URL: | https://www.indiedb.com/downloads/start/71290?referer=https%3A%2F%2Fwww.google.com%2F |
Full analysis: | https://app.any.run/tasks/b429d284-1b79-4231-ba39-9185a2f00961 |
Verdict: | Malicious activity |
Analysis date: | November 29, 2020, 13:22:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 05334E78DF12329026516A2FF32A8236 |
SHA1: | 22B16B0C571DB0CAB2A03F5BC38C961BAFA661EE |
SHA256: | 4B5270F14F8A426D111ACC11ADCCA9ADA9257DB01BF065D6F84E01B1ABD57291 |
SSDEEP: | 3:N8DSLaMO2aKXKWuJUXkRXU6AWCXjjP:2OLaMOmaWuaURXazjP |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
688 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.indiedb.com/downloads/start/71290?referer=https%3A%2F%2Fwww.google.com%2F | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1700 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:688 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3452 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 | ||||
2972 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:688 CREDAT:3544347 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1700 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab36FC.tmp | — | |
MD5:— | SHA256:— | |||
1700 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar36FD.tmp | — | |
MD5:— | SHA256:— | |||
1700 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\RUU7Z85A.txt | — | |
MD5:— | SHA256:— | |||
1700 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:3C60995A36CA6C29EF469C1899B82CF3 | SHA256:934775ADFA43C2FAF6BC5CF430C4EDD809F74F851743CE2255716921080D0716 | |||
1700 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | der | |
MD5:76B84C840FD420EC938391B422114F6C | SHA256:889F202D551CE534419A44DA4AB277D4C9A930BF7CD4950072B6B14ADCAD5AB8 | |||
1700 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | binary | |
MD5:D41CB9E161D46AE46CA2AB40614E9700 | SHA256:404AD2C588A8DB85A338F500CF59AC557C38ADD319825FA8D95C4098503FB88E | |||
1700 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DPT37F8X.txt | text | |
MD5:CBB3272228C56FAD83F14E7C6C347A76 | SHA256:89CC68619E80FE921977DF2DA9AE37EEFB35DBFD1C533ACC074DC668B25FF943 | |||
1700 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_ED4814D762306FD898B45E680A1C5D0C | binary | |
MD5:EDE67D4B16E4D0070099F94D1BA27E4B | SHA256:C3862B7E71160F819A6319EF083359171F801464546C4964F013C022A3F6D1C1 | |||
1700 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\71290[1].htm | html | |
MD5:04BF328E5CA9B865A1202C60358D45B8 | SHA256:DB53343F05C355706E7C096D0E8F5A4E938535B877587AAD2964DC079D827347 | |||
1700 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCTDJ3WO.txt | text | |
MD5:DD09BC370FEEA3A7F47DE8160FF99C82 | SHA256:E2B24103F4ED18CC017FEBF5C0F09C29CAA6D1ADF21368E1A988D60809272E34 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1700 | iexplore.exe | GET | 200 | 65.9.70.213:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
1700 | iexplore.exe | GET | 200 | 65.9.70.118:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
1700 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAN5zm%2BgvMeCmLkl%2BkHzzVM%3D | US | der | 279 b | whitelisted |
1700 | iexplore.exe | GET | 200 | 65.9.70.213:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
1700 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAN5zm%2BgvMeCmLkl%2BkHzzVM%3D | US | der | 279 b | whitelisted |
1700 | iexplore.exe | GET | 200 | 65.9.70.156:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
1700 | iexplore.exe | GET | 200 | 172.217.18.3:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEGTRSE7bbZvBAgAAAACAVY8%3D | US | der | 471 b | whitelisted |
1700 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
1700 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
1700 | iexplore.exe | GET | 200 | 65.9.70.195:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 65.9.68.113:443 | gamernetwork.mainroll.com | AT&T Services, Inc. | US | unknown |
1700 | iexplore.exe | 65.9.68.9:443 | cdn.bluebillywig.com | AT&T Services, Inc. | US | suspicious |
1700 | iexplore.exe | 172.217.22.102:443 | s0.2mdn.net | Google Inc. | US | whitelisted |
1700 | iexplore.exe | 104.26.13.36:443 | www.indiedb.com | Cloudflare Inc | US | unknown |
1700 | iexplore.exe | 65.9.68.113:443 | gamernetwork.mainroll.com | AT&T Services, Inc. | US | unknown |
— | — | 65.9.70.156:80 | o.ss2.us | AT&T Services, Inc. | US | unknown |
— | — | 172.217.22.102:443 | s0.2mdn.net | Google Inc. | US | whitelisted |
1700 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1700 | iexplore.exe | 65.9.70.213:80 | ocsp.rootg2.amazontrust.com | AT&T Services, Inc. | US | whitelisted |
1700 | iexplore.exe | 65.9.70.118:80 | ocsp.rootg2.amazontrust.com | AT&T Services, Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.indiedb.com |
| unknown |
ocsp.digicert.com |
| whitelisted |
gamernetwork.mainroll.com |
| whitelisted |
static.indiedb.com |
| unknown |
o.ss2.us |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
cdn.bluebillywig.com |
| whitelisted |
s0.2mdn.net |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
1700 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1700 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1700 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1700 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2972 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2972 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2972 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
— | — | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
— | — | Potentially Bad Traffic | ET INFO TLS Handshake Failure |