URL: | https://shop.telfar.net |
Full analysis: | https://app.any.run/tasks/f65e6428-074d-4ff3-a9ed-1876be0b6fc4 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 15:55:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 8E04F4ED3D9E020CF0196C9FD6872D8B |
SHA1: | 9433942ABC9088FA1DAD03536E3DB3A4FA86F842 |
SHA256: | 267BF951E9C1215F91F7EB37A8440D7B554F7CD6B02963C964354DBA4E8DC6B8 |
SSDEEP: | 3:N8AOAEYR:2AOuR |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
804 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://shop.telfar.net" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3408 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:804 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3408 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SGC3ZFSI.txt | text | |
MD5:1A460463204EAC2EFEC7362FDEF879B1 | SHA256:923700DAF3551F6756A6841073A7B63242BB370DC98F10C6702F6B076DD0D701 | |||
3408 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\O0PD6OJ7.txt | text | |
MD5:EE6DE6C53846B7ABAF68E7E247264930 | SHA256:B94A45C7812A63FD9A494B2B4FFB33E4C22AE9F0FF5D57EE6BA3C4C9735C2EC8 | |||
3408 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabA7DC.tmp | compressed | |
MD5:B9F21D8DB36E88831E5352BB82C438B3 | SHA256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E | |||
3408 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\UCNUA0VW.txt | text | |
MD5:7327FA30F9030048397EED64C2464DAA | SHA256:A9BEDD32AAD42B3B29BA6789F3E5EBBDC94A7D811F4C66FE9BC98804AA76FC6C | |||
3408 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabA78C.tmp | compressed | |
MD5:B9F21D8DB36E88831E5352BB82C438B3 | SHA256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E | |||
3408 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_CB3009F58BD564DBCF9C006FDBD62928 | binary | |
MD5:AFE7A97F0EF31EC232085B569979A866 | SHA256:78D68BD472B63BA546ADA7B28C519E00BBD2E94F2B029514210DD5EFE02D2B2A | |||
3408 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:CFB9409D3F8A959691AA4C5277DD8DC1 | SHA256:130193D3F33447F7A093EC037814BCAD7C114D7E56174658EBC18F635346473D | |||
3408 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\WNKJW2AN.txt | text | |
MD5:7D7C3E85D47D7C820CDE024F7EE63C5D | SHA256:F4EDC78CA201727E540100A033269058CC579650EAF350F57EC1D2718A2CE2E6 | |||
3408 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\9KW4KER2.txt | text | |
MD5:0FFB927AA3C2233054B91BE8BF1E1F83 | SHA256:2D97251A384108BBACE538F16D425C1E27C3BF8D2C762A2696930F20A6794553 | |||
3408 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_CB3009F58BD564DBCF9C006FDBD62928 | der | |
MD5:3875550E159DEBA26A62C9FFB5408D7F | SHA256:DDE7F9C2B8E3FF97286D03B2EC6587BFC9F46007D50093B0D29A6FB2BF3B17BF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3408 | iexplore.exe | GET | 200 | 178.79.242.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a1c4710b214890b5 | DE | compressed | 60.0 Kb | whitelisted |
3408 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAeYNgOt45kIIZygDCe8imw%3D | US | der | 471 b | whitelisted |
3408 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkcHsQD0GCJDTsBbjHt%2F | US | der | 1.41 Kb | whitelisted |
3408 | iexplore.exe | GET | 200 | 184.24.77.53:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgTna8ZntImsUVi0IhQ7xizeiQ%3D%3D | US | der | 503 b | shared |
3408 | iexplore.exe | GET | 200 | 142.250.185.195:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D | US | der | 724 b | whitelisted |
3408 | iexplore.exe | GET | 200 | 184.24.77.53:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPbYRzWm978%2Fa75VzitdzeMBg%3D%3D | US | der | 503 b | shared |
3408 | iexplore.exe | GET | 200 | 178.79.242.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?2bb87af1fa717fcb | DE | compressed | 60.0 Kb | whitelisted |
3408 | iexplore.exe | GET | 200 | 178.79.242.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?79fef95b4262de2a | DE | compressed | 60.0 Kb | whitelisted |
3408 | iexplore.exe | GET | 200 | 13.225.84.66:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
3408 | iexplore.exe | GET | 200 | 178.79.242.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b2ddbe3cab778d1b | DE | compressed | 60.0 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3408 | iexplore.exe | 104.18.20.226:80 | ocsp.globalsign.com | Cloudflare Inc | US | shared |
3408 | iexplore.exe | 104.16.255.71:443 | cdn.shopify.com | Cloudflare Inc | US | unknown |
804 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3408 | iexplore.exe | 23.227.38.74:443 | shop.telfar.net | Shopify, Inc. | CA | malicious |
3408 | iexplore.exe | 178.79.242.0:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | DE | whitelisted |
3408 | iexplore.exe | 76.76.21.123:443 | bismuth-core-v4.now.sh | Carolina Internet, Ltd. | US | malicious |
3408 | iexplore.exe | 96.16.145.230:80 | x1.c.lencr.org | Akamai Technologies, Inc. | US | suspicious |
3408 | iexplore.exe | 151.101.2.133:443 | static.klaviyo.com | Fastly | US | malicious |
3408 | iexplore.exe | 13.225.84.13:80 | ocsp.rootg2.amazontrust.com | — | US | whitelisted |
3408 | iexplore.exe | 13.225.84.175:80 | ocsp.rootg2.amazontrust.com | — | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
shop.telfar.net |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.globalsign.com |
| whitelisted |
bismuth-core-v4.now.sh |
| malicious |
cdn.shopify.com |
| whitelisted |
na-library.klarnaservices.com |
| whitelisted |
static.klaviyo.com |
| whitelisted |
monorail-edge.shopifysvc.com |
| whitelisted |