URL: | http://www.google.com |
Full analysis: | https://app.any.run/tasks/bb3145b9-e979-486e-8c10-8bba76fd83ac |
Verdict: | Malicious activity |
Analysis date: | March 30, 2020, 17:32:47 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | ED646A3334CA891FD3467DB131372140 |
SHA1: | 738DDF35B3A85A7A6BA7B232BD3D5F1E4D284AD1 |
SHA256: | 253D142703041DD25197550A0FC11D6AC03BEFC1E64A1320009F1EDF400C39AD |
SSDEEP: | 3:N1KJS4IK:Cc4IK |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2192 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.google.com" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3864 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2192 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3864 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab6FE9.tmp | — | |
MD5:— | SHA256:— | |||
3864 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar6FEA.tmp | — | |
MD5:— | SHA256:— | |||
3864 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1UAOJV3W.txt | — | |
MD5:— | SHA256:— | |||
3864 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\453HF2UZ.txt | — | |
MD5:— | SHA256:— | |||
3864 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\8QU1CQCK.txt | text | |
MD5:5F48C4F8ECF4FA7A15E968D864813CDA | SHA256:2A49CABC4679696FF2994EDE2D510C7FFDCA268FAFCF30B3F1A6BD50FA32AF0D | |||
3864 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\UJV80ULR.htm | html | |
MD5:6E06FCDA0C7328CDC284A2C6ECF3B8A9 | SHA256:13CFBF4E2349D7D262A89EEE7D668EBBD257175F0825999DCBD0AEFBDB1B2095 | |||
3864 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | binary | |
MD5:90B54080591D3CB86F61A1D86A964846 | SHA256:4BFCD613430A94F0307980D957CEB2B127A5BB690A483F488FAAD475FD826E27 | |||
3864 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_B4E256AEE3EBA21D6B1078B3E1B79532 | der | |
MD5:BC1B1DC02C5B3B36D7B746CEF55088B5 | SHA256:C9A08E023C79449B4CAB9EE533A1CDB02353A64D9866D8E51DEDE4D09674F92A | |||
3864 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_0B97942EE72A6E3F514E8E84F294CC72 | der | |
MD5:F26B1B29960D99AD1C44E71E3D2ABE4C | SHA256:7910B27AFDEE20EA27C4FA19221B1B63E00235E261E1A3FB9F1FB3456CBBB7AC | |||
3864 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKP7DMNH.txt | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3864 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEC4G%2Bv2mHN8jAgAAAABcZ3g%3D | US | der | 471 b | whitelisted |
3864 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQD7nI1BmOkYLAgAAAAAMgsX | US | der | 472 b | whitelisted |
2192 | iexplore.exe | GET | 200 | 72.21.91.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3864 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEGFA%2F%2Fi5YNGTCAAAAAAyCrg%3D | US | der | 471 b | whitelisted |
2192 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3864 | iexplore.exe | GET | 200 | 104.27.182.185:80 | http://peterjonny.com/optout/set/lat?jsonp=__mtz_cb_634479511&key=22ab99ef5bc624cbd8&cv=1585557294&t=1585557294320 | US | — | — | malicious |
3864 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D | US | der | 727 b | whitelisted |
3864 | iexplore.exe | GET | 204 | 88.99.151.223:80 | http://cdn-javascript.net/api?key=a1ce18e5e2b4b1b1895a38130270d6d344d031c0&uid=8875x&format=arrjs&r=1585557295514 | DE | — | — | malicious |
2192 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3864 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDL%2FQslYWVuogIAAAAAXGdc | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3864 | iexplore.exe | 172.217.22.68:80 | — | Google Inc. | US | whitelisted |
2192 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3864 | iexplore.exe | 172.217.22.35:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
3864 | iexplore.exe | 216.58.206.3:443 | www.google.dk | Google Inc. | US | whitelisted |
3864 | iexplore.exe | 216.58.210.14:443 | apis.google.com | Google Inc. | US | whitelisted |
3864 | iexplore.exe | 172.217.23.110:443 | consent.google.com | Google Inc. | US | whitelisted |
3864 | iexplore.exe | 172.217.22.68:443 | — | Google Inc. | US | whitelisted |
2192 | iexplore.exe | 172.217.22.68:443 | — | Google Inc. | US | whitelisted |
3864 | iexplore.exe | 216.58.207.35:443 | www.gstatic.com | Google Inc. | US | whitelisted |
3864 | iexplore.exe | 172.217.16.162:443 | adservice.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.google.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
consent.google.com |
| shared |
ssl.gstatic.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
www.google.dk |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
apis.google.com |
| whitelisted |
ogs.google.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3864 | iexplore.exe | A Network Trojan was detected | ET MALWARE LNKR CnC Activity M1 |
3864 | iexplore.exe | A Network Trojan was detected | ET MALWARE LNKR CnC Activity M3 |
3864 | iexplore.exe | A Network Trojan was detected | ET MALWARE LNKR Possible Response for LNKR js file |