URL: | https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.coursera.org%2FHrrNKgsXvsmZ&data=04%7C01%7CHind.Alsaadi%40digitaldubai.ae%7Ceaf23025ba9642ed5b9b08d99c23fdaf%7C2cc2d76d2d544a77885672cace111bd2%7C1%7C0%7C637712500672840259%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fA4hl83A3%2FXkoYvVYlsgbP1ZCqBgUlHYgO3zYKOq9GI%3D&reserved=0 |
Full analysis: | https://app.any.run/tasks/0eda91fa-c186-4983-ae6c-5605f86ef063 |
Verdict: | Malicious activity |
Analysis date: | October 31, 2021, 04:33:51 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | EE544112946266A721CBF5827B4CC0FD |
SHA1: | 65B0F248A91830297D42BC1CF2F5FFAB2E147246 |
SHA256: | 39678E0ECD925A9DA77A93C564A0004F2FC98D2E01924ECFFC66C1225BF4EEF9 |
SSDEEP: | 12:2A5qxILdzrDuFUJiWQRhCKP7RlhXdozOlM:2uqIzrDu2JURfP7vVY |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2892 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.coursera.org%2FHrrNKgsXvsmZ&data=04%7C01%7CHind.Alsaadi%40digitaldubai.ae%7Ceaf23025ba9642ed5b9b08d99c23fdaf%7C2cc2d76d2d544a77885672cace111bd2%7C1%7C0%7C637712500672840259%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fA4hl83A3%2FXkoYvVYlsgbP1ZCqBgUlHYgO3zYKOq9GI%3D&reserved=0" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3280 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2892 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3280 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2F23D0F5E4D72862517E1CB26A329742_F6FACC49395CFA949BCE851E73323C49 | der | |
MD5:ED653E1A401079485801AF84FB7884C8 | SHA256:5346D23D11F04DA606E1310ABDB8B3C2B5EA5F88676A8BE868CE95991464BEDF | |||
3280 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | binary | |
MD5:C6ACD8059C4D99795E9C1043031D39C0 | SHA256:942C108F7E26394207226065206FBD297135E897BA3A9FE91E0261E5DE48EF27 | |||
2892 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:6C0A745B5AB0B474E187D99D2DD3E6BF | SHA256:188ECB5E400230133C8217D6A722B2BAE98296C60CF95BDD9A60A7FFA3E20E7E | |||
3280 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | binary | |
MD5:A6F9F5AE9C7F01A4AA8CE04C8E9BF4CC | SHA256:6FD98FF908D85D27E10F40D60CE35725452E2353F75E023E8070415138BC5FB9 | |||
3280 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC5A820A001B41D68902E051F36A5282_0F30E2B2066AE2EB78D964F2AE335C46 | binary | |
MD5:A2D5DC8BE6CB940B1C0DAFC9814BED42 | SHA256:CC01298D74C2AA1FC4F8AA8D0C4D3409EADACC46ACEA755DD86D8C72167E1DF0 | |||
3280 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 | der | |
MD5:5F746C7C6A61CF5009B68CB13CA96274 | SHA256:AD21E7566AC327D3D48D76E840E8ACC48F25831A4874B3B711775527D87D5DF9 | |||
3280 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC5A820A001B41D68902E051F36A5282_092D8D3B7D6060FEADA1E2B76C78EBC4 | binary | |
MD5:358469E9270DAF5416C745CB919A8B7F | SHA256:3CB81257093EE503EC615CCF64B12E2B7732E9376CCD442346FA40336FFF1F4F | |||
3280 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | der | |
MD5:F444C5FEEE26C6E4530DAEF720B54449 | SHA256:8A32201BC55F97D07E81BA54BD7F6BF3C66F2A8052B03025EE8BE67ACD685AEC | |||
3280 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | der | |
MD5:15DB79133013F8A3676AF10F250AD06A | SHA256:C57CE646E8E2F4E52265A73E8B279D14E9BDEADA8E17537966C7A3AD81A6BBE1 | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\OURN4MBO.txt | text | |
MD5:B5AC9FBA48630953B84177DFD7922CD1 | SHA256:99D6B7023EE63AFD8723E61EBE326040109C7E5E362E862489480E32089B80AB |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3280 | iexplore.exe | GET | 200 | 13.32.23.69:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
2892 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
3280 | iexplore.exe | GET | 200 | 13.32.23.96:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
3280 | iexplore.exe | GET | 200 | 143.204.214.141:80 | http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEA8yeaVkWB27Ou8mk7ilnk8%3D | US | der | 471 b | whitelisted |
2892 | iexplore.exe | GET | 304 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f771e0cec0249870 | US | — | — | whitelisted |
2892 | iexplore.exe | GET | 304 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?eb8569c322644158 | US | — | — | whitelisted |
3280 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAGewca9P1l7sgwzOOVR2Hc%3D | US | der | 471 b | whitelisted |
3280 | iexplore.exe | GET | 200 | 13.32.23.69:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
3280 | iexplore.exe | GET | 200 | 142.250.185.195:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC4%2BUeL0O3WpQoAAAABCK%2BH | US | der | 472 b | whitelisted |
3280 | iexplore.exe | GET | 200 | 143.204.214.141:80 | http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAEsqV85%2BNMDPZOSkpL%2BzEo%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3280 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2892 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3280 | iexplore.exe | 104.47.84.28:443 | are01.safelinks.protection.outlook.com | Microsoft Corporation | US | unknown |
3280 | iexplore.exe | 34.199.107.0:443 | eventing.coursera.org | Amazon.com, Inc. | US | unknown |
3280 | iexplore.exe | 13.32.23.69:80 | ocsp.rootg2.amazontrust.com | Amazon.com, Inc. | US | whitelisted |
3280 | iexplore.exe | 13.35.253.92:443 | go.coursera.org | — | US | unknown |
3280 | iexplore.exe | 13.32.23.96:80 | o.ss2.us | Amazon.com, Inc. | US | unknown |
3280 | iexplore.exe | 143.204.214.141:80 | ocsp.sca1b.amazontrust.com | — | US | whitelisted |
2892 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2892 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
are01.safelinks.protection.outlook.com |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
go.coursera.org |
| malicious |
o.ss2.us |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
ocsp.sca1b.amazontrust.com |
| whitelisted |