URL: | http://boucherie-a-la-campagne.com |
Full analysis: | https://app.any.run/tasks/81b863da-1bb7-4a26-8bcd-65d3c3d7e080 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 09:16:47 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 976CF0BDC75925ED8AA2095D799F715F |
SHA1: | 53E36BFB3D81D6A2EBFA9F83985B4F5EA9050863 |
SHA256: | 1730404F96A6DED0C16C64A331700726CE051879AEBF4C3C35AF8B46D8001614 |
SSDEEP: | 3:N1KcfcAOQYCNn:CcAQYY |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2952 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://boucherie-a-la-campagne.com" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
4088 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2952 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30968326 | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30968326 | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2952) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2952 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.dat | binary | |
MD5:FF35F5BA0827719FE81372C3C1ACFB83 | SHA256:63A78EC622B70906FE56ECD5BA393147D9F5F1106C57F80E26F986972C6FF34D | |||
2952 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
2952 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:4C9D94581C0B43873FEB2173318B6A1B | SHA256:1F81F8E21F896CB8B9F62C6562A0DA4112E6F110B4B570057F4E345F0945BC98 | |||
4088 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\EGHXM3ON.htm | html | |
MD5:A8FD03DE0A80F8FE28E346088C3552B0 | SHA256:762A1D7A4BB4376A0B91882A856DBCDC60CB3032E419DC1C56FA43ACE06C6E4E | |||
2952 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:790E40386A5478B54787C28956E029D7 | SHA256:2A14CA44FA89C53F53111C7CAAE9155A460FA162BD822CCEAF7B7F74B8390557 | |||
2952 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:45885960656CE76348C8EA903540C2A9 | SHA256:D9147543AFCA0DA6F8B8BEC1E7601A638D9CD1DC738656CD533DD201AB5961E0 | |||
4088 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style[2].css | text | |
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5 | SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B | |||
4088 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\F9XLN80J.htm | html | |
MD5:E930194BED4E025A13399839A844E683 | SHA256:20F0A20DF4A64181A5CF89450545ADA0DA3CA40278DF2E2F2A766698F538E577 | |||
4088 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style[1].css | text | |
MD5:8A6AC41C4CD1120C9D01C26F839389FC | SHA256:73C8B1941A2A223B487245530177D98CAB9AC48B1CE903A48B29C76C96C1FDA4 | |||
4088 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LW5O4960.txt | text | |
MD5:71415D2336DF0DCEF603779059F7A2DF | SHA256:11A5E911EC337DCD19F7AAFC801A2671B93F64E41770F9EADA503793AC779432 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2952 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
4088 | iexplore.exe | GET | 302 | 72.14.178.174:80 | http://boucherie-a-la-campagne.com/mtm/direct/.eJwljEsKwzAMBa9StEzjet_LBEW8xgb_UBQwlN69NtnNDI_3pUsjvcnTSqzHOXCQ4gOF3hLqaVvhjKF7vSRAIxy7xE44Nz4KXlLzPBBBszEzdPPBclof3FqKwhZr8X2mZ5958Qv9_sFfKPw:1o5krY:oI06m8Ci0_4wB7h2PIuoAOhfF0o/0 | US | — | — | malicious |
4088 | iexplore.exe | GET | 200 | 45.33.30.197:80 | http://boucherie-a-la-campagne.com/ | US | html | 6.84 Kb | malicious |
4088 | iexplore.exe | GET | 200 | 75.2.73.197:80 | http://www1.boucherie-a-la-campagne.com/?tm=1&subid4=1656321452.0121570000&kw=Butcher+Shop&KW1=Livraison%20de%20viande&KW2=Paniers%20Cadeaux%20Boucherie%20Gourmande&KW3=Commander%20de%20la%20viande%20en%20gros&searchbox=0&domainname=0&backfill=0 | US | html | 5.32 Kb | suspicious |
4088 | iexplore.exe | GET | 200 | 143.204.101.79:80 | http://d1lxhc4jvstzrp.cloudfront.net/themes/regnitz_0f823431/style.css | US | text | 539 b | shared |
2952 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
4088 | iexplore.exe | GET | 200 | 142.250.186.132:80 | http://www.google.com/adsense/domains/caf.js | US | text | 51.5 Kb | whitelisted |
4088 | iexplore.exe | GET | 200 | 143.204.101.79:80 | http://d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js | US | text | 6.84 Kb | shared |
4088 | iexplore.exe | GET | 200 | 185.53.178.30:80 | http://c.parkingcrew.net/scripts/sale_form.js | DE | text | 761 b | whitelisted |
2952 | iexplore.exe | GET | 200 | 45.33.30.197:80 | http://boucherie-a-la-campagne.com/favicon.ico | US | image | 43 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2952 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
4088 | iexplore.exe | 45.33.30.197:80 | boucherie-a-la-campagne.com | Linode, LLC | US | malicious |
— | — | 45.33.30.197:80 | boucherie-a-la-campagne.com | Linode, LLC | US | malicious |
2952 | iexplore.exe | 8.241.11.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
2952 | iexplore.exe | 45.33.30.197:80 | boucherie-a-la-campagne.com | Linode, LLC | US | malicious |
2952 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2952 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 72.14.178.174:80 | boucherie-a-la-campagne.com | Linode, LLC | US | malicious |
4088 | iexplore.exe | 72.14.178.174:80 | boucherie-a-la-campagne.com | Linode, LLC | US | malicious |
4088 | iexplore.exe | 142.250.186.132:80 | www.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
boucherie-a-la-campagne.com |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
www1.boucherie-a-la-campagne.com |
| suspicious |
www.google.com |
| whitelisted |
d1lxhc4jvstzrp.cloudfront.net |
| shared |