URL: | http://www.jamcenters.click/connotes-Wattenberg/5ee4O2395t8CW512Qz1e42Sl71eB23L8DxbwaEDvsrfawFGtFEGsi7GQ8nKKQ5BrJ106d00wND |
Full analysis: | https://app.any.run/tasks/a13a93f8-dc96-4231-85b7-c38ee2e14ad9 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 08:14:34 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | E9005D6C44FC16790C2B29BB6A9E8C6D |
SHA1: | 5D88486249B8CE6C5406F9831CE77963769E2983 |
SHA256: | 1679038179D412DD984FE473FBDA68733721F2A236B20F1C70EAAC8AF55549DB |
SSDEEP: | 3:N1KJS48IGALRxK7/KRkAzRLIWQUuuSZ+jdyEdXD7jyHOpccn:Cc48IGANnzmj/CoiTYOpr |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2272 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.jamcenters.click/connotes-Wattenberg/5ee4O2395t8CW512Qz1e42Sl71eB23L8DxbwaEDvsrfawFGtFEGsi7GQ8nKKQ5BrJ106d00wND" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1772 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2272 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1772 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\cf.errors[1].css | text | |
MD5:A439338080E17BDE6E390347F4C745E6 | SHA256:EFEFEF4DEA8E9C02DC9079FCFE64205B48B0F96BA73DFBA169FB7919B8768F1F | |||
1772 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZKFUGJHE.txt | text | |
MD5:AA4F8919648C15E3A291150DCE94B24C | SHA256:EB853DB0F6CABFC2BB3D5D933C7F37D75D7EA9704ED6E5B87C1D9815B010B1ED | |||
1772 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:1E0E61B01EA2F93D7BC3B066F7330121 | SHA256:9A97E8BE86101245889A07837FDF17181DBFEA30F9C90173AABFBD125873F9C7 | |||
1772 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\CWFHWWNZ.txt | text | |
MD5:2161042CE2F8A34333FFB8D11B32F58D | SHA256:828C3E10D4D3EB91576F047281F4C14CF2B1AF82DA75D9E04045CA32CED29CA4 | |||
1772 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\2BX9Z3I5.txt | text | |
MD5:293A43F5FCB540486E68609ADAA7D0D3 | SHA256:A488AF69E3C6576A783A1FC99F9B391EBE42B371654B383B1EFD3AEBF9291F28 | |||
1772 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:5FC024EB5BBEE0720ED89CF44771F9B7 | SHA256:9D96058B79190FED6A1531DC8F7F686E542588563DDADC7DDE6721E94322E5E1 | |||
1772 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\v1[1].js | html | |
MD5:3E8610293FD9324C1DD1C7217BB09AA4 | SHA256:041E9CB9618CF6089745AE3834391C5A89741C3C3B9A5500E28509D54F4C436B | |||
2272 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F | der | |
MD5:DF6DEECBA36F8D0AF53EAFA9C51AB1F7 | SHA256:60D1053BDE5FBCA23ED8976F1EABAEE9C4BB459D9C997E5A76BB2182EE916D98 | |||
1772 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\api[1].js | text | |
MD5:7016E6F12609726ED6A3F204E0E6203A | SHA256:DBA9D0D53A8EF16369CE3D1881C0591DA6718EADAD04DA7806676094FC4B9EE9 | |||
1772 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QHP6ZIV2.txt | text | |
MD5:BEAF3CAB23DA435E808E74F39060D76E | SHA256:3BE93B9A339DA18211592604100B7C66A099F964E421974C8CC8E0B6DF26C267 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1772 | iexplore.exe | GET | 200 | 188.114.97.3:80 | http://www.jamcenters.click/cdn-cgi/styles/cf.errors.css | US | text | 4.33 Kb | malicious |
1772 | iexplore.exe | GET | 200 | 188.114.97.3:80 | http://www.jamcenters.click/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=721cbaf63c2ed8a1 | US | html | 14.8 Kb | malicious |
1772 | iexplore.exe | GET | 403 | 188.114.97.3:80 | http://www.jamcenters.click/connotes-Wattenberg/5ee4O2395t8CW512Qz1e42Sl71eB23L8DxbwaEDvsrfawFGtFEGsi7GQ8nKKQ5BrJ106d00wND | US | html | 5.78 Kb | malicious |
1772 | iexplore.exe | GET | 200 | 188.114.97.3:80 | http://www.jamcenters.click/cdn-cgi/images/browser-bar.png?1376755637 | US | image | 715 b | malicious |
2272 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1772 | iexplore.exe | GET | 200 | 188.114.97.3:80 | http://www.jamcenters.click/cdn-cgi/images/trace/managed/js/transparent.gif?ray=721cbaf63c2ed8a1 | US | image | 42 b | malicious |
1772 | iexplore.exe | POST | 400 | 188.114.97.3:80 | http://www.jamcenters.click/cdn-cgi/challenge-platform/h/g/flow/ov1/0.9713486080607304:1656317265:6kCNCJO9fI2F7Q5a2HX9pCxPUFuP9X1XndVV47-5_NI/721cbaf63c2ed8a1/b9187eae068e26c | US | text | 15 b | malicious |
1772 | iexplore.exe | GET | 200 | 188.114.97.3:80 | http://www.jamcenters.click/cdn-cgi/images/trace/captcha/nojs/h/transparent.gif?ray=721cbaf63c2ed8a1 | US | image | 42 b | malicious |
1772 | iexplore.exe | POST | 400 | 188.114.97.3:80 | http://www.jamcenters.click/cdn-cgi/challenge-platform/h/g/flow/ov1/0.9713486080607304:1656317265:6kCNCJO9fI2F7Q5a2HX9pCxPUFuP9X1XndVV47-5_NI/721cbaf63c2ed8a1/b9187eae068e26c | US | text | 15 b | malicious |
1772 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4dc2a2f0ec91d7f7 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1772 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2272 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1772 | iexplore.exe | 188.114.97.3:80 | www.jamcenters.click | Cloudflare Inc | US | malicious |
2272 | iexplore.exe | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1772 | iexplore.exe | 104.18.18.132:443 | cloudflare.hcaptcha.com | Cloudflare Inc | US | unknown |
1772 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2272 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.jamcenters.click |
| malicious |
cloudflare.hcaptcha.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |