URL: | http://www.sj-software.de/mepla/mepla-50/install/sj_mepla_install.exe |
Full analysis: | https://app.any.run/tasks/631ee7e2-97a8-4e89-9f0a-abed9d5ff890 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 08:56:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 26594F98C3D4166476498B151C2918EB |
SHA1: | 9BEF600700D83444C0489407400027F504FBE986 |
SHA256: | 2C44F0746AAD7C9E1B8F5E36A8C74F3D81DE70FD5914D09BD7D9CE58E111D50E |
SSDEEP: | 3:N1KJS45pwJCpEHIQNqFN:Cc45prEoQkn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2200 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.sj-software.de/mepla/mepla-50/install/sj_mepla_install.exe" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
924 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2200 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2200 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
2200 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:790E40386A5478B54787C28956E029D7 | SHA256:2A14CA44FA89C53F53111C7CAAE9155A460FA162BD822CCEAF7B7F74B8390557 | |||
2200 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\cropped-sj_bild_logo-32x32[1].jpg | image | |
MD5:330604D85065F3F3885EB88834B40F50 | SHA256:50C13DE5487C27073CCB106F97D36465CB789197D0B5552D46CA1CD723ADEEFB | |||
2200 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.dat | binary | |
MD5:F9E9A60C0008CDC4C6C91CACC1827B83 | SHA256:856E78F57AACC916475FFEC0BE0940339DA0FD37F8AC854663FBE885D5343C98 | |||
2200 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:8F33294DEC42857BB6F910B3EE2791AE | SHA256:2B76386A9CB0A268AA3E985C7C4C9200C8735698BAF61644318C55270EDEC41B | |||
2200 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0 | der | |
MD5:3CF0BF1FAF2AA2F8770A3F03C4388F47 | SHA256:36530CB098DAA657948C48A30B966FF389A12EA7F0D58A47422071FD1ACA6AB6 | |||
2200 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].htm | html | |
MD5:B8CE9384F6C359DE268FCE6D06C2A38F | SHA256:97E6F018B47AA2B5E9CDC4C416CE08D31124596B0AE1776AAB014E32DCD2EFC7 | |||
2200 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\favicon[2].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
2200 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:1D695780FB98C96AAE70750F77599D4A | SHA256:F7FFF4977280A85E26991884CA28B08E5EA5DBBE52A1E5F4C7B3F612CA2BFA03 | |||
2200 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F | der | |
MD5:DF6DEECBA36F8D0AF53EAFA9C51AB1F7 | SHA256:60D1053BDE5FBCA23ED8976F1EABAEE9C4BB459D9C997E5A76BB2182EE916D98 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
924 | iexplore.exe | GET | 401 | 217.160.0.77:80 | http://www.sj-software.de/mepla/mepla-50/install/sj_mepla_install.exe | DE | html | 681 b | malicious |
— | — | GET | 302 | 217.160.0.77:80 | http://www.sj-software.de/favicon.ico | DE | html | 222 b | malicious |
2200 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
2200 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2e50a28c016993cb | US | compressed | 4.70 Kb | whitelisted |
924 | iexplore.exe | GET | 401 | 217.160.0.77:80 | http://www.sj-software.de/mepla/mepla-50/install/sj_mepla_install.exe | DE | html | 681 b | malicious |
2200 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2200 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEA9iL28hwv9dUh9yOh1H1i0%3D | US | der | 471 b | whitelisted |
2200 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2200 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1ab15ec9db8b2787 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2200 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2200 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
924 | iexplore.exe | 217.160.0.77:80 | www.sj-software.de | 1&1 Internet SE | DE | malicious |
2200 | iexplore.exe | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 217.160.0.77:80 | www.sj-software.de | 1&1 Internet SE | DE | malicious |
2200 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2200 | iexplore.exe | 217.160.0.77:443 | www.sj-software.de | 1&1 Internet SE | DE | malicious |
Domain | IP | Reputation |
---|---|---|
www.sj-software.de |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
924 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted |