URL: | https://viewstripo.email/template/69b6c1d6-360b-47af-bbec-994db5af551a |
Full analysis: | https://app.any.run/tasks/a7cb69f2-5a83-468a-bc9f-a39a49f5df70 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 18:55:47 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | F628D62CE82E6AE66F3B9093B8B5075C |
SHA1: | 6DBB56D760CB5E3E55C379170FDE49BBF5C761DD |
SHA256: | 241B30A1C1E9F56FC47152EE7E89506BA34C6A1E6BC132B8A4087DCCCA7922B4 |
SSDEEP: | 3:N8PLxUEmM2IRODhcRDMBE:2P521cRDyE |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3028 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://viewstripo.email/template/69b6c1d6-360b-47af-bbec-994db5af551a" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3480 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3028 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3396 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3028 CREDAT:3609877 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3480 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | binary | |
MD5:7550C345AC10D2F3A53A842FFF0C2F48 | SHA256:1F007968352EB1E973C2606C4A3461C31DBF3770CD9B4E59839975D2736A71C2 | |||
3480 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3538626A1FCCCA43C7E18F220BDD9B02 | binary | |
MD5:163FB111D0909AFFADEB4944D807517A | SHA256:C4DBCA1277060CE788CC8609BE2CDF33BE7B93895E5CAE87951C7E03DDFA1E3D | |||
3480 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 | der | |
MD5:FB55008D5753F218C572D6845F73E063 | SHA256:0FA825B66CA08110C0A45D7445A59438CDADFCAD8EAF9A9116E1993E287356B0 | |||
3480 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\69b6c1d6-360b-47af-bbec-994db5af551a[1].htm | html | |
MD5:E5611D2F1955589B530716ED63AD1713 | SHA256:7B30BF54EB544397BE87BDD4200ED1A87CFBDC347112893EEEB344608EDA0C26 | |||
3480 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:338FBA9A6B96A07EFBA08D548D35E2A9 | SHA256:B4B8DBAF879B5189452D62474BEC7DD357093B0B4B713D4514F5181194CDCB7E | |||
3480 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3538626A1FCCCA43C7E18F220BDD9B02 | der | |
MD5:C8888F31FD1FF065E9EB8B693FA9DD91 | SHA256:04EF9B7DB3CB7FDE61CC3583A5E69CEB1E2785540132E3D8B17AF476FCD3AC11 | |||
3028 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:AC8FE9D561E9E7288AECF13F03AEA3D1 | SHA256:CECD911136F3CCBE6F4869CBCBD9FD15B3FA91CD2FD49B9655FA3BCF8E932C05 | |||
3028 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:E1EF4891DEA6D81536BAA8B22390D515 | SHA256:5A201A79D43E8DBEEDC215960FB3652069BEBB1FFCB9F07367B072223CBE741A | |||
3480 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 | binary | |
MD5:EBA96C811A613374EDD37C7E60731BD2 | SHA256:8654D74C0EDDF371D29E2387430D49B57EC77BD5630BD384C81569AC757CDEC3 | |||
3028 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:86134AB5B619F27A62590161561A83F0 | SHA256:CD8AF04A9E273E996D9D160DBE6B0D5E7349D8DDAB0D1F67638CA15029921AA1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3480 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl | US | der | 978 b | whitelisted |
3480 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6973aa0a37a4c3a8 | US | compressed | 4.70 Kb | whitelisted |
3396 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAF9LxfeRoa0ZPqxq7Z2wf0%3D | US | der | 471 b | whitelisted |
3396 | iexplore.exe | GET | 200 | 195.138.255.18:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNDEJw8XjLXZHnIGDjxL10YiQ%3D%3D | DE | der | 503 b | shared |
3396 | iexplore.exe | GET | 200 | 96.16.145.230:80 | http://x1.c.lencr.org/ | US | der | 717 b | whitelisted |
3480 | iexplore.exe | GET | 200 | 104.18.32.68:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
3480 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://crl.comodoca.com/AAACertificateServices.crl | US | der | 506 b | whitelisted |
3396 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
3028 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3396 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA9bw6F2y3ieICDHiTyBZ7Q%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3480 | iexplore.exe | 104.18.32.68:80 | ocsp.comodoca.com | Cloudflare Inc | US | suspicious |
3028 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3480 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
3480 | iexplore.exe | 172.64.155.188:80 | ocsp.comodoca.com | — | US | suspicious |
3480 | iexplore.exe | 52.208.21.62:443 | viewstripo.email | Amazon.com, Inc. | IE | suspicious |
— | — | 172.64.155.188:80 | ocsp.comodoca.com | — | US | suspicious |
3028 | iexplore.exe | 52.208.21.62:443 | viewstripo.email | Amazon.com, Inc. | IE | suspicious |
3028 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3396 | iexplore.exe | 192.185.98.250:443 | wonelect.gq | CyrusOne LLC | US | suspicious |
3480 | iexplore.exe | 88.198.151.113:443 | rqvhlz.stripocdn.email | Hetzner Online GmbH | DE | suspicious |
Domain | IP | Reputation |
---|---|---|
viewstripo.email |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl.comodoca.com |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
crl.usertrust.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO DNS Query for Suspicious .gq Domain |
3396 | iexplore.exe | Potentially Bad Traffic | ET INFO Suspicious Domain (*.gq) in TLS SNI |
3396 | iexplore.exe | Potentially Bad Traffic | ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.gq) |
3396 | iexplore.exe | Potentially Bad Traffic | ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.gq) |
3028 | iexplore.exe | Potentially Bad Traffic | ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.gq) |
3028 | iexplore.exe | Potentially Bad Traffic | ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.gq) |
3396 | iexplore.exe | Potentially Bad Traffic | ET INFO Suspicious Domain (*.gq) in TLS SNI |