URL: | http://appleghsupport-applefcu.com.de |
Full analysis: | https://app.any.run/tasks/b04b48d6-f8ac-49f5-9cb7-52a98f6ec329 |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 20:49:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | E6794BDBC50068C3B7B2448776E390C4 |
SHA1: | AD906AE2E2A0784842A7A431D2F2E14E01FB4ABB |
SHA256: | 421DA2D568CCF69148FA85F7374E2A7FCAE8FA3D43076DD250A24CF9502A6909 |
SSDEEP: | 3:N1Kf2OvKBIFDMBA:CPYPBA |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3940 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://appleghsupport-applefcu.com.de" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1568 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3940 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1568 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:E60AA695A057143C033E50BE6048017F | SHA256:819C12E5D7FC8B1B527FAD9E03CF8FB33499039C266A1C234B232E18607EF1ED | |||
3940 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | binary | |
MD5:28DF50C49A96BF6019024B9D57D471B9 | SHA256:EB77BC9B5F6E6F5174E932D3BEA8B5019CE575E314DD5F146CC916D4AFE1C732 | |||
1568 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:D15AAA7C9BE910A9898260767E2490E1 | SHA256:F8EBAAF487CBA0C81A17C8CD680BDD2DD8E90D2114ECC54844CFFC0CC647848E | |||
1568 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabB806.tmp | compressed | |
MD5:D15AAA7C9BE910A9898260767E2490E1 | SHA256:F8EBAAF487CBA0C81A17C8CD680BDD2DD8E90D2114ECC54844CFFC0CC647848E | |||
3940 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:B8BDA0B382A7D056A4241B388338B778 | SHA256:7BAA967F6686CCE471826B20FFA5CB7FEB4BF3C5C0BF43F51F08E84EB5850DD2 | |||
1568 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarB807.tmp | cat | |
MD5:C75C82DE5128C3E55D72A4FF9C73F5E4 | SHA256:379E2F7218F036D70E2C474BF6A09364C5623C1C5F8D5A1A16F1B9B1EC243B55 | |||
3940 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:AFC3E2584B32E1E7C23C33E9534089A5 | SHA256:61597F5F937DA250A5ED7B4B82867BEBC546A5A35C0029982A003B1E9CBD2E7E | |||
1568 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9FC99A6697D24C2DB7F12872AB12E0BF | binary | |
MD5:AEA15E8BB464B858B9081EED20ABF9A5 | SHA256:D97C69BE337360F2219632331EAF2B157A87DC222910CA8A9A7604E097229130 | |||
1568 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:80DFC6B43D7BE542A5F1AC9DA966EDD4 | SHA256:37023422092DC2990002280105EE501A1ECE6BE4A3496DA12F3E1269F519B9FA | |||
1568 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FC99A6697D24C2DB7F12872AB12E0BF | der | |
MD5:66D5C2F3B2161939CF583DCF782613CB | SHA256:A34BFB19A2973B7C0748AE27FB6C3294CA952E67C513797C487360C195C782B1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1568 | iexplore.exe | GET | 200 | 2.16.218.144:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgP5Ptidrb6uaYeB8LinGbNj3Q%3D%3D | unknown | der | 503 b | shared |
3940 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
1568 | iexplore.exe | GET | 200 | 8.248.139.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f8f76d34389e17f8 | US | compressed | 60.9 Kb | whitelisted |
1568 | iexplore.exe | GET | 200 | 8.248.139.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ed37a4d26ff55ffa | US | compressed | 4.70 Kb | whitelisted |
3940 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1568 | iexplore.exe | GET | 200 | 184.24.77.156:80 | http://use.typekit.com/pfv7aqm.js | US | text | 6.61 Kb | whitelisted |
1568 | iexplore.exe | GET | 200 | 13.225.84.58:80 | http://crl.rootg2.amazontrust.com/rootg2.crl | US | der | 660 b | whitelisted |
1568 | iexplore.exe | GET | 200 | 13.225.84.42:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
1568 | iexplore.exe | GET | 200 | 13.225.84.145:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
1568 | iexplore.exe | GET | 301 | 54.153.56.183:80 | http://appleghsupport-applefcu.com.de/ | US | html | 162 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3940 | iexplore.exe | 13.107.21.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3940 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
1568 | iexplore.exe | 23.45.105.185:80 | x1.c.lencr.org | AKAMAI-AS | DE | unknown |
1568 | iexplore.exe | 54.153.56.183:80 | appleghsupport-applefcu.com.de | AMAZON-02 | US | malicious |
1568 | iexplore.exe | 54.153.56.183:443 | appleghsupport-applefcu.com.de | AMAZON-02 | US | malicious |
1568 | iexplore.exe | 8.248.139.254:80 | ctldl.windowsupdate.com | LEVEL3 | US | suspicious |
1568 | iexplore.exe | 2.16.218.144:80 | r3.o.lencr.org | Akamai International B.V. | DE | suspicious |
— | — | 152.199.19.161:443 | iecvlist.microsoft.com | EDGECAST | US | whitelisted |
3940 | iexplore.exe | 54.153.56.183:443 | appleghsupport-applefcu.com.de | AMAZON-02 | US | malicious |
3940 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | EDGECAST | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
appleghsupport-applefcu.com.de |
| unknown |
com.de |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |