URL: | http://links.mail.quotevista.com/u/click?_t=ddf7d292dc214d15a4fa0605b12fd48d&_m=7a14aa3bb80044ab9d8c012db4a61edf&_e=0kjP0r53ltRkz1iEk76ipJl_gPOLOtWz3OhzdQeihJwJCKOBu9S7TQfwyHpDz8dt7aH-eGmZFjy9UKQ3JZixaAM9gVuU8nQZZ5ZaOCbfgx1WqTIT4Mhuwmt4139r4nRrvOOCea5uPEiIakHdjEJlhnMyN_O_LbYMSey6oJrp7min0I1BJicBKtYgG8m7fdiRetLOgWIauBpJAYmgaDQqkXLPQyIUCOMaU_1WzP2Feg_ybKW9SjgbV-QEQiB8aMQiVYsgbqbpdkWieO_U7vBlsKDJWnDo9sZnfVtWUU0LeMgyLUJVpjcT3HukVtH8vgw0G7h2hdGTis4wrueyt4LIP1eYw8m5XL1ybfTd-lzXC3v-913cPRZoT9c9_kkeHH8YB5rcWX_rBzAzE6nVOeqeww%3D%3D |
Full analysis: | https://app.any.run/tasks/6fc8f528-e3fb-440e-b2f8-1c46bf304d0b |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 21:35:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | ACD3F24B31F7CD8D9FCFE9A542BBFB42 |
SHA1: | 4968A89B9CB4DB68BCDB067F741F26C5262E2405 |
SHA256: | 227BE9044AB0002C9578841F0926BD2F86D73F382B655ED89CB3C736AC28E1C2 |
SSDEEP: | 12:Vy5I3amUyPf0AYFZBFUv2mlg/o0Y5ccaJebODUJQ/BAm:VwKamz0AYFyv21/o0UaSxwBAm |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3740 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://links.mail.quotevista.com/u/click?_t=ddf7d292dc214d15a4fa0605b12fd48d&_m=7a14aa3bb80044ab9d8c012db4a61edf&_e=0kjP0r53ltRkz1iEk76ipJl_gPOLOtWz3OhzdQeihJwJCKOBu9S7TQfwyHpDz8dt7aH-eGmZFjy9UKQ3JZixaAM9gVuU8nQZZ5ZaOCbfgx1WqTIT4Mhuwmt4139r4nRrvOOCea5uPEiIakHdjEJlhnMyN_O_LbYMSey6oJrp7min0I1BJicBKtYgG8m7fdiRetLOgWIauBpJAYmgaDQqkXLPQyIUCOMaU_1WzP2Feg_ybKW9SjgbV-QEQiB8aMQiVYsgbqbpdkWieO_U7vBlsKDJWnDo9sZnfVtWUU0LeMgyLUJVpjcT3HukVtH8vgw0G7h2hdGTis4wrueyt4LIP1eYw8m5XL1ybfTd-lzXC3v-913cPRZoT9c9_kkeHH8YB5rcWX_rBzAzE6nVOeqeww%3D%3D" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1940 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3740 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3948 | "C:\Windows\hh.exe" | C:\Windows\hh.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft� HTML Help Executable Exit code: 4294967295 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
888 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3740 CREDAT:595215 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1940 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:C8142EBEE6B2863AD6F3D72B5CB36382 | SHA256:7066DD8C95D7A4336065224263595E58AB7483C60BE77A3977F466FEF004EDA3 | |||
1940 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | der | |
MD5:54E9306F95F32E50CCD58AF19753D929 | SHA256:45F94DCEB18A8F738A26DA09CE4558995A4FE02B971882E8116FC9B59813BB72 | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCYMIAJA.txt | text | |
MD5:1784F1D76C3A700F95E05730BF729008 | SHA256:612266AB23192EAAEB0E900AC0046464285283CA41D754E9E71C497C9EAC635A | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\xxc3xx[1].htm | html | |
MD5:14AC68983B7286BEFB29DB753A1382A3 | SHA256:73D76B7CEFC771D9D8307C308F43641F3736101069DF57E2CBA944327431CA53 | |||
1940 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | binary | |
MD5:C08B45A604EF79F58D8D0A197127A79B | SHA256:7B375CBCAD7690FC6CF0864C3D1871F8CDA5303DD12D73653D4A0BD55BEA6BDA | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\NUFVLZQ1.txt | text | |
MD5:7E67722295C7215F1AC81E9CDE13142C | SHA256:04415613D0B174CE67940C4E6E517D8F0F017B54A0C44DF6950250D8B7573D99 | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\JRHR970M.txt | text | |
MD5:AF15CBEF68D561030D799678BAE4FA90 | SHA256:CB0AF82A3C5C84A3F7D69B4898A3412922FC21CC56DB928E02D1F0DF5D71F2C4 | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\392KGMB0.txt | text | |
MD5:6A94786E01E869DA5F6951F4AE6C5A76 | SHA256:8F84F3E642D965455B8E8E58F85A26DF9A133BECB564C86691F4047669E223A0 | |||
1940 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BF9051E61AC4938A2069463AEEE50E9D | binary | |
MD5:34482DDD22F291CDF7EC756789E1B6E5 | SHA256:CF6C33C5E47BA0E287B15F5E781DBC0B80E0265F2358AE7AA6960BE1ABCDA8B8 | |||
1940 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarCEA3.tmp | cat | |
MD5:D99661D0893A52A0700B8AE68457351A | SHA256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1940 | iexplore.exe | GET | 303 | 35.153.212.150:80 | http://links.mail.quotevista.com/u/click?_t=ddf7d292dc214d15a4fa0605b12fd48d&_m=7a14aa3bb80044ab9d8c012db4a61edf&_e=0kjP0r53ltRkz1iEk76ipJl_gPOLOtWz3OhzdQeihJwJCKOBu9S7TQfwyHpDz8dt7aH-eGmZFjy9UKQ3JZixaAM9gVuU8nQZZ5ZaOCbfgx1WqTIT4Mhuwmt4139r4nRrvOOCea5uPEiIakHdjEJlhnMyN_O_LbYMSey6oJrp7min0I1BJicBKtYgG8m7fdiRetLOgWIauBpJAYmgaDQqkXLPQyIUCOMaU_1WzP2Feg_ybKW9SjgbV-QEQiB8aMQiVYsgbqbpdkWieO_U7vBlsKDJWnDo9sZnfVtWUU0LeMgyLUJVpjcT3HukVtH8vgw0G7h2hdGTis4wrueyt4LIP1eYw8m5XL1ybfTd-lzXC3v-913cPRZoT9c9_kkeHH8YB5rcWX_rBzAzE6nVOeqeww%3D%3D | US | — | — | unknown |
1940 | iexplore.exe | GET | 200 | 104.18.30.182:80 | http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY | US | der | 728 b | whitelisted |
1940 | iexplore.exe | GET | 200 | 23.45.105.185:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
1940 | iexplore.exe | GET | 200 | 2.16.186.120:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNkv9aAdnzB%2B%2BZvkNNTS8NLIw%3D%3D | unknown | der | 503 b | shared |
1940 | iexplore.exe | GET | 200 | 193.239.87.59:80 | http://usawildseafood.com/wp-content/uploads/2020/07/dsc01652-2-498-2-1024x683.jpg | unknown | image | 77.7 Kb | unknown |
3740 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
1940 | iexplore.exe | GET | 200 | 104.18.30.182:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEGfe9D7xe9riT%2FWUBgbSwIQ%3D | US | der | 471 b | whitelisted |
1940 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCAnDacZA1UWwoAAAABJ9nq | US | der | 472 b | whitelisted |
1940 | iexplore.exe | GET | 200 | 2.16.106.186:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c7e1f7930a058e5f | unknown | compressed | 59.9 Kb | whitelisted |
1940 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1940 | iexplore.exe | 193.239.87.59:443 | usawildseafood.com | — | — | unknown |
1940 | iexplore.exe | 104.18.30.182:80 | — | Cloudflare Inc | US | suspicious |
1940 | iexplore.exe | 2.16.106.186:80 | ctldl.windowsupdate.com | Akamai International B.V. | — | whitelisted |
1940 | iexplore.exe | 2.16.186.120:80 | r3.o.lencr.org | Akamai International B.V. | — | whitelisted |
1940 | iexplore.exe | 35.153.212.150:80 | links.mail.quotevista.com | — | US | unknown |
1940 | iexplore.exe | 199.167.130.114:443 | www.phiturtip.com | Media-Hosts Inc. | CA | unknown |
1940 | iexplore.exe | 23.45.105.185:80 | x1.c.lencr.org | Akamai International B.V. | NL | unknown |
1940 | iexplore.exe | 142.250.185.238:443 | www.googleoptimize.com | Google Inc. | US | whitelisted |
3740 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3740 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
links.mail.quotevista.com |
| unknown |
www.phiturtip.com |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |
usawildseafood.com |
| unknown |
ocsp.comodoca.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |