URL: | http://lickingimprovementpropulsion.com/arvm57hm?sjgobb=63&refer=https%3A%2F%2Fsecretaryofstates.com%2Fmontana%2F&kw=%5B%22montana%22%2C%22secretary%22%2C%22of%22%2C%22state%22%2C%22-%22%2C%22mt%22%2C%22sos%22%2C%22business%22%2C%22search%22%2C%22-%22%2C%22secretary%22%2C%22of%22%2C%22state%22%2C%22corporation%22%2C%22search%22%5D&key=6ae434324641e297e2fac241e8f2a9e7&scrWidth=1280&scrHeight=720&tz=-4&v=22.3.v.34&ship=&res=12.31&dev=r&adb=y&adb=y |
Full analysis: | https://app.any.run/tasks/2c8c0677-4bda-4853-9b73-ff6202d41d62 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 23:31:09 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 6654723824D24A6D22F662FC58B25A1C |
SHA1: | C950A0767DA0BEE2F71398ED8065266F34B43C00 |
SHA256: | 451934DE5E8AD5A864243F95EB731A3082A94D468E20E524F389A73AC0CBD492 |
SSDEEP: | 12:gyPff13DW8qA6GZs5FjF6W8qAlXjV6462K+H4:gy/NDW8qA6GeTjF6W8qAlXjV644 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3748 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://lickingimprovementpropulsion.com/arvm57hm?sjgobb=63&refer=https%3A%2F%2Fsecretaryofstates.com%2Fmontana%2F&kw=%5B%22montana%22%2C%22secretary%22%2C%22of%22%2C%22state%22%2C%22-%22%2C%22mt%22%2C%22sos%22%2C%22business%22%2C%22search%22%2C%22-%22%2C%22secretary%22%2C%22of%22%2C%22state%22%2C%22corporation%22%2C%22search%22%5D&key=6ae434324641e297e2fac241e8f2a9e7&scrWidth=1280&scrHeight=720&tz=-4&v=22.3.v.34&ship=&res=12.31&dev=r&adb=y&adb=y" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3300 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3748 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2628 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3748 CREDAT:3675402 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (3748) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (3748) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (3748) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30960801 | |||
(PID) Process: | (3748) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (3748) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30960801 | |||
(PID) Process: | (3748) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3748) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3748) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3748) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (3748) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3300 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LI9HEVDN.txt | text | |
MD5:60D00466DDDAB86C96B2977C57227FB8 | SHA256:8B27A037FE77BEF5CF6C9177AD047B0FB3F313E6D446D30BA24FA65D37B3458B | |||
3748 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:AC8FE9D561E9E7288AECF13F03AEA3D1 | SHA256:CECD911136F3CCBE6F4869CBCBD9FD15B3FA91CD2FD49B9655FA3BCF8E932C05 | |||
3748 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:AA756F512B929F035F147CF328B6141E | SHA256:8812FFEE4752BB575B1C37F4D8653091D44653D24A2EE1BCBC7CEF02F1E0CBC1 | |||
3748 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:F3348FD4707B6EEEEE06246649105B99 | SHA256:323086690AF664DE20722F6D06EA6CD2F3484804F970EC5348872BEBAF84506E | |||
3748 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
3748 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
3748 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
3748 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
3300 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\arvm57hm[1].htm | text | |
MD5:16579CC322E9E105427ECFA57890EF69 | SHA256:F28CE5BEFE08ED90A2E12B6B2A5E9FDAFAA6AD173503079155260AA480C66590 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3748 | iexplore.exe | GET | 200 | 192.243.59.12:80 | http://lickingimprovementpropulsion.com/favicon.ico | US | — | — | malicious |
2628 | iexplore.exe | GET | 403 | 192.243.59.20:80 | http://highperformancedformats.com/anonymous/ | US | — | — | malicious |
3748 | iexplore.exe | GET | 200 | 41.63.96.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e040e4879af7b01e | ZA | compressed | 4.70 Kb | whitelisted |
3300 | iexplore.exe | GET | 200 | 192.243.59.12:80 | http://lickingimprovementpropulsion.com/arvm57hm?sjgobb=63&refer=https%3A%2F%2Fsecretaryofstates.com%2Fmontana%2F&kw=%5B%22montana%22%2C%22secretary%22%2C%22of%22%2C%22state%22%2C%22-%22%2C%22mt%22%2C%22sos%22%2C%22business%22%2C%22search%22%2C%22-%22%2C%22secretary%22%2C%22of%22%2C%22state%22%2C%22corporation%22%2C%22search%22%5D&key=6ae434324641e297e2fac241e8f2a9e7&scrWidth=1280&scrHeight=720&tz=-4&v=22.3.v.34&ship=&res=12.31&dev=r&adb=y&adb=y | US | text | 115 b | malicious |
3748 | iexplore.exe | GET | 200 | 23.216.77.80:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9cb9948fc2784e09 | US | compressed | 4.70 Kb | whitelisted |
3748 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3748 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3748 | iexplore.exe | 192.243.59.12:80 | lickingimprovementpropulsion.com | DataWeb Global Group B.V. | US | malicious |
3748 | iexplore.exe | 41.63.96.0:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | ZA | suspicious |
3748 | iexplore.exe | 23.216.77.80:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
3300 | iexplore.exe | 192.243.59.12:80 | lickingimprovementpropulsion.com | DataWeb Global Group B.V. | US | malicious |
2628 | iexplore.exe | 192.243.59.20:80 | lickingimprovementpropulsion.com | DataWeb Global Group B.V. | US | malicious |
3748 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
lickingimprovementpropulsion.com |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
highperformancedformats.com |
| malicious |
ocsp.digicert.com |
| whitelisted |