URL: | https://protect-us.mimecast.com/s/s0kAC5ylzEHpVAZBFzmW_G?domain=osmanager4.com |
Full analysis: | https://app.any.run/tasks/465ffbda-b8d5-477e-ba90-1fb13dc08de0 |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 20:45:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 4A9DD9D1CB9D159A84F4E7FC21EF38D3 |
SHA1: | EB6C4127AD4708578F0882A7A44AA3B0B8512CA1 |
SHA256: | 305BA6793B0B928CE89EDD117BE2E5CD7630F22A33C39356EA5592CB66FDFFA9 |
SSDEEP: | 3:N8TKRt2Md3H36ia8SGAXk:2Wp3H5a8OXk |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3652 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://protect-us.mimecast.com/s/s0kAC5ylzEHpVAZBFzmW_G?domain=osmanager4.com" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1904 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3652 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2796 | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Integrity Level: MEDIUM Description: Adobe� Flash� Player Installer/Uninstaller 32.0 r0 Version: 32,0,0,453 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3652 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:2153F6030910674182FB489848D31AC2 | SHA256:82F9A6DA08C6E72E9065C4FDD6BBD0B3C1624BF325293C55C276DF0FF157C9D0 | |||
1904 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27 | binary | |
MD5:C29220D66ACB8FC58A75F8C844272906 | SHA256:FA1440C67FB1D35EF8C00537608A0D4075878EF7E6FE4ACBA2E68F3D73E7781E | |||
3652 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:555F5687B94C98F954B9696E4313AE12 | SHA256:777877B0696185C94473A6F89FE73DB67B1E84B4E205638E2223B49B46408EA0 | |||
3652 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:AC68ACF50745357D4EA92B214D9E7132 | SHA256:AE3F7FDE380D2D90571A61378E52B1BC284B4C4C6A1E099F6F022395EBED6154 | |||
1904 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\TakeCourse[1].htm | html | |
MD5:B76DE230F83974C23FA9242218FF7AA6 | SHA256:ABA4B17ACFEBA4C5E78A674C0F5D9ED8EC39862493B23EE9111B8E9B4ABEB40E | |||
1904 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | binary | |
MD5:5826F9DA4EF2093F54195AA6960B82A1 | SHA256:94E5B78B3071B28CF62B29678AA59A3C838784CE61C687E54C6134B7F8250672 | |||
1904 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2543B5AF7D46D42E6CEED21F85143F6A_741EF372FB528509D3ADCB1393C06EDF | der | |
MD5:55BE4669EA41031782124625B4F07B7F | SHA256:2B2C2D332976541EC829465605B1A8F383C07030D13F25C9C331FAFBB6F12513 | |||
3652 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
1904 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | der | |
MD5:64E9B8BB98E2303717538CE259BEC57D | SHA256:76BD459EC8E467EFC3E3FB94CB21B9C77A2AA73C9D4C0F3FAF823677BE756331 | |||
1904 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2543B5AF7D46D42E6CEED21F85143F6A_741EF372FB528509D3ADCB1393C06EDF | binary | |
MD5:84D26119AC7023AB0963CE46EE0A81D4 | SHA256:74457A8F739D6B4EB41259530E12EC3FC7AC0B7627A38E0D103277284E76C380 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1904 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAj8EtmP3tUuyPE3Fv2fV60%3D | US | der | 471 b | whitelisted |
1904 | iexplore.exe | GET | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
1904 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D | US | der | 471 b | whitelisted |
1904 | iexplore.exe | GET | 301 | 199.180.184.119:80 | http://www.osmanager4.com/TakeCourse.aspx?rid=9A2D5036-823B-4E19-8257-487365DF1205&siteid=A2&cc=2 | US | html | 229 b | whitelisted |
3652 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
1904 | iexplore.exe | GET | 200 | 192.124.249.41:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
1904 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/ca/gsatlasr3dvtlscah22021/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS6TOb2Xsu4ebxUmWLNjwrgPgkaRQQUKjS5qvq%2FPIjxR%2FLSEni%2BxeWqsGkCEAFGs0da7sCMcsM1EEJzpDk%3D | US | der | 1.43 Kb | whitelisted |
1904 | iexplore.exe | GET | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEG9FXshPqpwWCgAAAAEn3MY%3D | US | der | 471 b | whitelisted |
1904 | iexplore.exe | GET | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGmSmALa8169CgAAAAEn3NM%3D | US | der | 471 b | whitelisted |
1904 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEA8Z1S1D5wokxRW9RfQJQUE%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3652 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
3652 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1904 | iexplore.exe | 207.211.31.113:443 | protect-us.mimecast.com | Navisite, Inc. | US | suspicious |
1904 | iexplore.exe | 199.180.184.119:443 | www.osmanager4.com | Armor Defense Inc | US | unknown |
1904 | iexplore.exe | 199.180.184.119:80 | www.osmanager4.com | Armor Defense Inc | US | unknown |
1904 | iexplore.exe | 205.139.111.12:443 | protect-us.mimecast.com | -Reserved AS-, ZZ | US | suspicious |
3652 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1904 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3652 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
protect-us.mimecast.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.osmanager4.com |
| unknown |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |