URL: | http://certisign.co/ |
Full analysis: | https://app.any.run/tasks/c117cd9a-4e2d-4fb0-bf52-8eb26922af7b |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 13:35:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | AFD3C818AA1CE4AC854B9C5BD1D00603 |
SHA1: | 5AA76A3ECB74F1AA40AEEF5FA2F816FA644E6783 |
SHA256: | 2424BCFA4F9449D170F54BCC5655BED87BB5DA42D8626E6EF8A20E409C91CE97 |
SSDEEP: | 3:N1KdA9MILdK:CC9McK |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2492 | "C:\Program Files\Internet Explorer\iexplore.exe" http://certisign.co/ | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
552 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2492 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
552 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab51ED.tmp | — | |
MD5:— | SHA256:— | |||
552 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar51EE.tmp | — | |
MD5:— | SHA256:— | |||
552 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_26507F6AB86497964AB384B7674F89A0 | der | |
MD5:015E58D3BFD1711F59032C78FD1E798D | SHA256:F5DBC95CFCCFF09098DBB47712A6CD883D1A46FF4F7E5FE3CADC0B3C166833FD | |||
552 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\certisign[1].htm | — | |
MD5:— | SHA256:— | |||
2492 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
552 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | binary | |
MD5:1CB243E174D7B3EE58EAFC9B1376720F | SHA256:25AF5581E8E74320AF25130B4A410F80E599E75F5A5D77659623D514B8412E7C | |||
552 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58 | der | |
MD5:C76D6465FFC8627779A6A3184F30256B | SHA256:EC15D48E7924C0DF1079D6F1107C2E900721FF738D306DB494FC8735BF1DFD4D | |||
552 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623 | binary | |
MD5:04858A008D1587D7076C972208D2DE81 | SHA256:5EEE449655726CEBE02F9D6B94B338CB37470F1F3A13B9DCAF18AFD3710F1041 | |||
2492 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\CabD9EA.tmp | — | |
MD5:— | SHA256:— | |||
2492 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\TarD9EB.tmp | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
552 | iexplore.exe | GET | 200 | 34.102.136.180:80 | http://certisign.co/ | US | html | 2.46 Kb | whitelisted |
552 | iexplore.exe | GET | 200 | 23.51.123.27:80 | http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGMYDTj7gJd4qdA1oxYY%2BEA%3D | NL | der | 1.71 Kb | shared |
552 | iexplore.exe | GET | 200 | 142.250.74.195:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCYiHlVi1YSqAgAAAAAWy82 | US | der | 472 b | whitelisted |
552 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.godaddy.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCQDIf69pKhNfQw%3D%3D | US | der | 1.74 Kb | whitelisted |
552 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
552 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
552 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl4.digicert.com/DigiCertGlobalRootG2.crl | US | der | 828 b | whitelisted |
552 | iexplore.exe | GET | 200 | 142.250.74.195:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCYiHlVi1YSqAgAAAAAWy82 | US | der | 472 b | whitelisted |
552 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.godaddy.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCQDIf69pKhNfQw%3D%3D | US | der | 1.74 Kb | whitelisted |
2492 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.30 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
552 | iexplore.exe | 172.217.23.100:443 | www.google.com | Google Inc. | US | whitelisted |
552 | iexplore.exe | 23.51.123.27:80 | s.symcd.com | Akamai Technologies, Inc. | NL | whitelisted |
552 | iexplore.exe | 34.102.136.180:80 | certisign.co | — | US | whitelisted |
552 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
552 | iexplore.exe | 99.84.158.115:443 | d1hi41nc56pmug.cloudfront.net | AT&T Services, Inc. | US | unknown |
552 | iexplore.exe | 142.250.74.195:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2492 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2492 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
552 | iexplore.exe | 3.6.11.148:443 | api.aws.parking.godaddy.com | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
certisign.co |
| whitelisted |
www.google.com |
| whitelisted |
d1hi41nc56pmug.cloudfront.net |
| whitelisted |
s.symcd.com |
| shared |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
crl4.digicert.com |
| whitelisted |
api.aws.parking.godaddy.com |
| whitelisted |