URL: | https://securepubads.g.doubleclick.net/pcs/view?adurl=https%3a%2f%2fwi2qi8.codesandbox.io/[email protected] |
Full analysis: | https://app.any.run/tasks/f833bae5-823d-40ef-a040-07a81c023e75 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 20:42:25 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | C0696EE4AC3E9FB420FAE8D43122C851 |
SHA1: | 9758DC6AD80289927E528B7CDD00022C3ACCF762 |
SHA256: | 21E581E8CA0F912924598C00C602834A66A352C47AFA554B42F38C8C09F25774 |
SSDEEP: | 3:N8N3wQHEBW21zOGJMB5GNzURVHWpMTSW3LGKBGHGLM0vzIn:2ZwSEBW2PYY5URGMTh8azIn |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3912 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://securepubads.g.doubleclick.net/pcs/view?adurl=https%3a%2f%2fwi2qi8.codesandbox.io/[email protected]" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1216 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3912 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1216 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\vendors~app~embed~sandbox-startup.6e3433fd3.chunk[1].js | text | |
MD5:F1BF7F25F09A67CDBFCF5243D79C0D24 | SHA256:D3BE0565DC1BBA02E688B13332BFC3DAFDC61D71DF04AA347F3E435BD8291A14 | |||
1216 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | binary | |
MD5:E2B626EBF3EFDEBA416FCD335581AEDA | SHA256:B1E1AB1C8075F82816661786B2469F434605666D7F8C9906D4E64DE3B6B607C2 | |||
1216 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:FB72F93BB0821D9FDFD5F404171D3049 | SHA256:7B10F551F95BB222F8F077834E05E352FAF479764D1C82AB9818A56BEDBEDE0E | |||
1216 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | der | |
MD5:5A11C6099B9E5808DFB08C5C9570C92F | SHA256:91291A5EDC4E10A225D3C23265D236ECC74473D9893BE5BD07E202D95B3FB172 | |||
1216 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\FMFKRQIH.htm | html | |
MD5:EA6FFBCDE13DE99254FC07D8551824BF | SHA256:357C4D1C856FE6B9B8B2F8C7F9CF1922FC5718E9CDAD7E960458FD3D5305E352 | |||
1216 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9 | der | |
MD5:3523BFA7B3ACACA361AC9814166709AD | SHA256:CE82F93FDB091E30497236D7F04BB67F7008E8E4133D2A8445B531C16D13AA67 | |||
1216 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_7B6729333CC15FF65C8D387F63EE8C27 | binary | |
MD5:60C24A914D82D5AC3A337CD481B372DE | SHA256:F12FF16DA03A31547719C229EBCF1DCF80DCBE892455A55946D32EFF344CED2D | |||
1216 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_7B6729333CC15FF65C8D387F63EE8C27 | der | |
MD5:B13CA649C2BD31CD9B5CDAC19A9377AD | SHA256:BE5678A0A60533AF71889982FC1EC4774A0E553D423C03AE826193F3040AE0D4 | |||
1216 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:41FBBFEF77C9E15DF36E1CB541503D98 | SHA256:1C596FD0B7231E43E672CB027BE6117200830DD98929F060C3A97F8EFC4EAE17 | |||
1216 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9 | binary | |
MD5:DFE2DB3E2695300473F2ADE43A500536 | SHA256:DCA75EC08788B57F3BC5FD81917BE56EEDF5E15CF813AD5D8E9D709ED4F0CB6B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1216 | iexplore.exe | GET | 200 | 104.89.32.83:80 | http://x2.c.lencr.org/ | NL | der | 299 b | whitelisted |
3912 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D | US | der | 471 b | whitelisted |
1216 | iexplore.exe | GET | 200 | 104.90.178.254:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
3912 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1216 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://crl.pki.goog/gsr1/gsr1.crl | US | der | 1.61 Kb | whitelisted |
1216 | iexplore.exe | GET | 200 | 92.123.195.73:80 | http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgOopxXmQmHgcmN%2Ft8n4ToOWvQ%3D%3D | unknown | der | 344 b | whitelisted |
3912 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
1216 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
1216 | iexplore.exe | GET | 200 | 142.250.186.131:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCHXS%2FWwGsOSRJbmAIB8NC3 | US | der | 472 b | whitelisted |
1216 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?af1166a2b4d64676 | US | compressed | 60.0 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1216 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3912 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1216 | iexplore.exe | 142.250.185.67:80 | crl.pki.goog | Google Inc. | US | whitelisted |
1216 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
1216 | iexplore.exe | 142.250.186.131:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
1216 | iexplore.exe | 142.250.74.195:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3912 | iexplore.exe | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1216 | iexplore.exe | 142.250.74.162:443 | securepubads.g.doubleclick.net | Google Inc. | US | unknown |
1216 | iexplore.exe | 104.18.47.230:443 | static.cloudflareinsights.com | Cloudflare Inc | US | malicious |
1216 | iexplore.exe | 104.18.43.17:443 | wi2qi8.codesandbox.io | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
securepubads.g.doubleclick.net |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl.pki.goog |
| whitelisted |
wi2qi8.codesandbox.io |
| suspicious |
codesandbox.io |
| whitelisted |
static.cloudflareinsights.com |
| whitelisted |