URL: | https://l.wl.co/l?u=https://abre.ai/dN4e?userid=kI7Yt7q2 |
Full analysis: | https://app.any.run/tasks/9e2ed747-93a6-4e6e-ba8c-4f983ee3e5e4 |
Verdict: | Malicious activity |
Analysis date: | January 25, 2022, 03:48:51 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 6533421F14B9D4E34496F9DE58571BF8 |
SHA1: | 892BEBB7279E9F9159F23B66ACAAE9A512BA751C |
SHA256: | 29D62316134F344489F80E50FAAE13D1BE505068496698DC62B802AE13922795 |
SSDEEP: | 3:N8L6yRWNR6fBKTAaiOASUXn:2JWNR0BkeSO |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3204 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://l.wl.co/l?u=https://abre.ai/dN4e?userid=kI7Yt7q2" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3644 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3204 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3644 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar1D2E.tmp | cat | |
MD5:D99661D0893A52A0700B8AE68457351A | SHA256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | der | |
MD5:54E9306F95F32E50CCD58AF19753D929 | SHA256:45F94DCEB18A8F738A26DA09CE4558995A4FE02B971882E8116FC9B59813BB72 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_8D3166CA8766096BE0E1DB140BC86E89 | binary | |
MD5:A6C3203FD2908D8E79854B5948EC4969 | SHA256:77D46F12A2BC88A11EBBE87FA7003E901BE0694AC3CFC53A1AF141AAD94FA6D3 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF | binary | |
MD5:E13D809C47908B44D4A6A6D9F43E6E12 | SHA256:B0B742DA5B4166A73ECA81CDC8B730CDE596803D22114F52E38BE4CB61899684 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:6ABDC6D3F6919A60624879F9820EE254 | SHA256:AC984206939444A28493DA2B45CB1FF0601EF063946CEBAA7E583B860727356F | |||
3204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:2F9ABDDA60124B3103450EB2B6AD9EF4 | SHA256:B04E55F9971684F93C46FC57368BD0F8A335F5ABA2E697DCF39BDF7893594521 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | binary | |
MD5:404C91227E70C32C7CC72D546597986A | SHA256:2C47039FA38FB2D71DE31C28D9201C31643D93D29939618E394C36EC93BB2C1E | |||
3204 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3D04891BC4AC9FB2B59A30E9674AC315 | der | |
MD5:6103AFAD51D64D132130B8590D159A89 | SHA256:862A3B8A3719227434ED70C5BA962B0EB404701EDD42D2577547B55179134543 | |||
3644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691 | binary | |
MD5:53D4424FDB7739B9007330B7B07714B9 | SHA256:F99864F5715EEAB74EFFC6105DD6965367B1896E5F8C8778E58CF84BDBA5B73A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3644 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAMJi3Enr7ZyrxdfcMRwiIk%3D | US | der | 471 b | whitelisted |
3644 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl | US | der | 592 b | whitelisted |
3204 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3204 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3644 | iexplore.exe | GET | 200 | 23.45.105.185:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
3644 | iexplore.exe | GET | 200 | 104.18.31.182:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEGfe9D7xe9riT%2FWUBgbSwIQ%3D | US | der | 471 b | whitelisted |
3644 | iexplore.exe | GET | 200 | 178.79.242.128:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b2261f61964f64d3 | DE | compressed | 4.70 Kb | whitelisted |
3644 | iexplore.exe | GET | 200 | 104.18.31.182:80 | http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY | US | der | 728 b | whitelisted |
3644 | iexplore.exe | GET | 200 | 2.16.186.10:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgM9ZRBNcTcAU%2BmRq60F5aRspg%3D%3D | unknown | der | 503 b | shared |
3644 | iexplore.exe | GET | 200 | 178.79.242.128:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c11a9e5204e805b1 | DE | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3644 | iexplore.exe | 178.79.242.128:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | DE | malicious |
3644 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3204 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3204 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 192.168.100.2:53 | — | — | — | whitelisted |
3644 | iexplore.exe | 104.131.99.102:443 | abre.ai | Digital Ocean, Inc. | US | unknown |
3644 | iexplore.exe | 31.13.84.8:443 | l.wl.co | Facebook, Inc. | IE | unknown |
3644 | iexplore.exe | 23.45.105.185:80 | x1.c.lencr.org | Akamai International B.V. | NL | unknown |
3644 | iexplore.exe | 2.16.186.10:80 | r3.o.lencr.org | Akamai International B.V. | — | whitelisted |
3644 | iexplore.exe | 104.18.31.182:80 | ocsp.comodoca.com | Cloudflare Inc | US | unknown |
Domain | IP | Reputation |
---|---|---|
l.wl.co |
| suspicious |
www.microsoft.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |
abre.ai |
| suspicious |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |