URL: | https://app.go.kofax.com/e/er?utm_medium=email&utm_source=eloqua&partnerref=18055&s=2023&lid=8083&elqTrackId=A5D7695E6E9B2000BCA0F1C5209E6107&elq=bcee67f7b00147f4a4abc863c7e4d903&elqaid=18055&elqat=1 |
Full analysis: | https://app.any.run/tasks/a8e1f037-0a41-40f4-b45a-f1d533a1722a |
Verdict: | Malicious activity |
Analysis date: | February 17, 2022, 15:53:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 919FF53B6EBB769E5FC4295293316D1F |
SHA1: | A35BE9F98C76D8D6A9C89412886526940509336B |
SHA256: | 4621BFF7A6703DE48373E6A4BA6588C86248FE7002F087E0F0169E761D8CE232 |
SSDEEP: | 3:N8at6pgblI8BRIYrJD6QWqoLXyPE6WdGV01iGDrrQZgcX/NGXYOAMcuN4JdZO2JU:2atugeHQfWjLi8riSAREXrAMcuWJdLU |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
420 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://app.go.kofax.com/e/er?utm_medium=email&utm_source=eloqua&partnerref=18055&s=2023&lid=8083&elqTrackId=A5D7695E6E9B2000BCA0F1C5209E6107&elq=bcee67f7b00147f4a4abc863c7e4d903&elqaid=18055&elqat=1" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3484 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:420 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3484 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | der | |
MD5:43A0BC9D2487B56C947243AC6BACDD54 | SHA256:D9397BAA5B15649B32CBBB1D1CDCF6293C1C446FFCEA093521ADA8F0FCD6E364 | |||
3484 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:528CA9F4300A54A99D70695A8AA6EB1A | SHA256:C1398CA8811F003078DA87687FE0C1240E38561190D450A600742794F1A9B0DA | |||
420 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:A7ED446905762BDD482461347FDA93E1 | SHA256:A0995DB815EEFC7C68C94F36B95970B72C23C8353E377F1C5FC34CE343FB8286 | |||
3484 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\MI0BLI2U.txt | text | |
MD5:1917C79F8A48E934BE882B8693192EDE | SHA256:FE8DD48781F6807D81AB0E2EC61B86A1B1A9EDBB8C50E93AF647CF67F54BEF9C | |||
3484 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | der | |
MD5:5C934D192F5F678BA36F593B16A82FA1 | SHA256:E6C428AB3FD707DE2BEB4A8A2C1B493067BA2B31E0E6E041F8A3CAF1C19A2F1B | |||
3484 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | binary | |
MD5:FC0B1AFD728022574EFC7FFB692B47FD | SHA256:E379ED20D6C7E6B654DC981EFB16A8DB30DE506CC817F31C74C06BF6E6E5F7DD | |||
3484 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E11E75149C17A93653DA7DC0B8CF53F_8CFEF643B45DAE0E79B25E62D50CB287 | der | |
MD5:646878C084735B6A4EAB454492B3B042 | SHA256:A5780C3E37C73C9839988E93CB208D41DA36E4A2FECEB534793C8866EFE01112 | |||
3484 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4D1ED785E3365DE6C966A82E99CCE8EA_F7D2B558E592EF006769E9AEE36E55B2 | der | |
MD5:2E1B9CE4A3DC299D27F51B8EFC5E3802 | SHA256:E7DC0A42413B5D0D827E573E0E8D695F1178A4C59AFE422D0D6718A2DC71733C | |||
420 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:FCEE5033BB167AA6A23211B63FA7AD57 | SHA256:B5D61E520F690655D4B3BA480E0CF6099B3FE74554DC232CE0BE57DB9BA56FDC | |||
3484 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBCKNL48.txt | text | |
MD5:C2BA2DA5B22CEF47039820C35F0B8904 | SHA256:70D1B8CC8845B3C5892399CC826D5A79853FC3C861E016BD128AEC6B6BC7357C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3484 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEA9h72CPJCVAHeom795%2B9rg%3D | US | der | 471 b | whitelisted |
420 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3484 | iexplore.exe | GET | 200 | 142.250.185.227:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
3484 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
3484 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
3484 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
420 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3484 | iexplore.exe | GET | 200 | 8.253.95.120:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fe1213d701860727 | US | compressed | 4.70 Kb | whitelisted |
3484 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAzOpZ6qY3%2FTbM5Qzjfh74g%3D | US | der | 471 b | whitelisted |
3484 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
420 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
420 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3484 | iexplore.exe | 152.199.21.175:443 | www.kofax.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3484 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
420 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3484 | iexplore.exe | 209.167.231.17:443 | s2023.t.eloqua.com | Oracle Corporation | US | suspicious |
3484 | iexplore.exe | 8.253.95.120:80 | ctldl.windowsupdate.com | Global Crossing | US | suspicious |
3484 | iexplore.exe | 209.167.231.27:443 | app.go.kofax.com | Oracle Corporation | US | suspicious |
3484 | iexplore.exe | 142.250.184.200:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
3484 | iexplore.exe | 104.16.149.64:443 | cdn.cookielaw.org | Cloudflare Inc | US | unknown |
Domain | IP | Reputation |
---|---|---|
app.go.kofax.com |
| suspicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
s2023.t.eloqua.com |
| suspicious |
www.kofax.com |
| malicious |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
cdn.cookielaw.org |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3484 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3484 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |