URL: | http://www.zixcorp.com/info/zixmail_ZMC |
Full analysis: | https://app.any.run/tasks/8a9cbfbd-af78-4249-bfb3-363a9cf82123 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 19:28:34 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 322F5B4F06A8F9C966ABE0AC6615441E |
SHA1: | 2B4140EAE2853611E6BA0C8D3E0A86DEC2CE7FEA |
SHA256: | 23A466A3876B6DAF220F71AC2CE36B503C97EDE44745B3FBB4B6FD26AAD5CAC1 |
SSDEEP: | 3:N1KJS4kB25MKlJxmn:Cc4k2g |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1988 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.zixcorp.com/info/zixmail_ZMC" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2184 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1988 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3976 | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Integrity Level: MEDIUM Description: Adobe� Flash� Player Installer/Uninstaller 32.0 r0 Version: 32,0,0,453 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2184 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D8A5A4A0441F7653C3609E0E2DE6769F_F915E31498E185C05AE6F4FD11B4AFFB | der | |
MD5:2CBF869668D0BEE93508E73390FF1081 | SHA256:03A2C003A5EED41AFDDA70A5CB4FEA9F728530549538BCEF8DD549D1296A2C82 | |||
2184 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D8A5A4A0441F7653C3609E0E2DE6769F_F915E31498E185C05AE6F4FD11B4AFFB | binary | |
MD5:363EA6D4EA99F647E9301A362003D7BA | SHA256:AFEDC1D764C1599439A26F1CA4E42161BF92CCF1B2944170C61FC383056D0FA8 | |||
2184 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_994B5C515D64A296EABD42B0A2E46349 | binary | |
MD5:279E97B1A0AF60983D5EE051A89B2E02 | SHA256:51B4495444C43352C575A72E869447385125A34764049B4875AF6E3D63D5D7B5 | |||
2184 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:EC5BFE442439B2041CD39E9AA8587BDB | SHA256:C364E1F4B4E1F0875DD2A2896D382699DCFA3FF739DFDA2DC549ABDD10057FA7 | |||
2184 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:D75EECCAB959276169C9E83AB2B20472 | SHA256:0B596A339D3FC52B8921062E433A53A6FC0EBBF81ED485D7E2A0F90010AA1AEB | |||
1988 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
1988 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:E3334FCE64A673F8BF9DD3B38612D3F6 | SHA256:1B4023E58F086BD0C5FD0F74026C1A2B6C8F3A11C8C707F6EDEF4C581EB6B072 | |||
1988 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:2A370F3630FDAEE74BCC071EAB8DA95D | SHA256:32969D46FFA49ACC3CCEA3E08329CF48125EE4C51BB91F610D9CCC0285DF5CA3 | |||
2184 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_994B5C515D64A296EABD42B0A2E46349 | der | |
MD5:7A1E74268C87F4529EC420D30B8DFE48 | SHA256:D164CE083C654E90F0A47B99666E351F1D72372336EBAA8C1BF701FCAA53A6DD | |||
1988 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:111DCDB55A88510DB3C1E141A0EA1538 | SHA256:022A2CD07C65A61F3419427C0D278028CC8FD3C40D593279C2035D881013973B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2184 | iexplore.exe | GET | 200 | 23.45.103.152:80 | http://ocsp.entrust.net/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCDGGh59IAAAAAUdNmpg%3D%3D | NL | der | 1.55 Kb | whitelisted |
2184 | iexplore.exe | GET | 200 | 23.45.105.185:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
2184 | iexplore.exe | GET | 302 | 199.30.234.249:80 | http://www.zixcorp.com/info/zixmail_ZMC | US | — | — | suspicious |
2184 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
2184 | iexplore.exe | GET | 200 | 104.18.31.182:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
1988 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
1988 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2184 | iexplore.exe | GET | 200 | 8.253.95.120:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c11a9e5204e805b1 | US | compressed | 4.70 Kb | whitelisted |
2184 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCrvyQ4GllugQoAAAABK4Az | US | der | 472 b | whitelisted |
2184 | iexplore.exe | GET | 200 | 23.45.103.152:80 | http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQnuEQcScL%2FkljKed%2BRzpzFYOq9kwQUw%2FfQtSowra8NkSFwOVTdvIlwxzoCECaLAO3HzOGwYxXYelu9XOA%3D | NL | der | 1.55 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2184 | iexplore.exe | 199.30.234.249:80 | www.zixcorp.com | Zix Corporation | US | suspicious |
2184 | iexplore.exe | 199.30.234.249:443 | www.zixcorp.com | Zix Corporation | US | suspicious |
1988 | iexplore.exe | 8.253.95.120:80 | ctldl.windowsupdate.com | Global Crossing | US | suspicious |
1988 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1988 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1988 | iexplore.exe | 67.26.81.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
1988 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2184 | iexplore.exe | 23.45.103.152:80 | ocsp.entrust.net | Akamai International B.V. | NL | suspicious |
2184 | iexplore.exe | 8.253.95.120:80 | ctldl.windowsupdate.com | Global Crossing | US | suspicious |
2184 | iexplore.exe | 104.198.14.52:443 | learn.zix.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.zixcorp.com |
| suspicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
zix.com |
| whitelisted |
ocsp.entrust.net |
| whitelisted |
learn.zix.com |
| suspicious |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2184 | iexplore.exe | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |