URL: | https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ |
Full analysis: | https://app.any.run/tasks/680a9be8-5c98-41c0-949c-e784ba990708 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 21:35:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | F7F65E89A785DC99FC24F84B9DCAD010 |
SHA1: | E87FBC3E3F951CB444EDCD249DF0E1A81B8B5F9F |
SHA256: | 23C1B981A6DF184CE99C6D87F20915B156C46FDE0AC9FBF319EC48EA8F631AA6 |
SSDEEP: | 3:N8FXpKHXCpoec3vOuxKPQK:2tpKHhvOyk |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1448 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1240 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1448 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1240 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:953BBBF2C62EB6DFC48AAC1AA78AA47F | SHA256:FB2030E7F3083D281DA52246BD5AD19971B1A2A7B9FA91F8ACDD1C4E0F43AF3C | |||
1240 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | binary | |
MD5:7D273DA1E0109208345EFB57443E3675 | SHA256:DE2CE615F72A78B7A5C408D8CF4A68AF9AD794FBECE18374C5B25333CAA62880 | |||
1240 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_E2D9EE934240D78D8CC03D02BC7480AB | der | |
MD5:33CCD72BE84907189F71A144492049BE | SHA256:2FF051F17C92C97659BAE61B94B7BA19B5F2AED6D25D72311FA63237E66DB8CA | |||
1240 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:541C9AEC8285D9513159CCBF522F2EE0 | SHA256:3F82FC7231065AC2F0928FC70B4847980C9A98AC3A151E1025B28A68AAD2FD84 | |||
1240 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\targeting[1].js | text | |
MD5:B0B3942064A7AAAB5B8816D838857DE4 | SHA256:03CC687F0C8A2D1694E509B91FCD6C62C0FBDBDBDB850B8007B8052F649C7F77 | |||
1240 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\164132[1].htm | html | |
MD5:9BFFA48EDC7D834538C8849920546A23 | SHA256:E3612AA93A4A0869138853899B15CCA0795B7E73F346AC9D43A0C50819300913 | |||
1240 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | binary | |
MD5:FF03034DB43BA9C176ABB889150D2095 | SHA256:83DA39D6068BE54CB58A7F57432C54863CE07CFBD6F28E6A3D0197E3D66DD060 | |||
1240 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:61A0DAA1B2804AFA80EB4344549E2560 | SHA256:1E48EFC677F276ABD155926F7CE98C596A71C55951E3D61E46A23AE5154F1E3C | |||
1240 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_E2D9EE934240D78D8CC03D02BC7480AB | binary | |
MD5:39DCFB9D57DC5AF293A0AEC399B76699 | SHA256:FFA06CD0D981F3BF753B2C309D97CAE3BCBC68411FAEDC3E77C7CC2F852E1D5E | |||
1240 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27 | binary | |
MD5:2EF9AF1CE9C4B62D12E6137563FB3B5F | SHA256:D7F90F8CAE3A1BDDE94AAA31A210C5BE704C217E3976255292DCF6624D5A57DE |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1240 | iexplore.exe | GET | — | 13.225.84.66:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | — | — | whitelisted |
1240 | iexplore.exe | GET | — | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D | US | — | — | whitelisted |
1240 | iexplore.exe | GET | — | 142.250.185.227:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | — | — | whitelisted |
1240 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
1240 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEA4pYwSemmzzY620EQqw7IM%3D | US | der | 471 b | whitelisted |
1240 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
1240 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
1240 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEA1s6mM7M65JSJenrBIW2A0%3D | US | der | 471 b | whitelisted |
1240 | iexplore.exe | GET | 200 | 142.250.185.227:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
1240 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1448 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1448 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1240 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1240 | iexplore.exe | 23.216.77.80:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
1240 | iexplore.exe | 35.173.160.135:443 | threatpost.com | Amazon.com, Inc. | US | unknown |
1240 | iexplore.exe | 172.67.68.250:443 | qd.admetricspro.com | — | US | unknown |
1240 | iexplore.exe | 172.217.16.194:443 | www.googletagservices.com | Google Inc. | US | whitelisted |
1240 | iexplore.exe | 185.85.15.23:443 | media.kaspersky.com | Kaspersky Lab AO | RU | unknown |
1240 | iexplore.exe | 142.250.185.68:443 | www.google.com | Google Inc. | US | whitelisted |
1240 | iexplore.exe | 13.225.78.40:443 | tagan.adlightning.com | — | US | malicious |
Domain | IP | Reputation |
---|---|---|
threatpost.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
tagan.adlightning.com |
| whitelisted |
www.googletagservices.com |
| whitelisted |
qd.admetricspro.com |
| unknown |
media.kasperskycontenthub.com |
| whitelisted |
media.threatpost.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
1240 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1240 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |