_15_23_20070.zip | unknown | — | — | whitelisted |
3176 | AcroRd32.exe | GET | 304 | 2.16.186.57:80 | http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/284_15_23_20070.zip | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2920 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3420 | iexplore.exe | 104.16.233.163:80 | r.ccacademy.co | Cloudflare Inc | US | shared |
3420 | iexplore.exe | 54.76.158.109:80 | www.cconnection.org | Amazon.com, Inc. | IE | unknown |
3420 | iexplore.exe | 172.64.128.16:443 | sibautomation.com | Cloudflare Inc | US | shared |
3420 | iexplore.exe | 208.90.58.178:80 | secure-web.cisco.com | Cisco Systems Ironport Division | US | suspicious |
3176 | AcroRd32.exe | 2.21.36.203:443 | armmf.adobe.com | GTT Communications Inc. | FR | suspicious |
— | — | 2.21.36.203:443 | armmf.adobe.com | GTT Communications Inc. | FR | suspicious |
3420 | iexplore.exe | 54.76.158.109:443 | www.cconnection.org | Amazon.com, Inc. | IE | unknown |
— | — | 2.18.233.74:443 | ardownload2.adobe.com | Akamai International B.V. | — | whitelisted |
3176 | AcroRd32.exe | 2.16.186.57:80 | acroipm2.adobe.com | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
secure-web.cisco.com |
| whitelisted |
r.ccacademy.co |
| suspicious |
sibautomation.com |
| whitelisted |
www.cconnection.org |
| unknown |
armmf.adobe.com |
| whitelisted |
acroipm2.adobe.com |
| whitelisted |
ardownload2.adobe.com |
| whitelisted |