URL: | https://www.pcapanalysis.com |
Full analysis: | https://app.any.run/tasks/ec26429d-81d7-4e90-9cf3-00aafbc1d888 |
Verdict: | Malicious activity |
Analysis date: | July 12, 2020, 19:45:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | D61F7F2303517F6F1738391B89CD2069 |
SHA1: | EDB00A2A6CE8240B351B3B2F4FDAC992180F84A4 |
SHA256: | 14ED2A9F1D38197178EBA2C5017CDA5B1A733B4A98B7A9F996B9B88B2E58ACCC |
SSDEEP: | 3:N8DSLPiZWMMGT:2OLabT |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2192 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.pcapanalysis.com | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
664 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2192 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
664 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabCF5F.tmp | — | |
MD5:— | SHA256:— | |||
664 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarCF60.tmp | — | |
MD5:— | SHA256:— | |||
664 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\AGRCI4U6.htm | html | |
MD5:5CE9836D26EF6017A21A113D88E7DFA2 | SHA256:EB8B6E5EDEDFE8AD38E4C68B634767DE48C03DF86438C7C890A04F6DB590DDA7 | |||
664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691 | binary | |
MD5:B66C11E014FAF8E13879BC82D40B4BDA | SHA256:D1E6D9D1C41B53AEBE2E5BBD7F93C8D67B02A51621D93F2B078A51C96AE8E608 | |||
664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:1C400D233070530C717A810D7F9BC99E | SHA256:58B407B0DDF17FBF78FCB2E2DAD4FABAADA9BD88641F19941480951A200AE4E0 | |||
664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 | binary | |
MD5:7888B8994282927A24B0AC1E39A92D70 | SHA256:E648D87D5796715A568D15084E38F14AEDA779CB4D5AF6C212F6D1EBA2335992 | |||
664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA | binary | |
MD5:D838F3F0172C651DFA96F2C79158CBBE | SHA256:4F9799B033A8972DAA73772996FBF67C2F86F102E56CF8531318FB45B60F3BDB | |||
664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691 | der | |
MD5:F86A2C858754EB0170AAEBB0A3C2A00E | SHA256:1C2A85F54571653BF25DAA6047DDB16710E029B985758A1C8E13B4D4F86C02CF | |||
664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | binary | |
MD5:D044A263C66C86D6CC295CF85FB3A5B7 | SHA256:2157599E4C9D5023F0448FE9DFCBB2E785E592C63E5B9A940552FC53EF3F0448 | |||
664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA | der | |
MD5:BC21E2660B44B2F09B65E82FA4BD2874 | SHA256:FFA53D622A443D497C92BBD2052959CB09500C874A74AFDC6F0400687C346BA2 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
664 | iexplore.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D | US | der | 1.48 Kb | whitelisted |
664 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEGfe9D7xe9riT%2FWUBgbSwIQ%3D | US | der | 471 b | whitelisted |
664 | iexplore.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D | US | der | 1.48 Kb | whitelisted |
664 | iexplore.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D | US | der | 1.48 Kb | whitelisted |
664 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY | US | der | 728 b | whitelisted |
664 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
664 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDAzsRMUU8VGKNFi01w%3D%3D | US | der | 1.49 Kb | whitelisted |
664 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDRWV%2BNyD7WkwIAAAAAbwew | US | der | 472 b | whitelisted |
664 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
664 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
664 | iexplore.exe | 151.139.128.14:80 | ocsp.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
664 | iexplore.exe | 172.217.23.106:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
664 | iexplore.exe | 172.217.23.99:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
664 | iexplore.exe | 104.22.52.65:443 | secure.statcounter.com | Cloudflare Inc | US | unknown |
664 | iexplore.exe | 104.18.20.226:80 | ocsp2.globalsign.com | Cloudflare Inc | US | shared |
664 | iexplore.exe | 104.18.21.226:80 | ocsp2.globalsign.com | Cloudflare Inc | US | shared |
— | — | 104.18.20.226:80 | ocsp2.globalsign.com | Cloudflare Inc | US | shared |
664 | iexplore.exe | 198.46.93.183:443 | www.pcapanalysis.com | InMotion Hosting, Inc. | US | unknown |
664 | iexplore.exe | 89.207.16.72:443 | www.lduhtrp.net | Conversant, Inc. | SE | malicious |
664 | iexplore.exe | 8.241.78.124:443 | cdn2.planetapes.de | Level 3 Communications, Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.pcapanalysis.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.lduhtrp.net |
| malicious |
www.tqlkg.com |
| whitelisted |
www.awltovhc.com |
| malicious |
secure.statcounter.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
ocsp2.globalsign.com |
| whitelisted |
ocsp.globalsign.com |
| whitelisted |