URL: | https://synology.atlasestates.com.pl:5001/sharing/5qtAZRStg |
Full analysis: | https://app.any.run/tasks/e2102bb7-aca3-49c0-94cf-d087bf05b1c4 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 20:34:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | C15F2686AB88AF39E6CA613F120AE6DE |
SHA1: | E3097016F29D30A8682DE64593F96A15EE9A5060 |
SHA256: | 493F5935C0B66DE9EE586B2B43C96D5D88E1888DEC58717A38E7378DE9082923 |
SSDEEP: | 3:N8RlkzREm1fnL8Vn:23YiMAV |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2672 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://synology.atlasestates.com.pl:5001/sharing/5qtAZRStg" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2088 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2672 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
452 | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Integrity Level: MEDIUM Description: Adobe� Flash� Player Installer/Uninstaller 32.0 r0 Version: 32,0,0,453 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2088 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\login[1].css | text | |
MD5:4D6F65348321AF5F55F36BF8312F822E | SHA256:BE230B4BBA9AA78586AA0A0541CABF5AD3E46C69BBA549F3224126CF0D9863D3 | |||
2672 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
2088 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\5qtAZRStg[1].htm | html | |
MD5:309014AFC16344EBE615926C9D652F18 | SHA256:C419DDAF15E6E8669A78975370F048CD7ACE391EF0378694874A6F48E825FC9F | |||
2088 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarD3D4.tmp | cat | |
MD5:D99661D0893A52A0700B8AE68457351A | SHA256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003 | |||
2088 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:8743E825D2B24BEECE1FC68D74E90E6E | SHA256:028120E43CE0B0D91D261D440F56104494A0EF483BB82EE569FC066AAE36CED4 | |||
2088 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:37B85AD3CAA6B1625DCEBFBC84A124F7 | SHA256:8133003AED1415C948905B20FD1DAC932D85E77D72582E54C85EEDC5E69AE974 | |||
2672 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:CF1C274E09A788EC2008A551D0AAAF3D | SHA256:5097378BCDAF7B3F8D7F502F59431D6DBCD5FF8B1676EF116333AA78809132A7 | |||
2088 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:ACAEDA60C79C6BCAC925EEB3653F45E0 | SHA256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658 | |||
2088 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabD3D3.tmp | compressed | |
MD5:ACAEDA60C79C6BCAC925EEB3653F45E0 | SHA256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658 | |||
2672 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2672 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2672 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2088 | iexplore.exe | GET | 200 | 8.253.207.120:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c3b42620eff7c226 | US | compressed | 59.9 Kb | whitelisted |
2088 | iexplore.exe | GET | 200 | 8.253.207.120:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a8d2618f3c05cb57 | US | compressed | 4.70 Kb | whitelisted |
2088 | iexplore.exe | GET | 200 | 8.253.207.120:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?219097a72442b831 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2672 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2088 | iexplore.exe | 77.79.219.50:5001 | synology.atlasestates.com.pl | ATM S.A. | PL | unknown |
2672 | iexplore.exe | 77.79.219.50:5001 | synology.atlasestates.com.pl | ATM S.A. | PL | unknown |
2672 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2088 | iexplore.exe | 8.253.207.120:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | malicious |
2672 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 77.79.219.50:5001 | synology.atlasestates.com.pl | ATM S.A. | PL | unknown |
Domain | IP | Reputation |
---|---|---|
synology.atlasestates.com.pl |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |