URL: | https://stratahealth-my.sharepoint.com:443/:o:/p/howard_waldner/EtGS13yql2VDlPTAmzaBVnABxf86kbqtAiryNLCGdwz7Bg?e=5%3anWF6MT&at=9 |
Full analysis: | https://app.any.run/tasks/dfbeeee6-0c96-45dc-aa9d-d1d73dea7ab3 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2019, 16:54:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 572782634D399548EDC69D68A9EB59B2 |
SHA1: | 462009F8412636A5C70FA13583F815F500E91D1E |
SHA256: | 175881333ED5E9FE29F9683A92892421A740DAE2A0F4DC11C2D87E50A13F2D57 |
SSDEEP: | 3:N8cI9/ArLnjfOA+4YPxJ1wzLkHoUqVrZD2:2c4AfyB4YZJ2QHoUqZZD2 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2428 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://stratahealth-my.sharepoint.com:443/:o:/p/howard_waldner/EtGS13yql2VDlPTAmzaBVnABxf86kbqtAiryNLCGdwz7Bg?e=5%3anWF6MT&at=9" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3392 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2428 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2428 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2428 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3392 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HCENB78P\WopiFrame[1].aspx | — | |
MD5:— | SHA256:— | |||
3392 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HZ7N40D8\which-browsers-work-with-office-for-the-web-ad1303e0-a318-47aa-b409-d3a5eb44e452[1].txt | — | |
MD5:— | SHA256:— | |||
3392 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:5350B2DF85F336A8EF43A63D3D9BA169 | SHA256:F6E16F02347DCBA0CCCAE7BD314288A8343EC2B6311C2412FEB2444D7AB1D3CC | |||
3392 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CGU1SY7G\WebResource[1].axd | text | |
MD5:90EA7274F19755002360945D54C2A0D7 | SHA256:40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB | |||
3392 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HCENB78P\WopiFrame[1].htm | html | |
MD5:05309E13E1F4CBEAB2E0BC44FB514502 | SHA256:25D403776448BC97CADF3ED36175C3D2183A25D9C422B538F8FE7B697517F6BB | |||
3392 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HZ7N40D8\which-browsers-work-with-office-for-the-web-ad1303e0-a318-47aa-b409-d3a5eb44e452[1].htm | html | |
MD5:17E89BCF3BBAEE7D5E8C6F0448514566 | SHA256:976DA936A87E5CAAF98652A76B36075EE7680D6A20A92DB103B2008328220053 | |||
3392 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HCENB78P\topNavCss[1].txt | text | |
MD5:5B217FC164237F955683614B4A2995C5 | SHA256:19AFBAB9CB6C9C225C41C90A6023482316A3FF98BD577A6BC0207EDC94A84BC8 | |||
3392 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:2C65669BEDDD89A139A3B20B073A3F4C | SHA256:31D02E9129C488D4A834E7D257A0949B45F42747255664970751FB1F349C8E9F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2428 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2428 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3392 | iexplore.exe | 52.104.14.45:443 | stratahealth-my.sharepoint.com | Microsoft Corporation | US | unknown |
3392 | iexplore.exe | 13.107.6.171:443 | cac-onenote.officeapps.live.com | Microsoft Corporation | US | whitelisted |
3392 | iexplore.exe | 104.108.55.117:443 | go.microsoft.com | Akamai Technologies, Inc. | NL | unknown |
3392 | iexplore.exe | 104.111.217.23:443 | support.office.com | Akamai International B.V. | NL | unknown |
3392 | iexplore.exe | 104.108.60.51:443 | static.sharepointonline.com | Akamai Technologies, Inc. | NL | whitelisted |
3392 | iexplore.exe | 2.18.233.62:443 | www.microsoft.com | Akamai International B.V. | — | whitelisted |
3392 | iexplore.exe | 152.199.19.160:443 | az725175.vo.msecnd.net | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3392 | iexplore.exe | 2.16.186.27:443 | statics-marketingsites-neu-ms-com.akamaized.net | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
stratahealth-my.sharepoint.com |
| suspicious |
www.bing.com |
| whitelisted |
static.sharepointonline.com |
| whitelisted |
cac-onenote.officeapps.live.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
support.office.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
statics-marketingsites-neu-ms-com.akamaized.net |
| whitelisted |
az725175.vo.msecnd.net |
| whitelisted |