URL: | https://sourceforge.net/projects/maddstress/ |
Full analysis: | https://app.any.run/tasks/07a9f62f-d57a-458c-8351-55ceb4870385 |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 08:49:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 063E9F1784F3BFA508CA57CD5EF19C35 |
SHA1: | A784FE71C295BB99B960D4EABF9C2660973BB538 |
SHA256: | 157B97BF22E3C3DECD0237104FB1F0F7C5B63991ED0F14E43C1AF0899D0CA12A |
SSDEEP: | 3:N8HCGSuLAuUtP3WP:2iGnCt+P |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1556 | "C:\Program Files\Internet Explorer\iexplore.exe" https://sourceforge.net/projects/maddstress/ | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2624 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1556 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2328 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1556 CREDAT:1643809 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2624 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab8612.tmp | — | |
MD5:— | SHA256:— | |||
2624 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar8613.tmp | — | |
MD5:— | SHA256:— | |||
2624 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\maddstress[1].htm | html | |
MD5:CA424AE105F62A385F3DC08F80C2747C | SHA256:F3C216D1C811247287E805F69893626DDD51A448618D78D0DB428F701D794B65 | |||
2624 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0866C9BDEA8439513B2B30A76FEB0F6D | der | |
MD5:3FF03A11CA1E96E936010D95CC7D10E2 | SHA256:96C40EAF10C81BBA9424E60A58CF7846F8AF71D6D97A8C5F8A12062D9E6D41C8 | |||
2624 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\cmp[1].css | text | |
MD5:4B250691D1FF8CEFF9557E8B89E50122 | SHA256:53660B188B8E19E9CEA29FB4C23449390AE83AB21DAD2A2E067B5B0597192EC6 | |||
2624 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08 | der | |
MD5:30142B9712DB3BF56074DDC675C257FD | SHA256:E097553550D5FC623C5EF334D0ED27BD29BEFEDD25927556D934364E56A22A69 | |||
2624 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0866C9BDEA8439513B2B30A76FEB0F6D | binary | |
MD5:6FA53ADB36C51FC4C22D8386D8DF075C | SHA256:DA9749EBB5D6489278ACC8912E15F300B670EA24813CD78B9ED534FE3E15CE0A | |||
2624 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\1[1].png | image | |
MD5:56DD544AA0A7D836E6CBE893B788E2C0 | SHA256:8DBAC44F4567753C842A101345C8245A4597B049FA4A8FC5A71FB0DA73C75F55 | |||
2624 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\sf.sandiego-head[1].js | text | |
MD5:9B08F44E035AE8394A67C278FCE81264 | SHA256:B8D60040E3B6885276D678C14611531B872513928A6035C667C2D23CBD5CE625 | |||
2624 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\icon[1].jpg | image | |
MD5:FE3D3C73A00E08C660739849621A36C0 | SHA256:9E3EAC33A8D7E946181CE969CCA4F7E1A648CA7007BF9F4D8AE18EBE6726ACA0 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2624 | iexplore.exe | GET | 200 | 2.16.107.114:80 | http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgTHARGArCpfTkokHR32QhOqmg%3D%3D | unknown | der | 527 b | whitelisted |
2624 | iexplore.exe | GET | 200 | 142.250.74.195:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCoziyTHasflwIAAAAAekur | US | der | 472 b | whitelisted |
2624 | iexplore.exe | GET | 200 | 2.16.107.114:80 | http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgNi5wusdw27Wmbi806i3fyowA%3D%3D | unknown | der | 527 b | whitelisted |
2624 | iexplore.exe | GET | 200 | 142.250.74.195:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDqXuNQ97mPtAIAAAAAektt | US | der | 472 b | whitelisted |
1052 | svchost.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
1556 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2624 | iexplore.exe | GET | 200 | 142.250.74.195:80 | http://crl.pki.goog/gsr2/gsr2.crl | US | der | 950 b | whitelisted |
2624 | iexplore.exe | GET | 200 | 142.250.74.195:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDM8p7YwCDvUCAAAAABXoPk%3D | US | der | 471 b | whitelisted |
1052 | svchost.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEA7yTSbUNi7CXXtef0luXqk%3D | US | der | 279 b | whitelisted |
2624 | iexplore.exe | GET | 200 | 2.16.107.114:80 | http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgNi5wusdw27Wmbi806i3fyowA%3D%3D | unknown | der | 527 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2624 | iexplore.exe | 172.217.16.132:443 | www.google.com | Google Inc. | US | whitelisted |
2624 | iexplore.exe | 2.16.107.114:80 | ocsp.int-x3.letsencrypt.org | Akamai International B.V. | — | suspicious |
2624 | iexplore.exe | 2.16.107.73:80 | isrg.trustid.ocsp.identrust.com | Akamai International B.V. | — | suspicious |
2624 | iexplore.exe | 216.105.38.13:443 | sourceforge.net | American Internet Services, LLC. | US | malicious |
2624 | iexplore.exe | 216.58.212.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2624 | iexplore.exe | 104.18.14.218:443 | a.fsdn.com | Cloudflare Inc | US | unknown |
1556 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2624 | iexplore.exe | 142.250.74.195:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2624 | iexplore.exe | 87.230.98.69:443 | consentmanager.mgr.consensu.org | Host Europe GmbH | DE | unknown |
1556 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
sourceforge.net |
| whitelisted |
isrg.trustid.ocsp.identrust.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.int-x3.letsencrypt.org |
| whitelisted |
a.fsdn.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.google.com |
| whitelisted |
consentmanager.mgr.consensu.org |
| whitelisted |
cdn.consentmanager.mgr.consensu.org |
| whitelisted |