URL: | https://www.roblox.com/login |
Full analysis: | https://app.any.run/tasks/f1f4bf43-f985-4de1-8773-450b6ee43b19 |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 00:58:42 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 686B300FBF0FE1C5FD0DC491926AF392 |
SHA1: | CD85DC3FF6C369DF5DEE60796859955441088CEC |
SHA256: | 4B274324DF8E7EDC9F21A22B28114633ACDD851C0E60FA755D1068C60EC18E7A |
SSDEEP: | 3:N8DSLaHE3ISKCMLn:2OLat5PLn |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2520 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com/login | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2224 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2520 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3680 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2520 CREDAT:2692373 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2224 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab7B45.tmp | — | |
MD5:— | SHA256:— | |||
2224 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar7B46.tmp | — | |
MD5:— | SHA256:— | |||
2224 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\JCPEX9C2.txt | — | |
MD5:— | SHA256:— | |||
2224 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\769UAQKY.txt | — | |
MD5:— | SHA256:— | |||
2224 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3N17UA2Y.txt | — | |
MD5:— | SHA256:— | |||
2224 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\O60Y27FO.txt | — | |
MD5:— | SHA256:— | |||
2224 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEPYGRZJ.txt | text | |
MD5:9F79537662B235CCD1259C99AF55CEAC | SHA256:17F559290BC1C673BBF8891D501952C752D38B82C13959E5392F327F4299CD16 | |||
2224 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D | der | |
MD5:2015C355BCA8C164F9D39789D8104952 | SHA256:8271DED05D0F1223E9237C8EEAFECF1B3A5CF50DC1912503611129E8076CB155 | |||
2224 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D | binary | |
MD5:9AF6C458724E56EE979B882CB1BDFCCB | SHA256:A4E436D4E7E3826590836D15EDD045A5A7A837BC53F6F1B513EE32F37CE0EEDD | |||
2224 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | der | |
MD5:F1911FAFE7ED8800E4B724855E270CCE | SHA256:B65F27AF1B75033FBC27B276C2003C66F7EDE3E0923EB7A92327D66E8B7271AB |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2224 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
2224 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDGbM6PQ9Yanr1EKr1g%3D%3D | US | der | 1.01 Kb | whitelisted |
2224 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
2224 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D | US | der | 1.34 Kb | whitelisted |
2224 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D | US | der | 1.34 Kb | whitelisted |
2224 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D | US | der | 1.34 Kb | whitelisted |
2224 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D | US | der | 1.34 Kb | whitelisted |
2224 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
2224 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D | US | der | 1.34 Kb | whitelisted |
2224 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDGbM6PQ9Yanr1EKr1g%3D%3D | US | der | 1.01 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2224 | iexplore.exe | 2.18.234.36:443 | cdns.gigya.com | Akamai International B.V. | — | whitelisted |
2224 | iexplore.exe | 52.7.2.215:443 | roblox-api.arkoselabs.com | Amazon.com, Inc. | US | unknown |
— | — | 192.124.249.36:80 | ocsp.godaddy.com | Sucuri | US | suspicious |
2224 | iexplore.exe | 205.234.175.102:443 | css.rbxcdn.com | CacheNetworks, Inc. | US | suspicious |
2224 | iexplore.exe | 128.116.123.3:443 | www.roblox.com | University Corporation for Atmospheric Research | US | suspicious |
— | — | 104.18.20.226:80 | ocsp2.globalsign.com | Cloudflare Inc | US | shared |
2224 | iexplore.exe | 104.18.20.226:80 | ocsp2.globalsign.com | Cloudflare Inc | US | shared |
2520 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2224 | iexplore.exe | 143.204.208.127:80 | o.ss2.us | — | US | malicious |
2224 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.roblox.com |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |
css.rbxcdn.com |
| whitelisted |
static.rbxcdn.com |
| whitelisted |
js.rbxcdn.com |
| whitelisted |
roblox-api.arkoselabs.com |
| whitelisted |
cdns.gigya.com |
| whitelisted |
images.rbxcdn.com |
| whitelisted |
ocsp2.globalsign.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |