File name: | NewSafeland Title Agency LLC Monday January 24 2022 925 AM.htm |
Full analysis: | https://app.any.run/tasks/1fa1d999-9acd-4d18-83c3-24d74129cd8a |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 21:26:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/html |
File info: | HTML document, Non-ISO extended-ASCII text, with CRLF, CR line terminators |
MD5: | FF81675395513F00D2F901142BA488AA |
SHA1: | B2485ADB3352BC140FDE38059573F2CCA1787432 |
SHA256: | 502713D87259C486B965060E95D3006E45BA8156F49C2BF57E5119E2A231F6AB |
SSDEEP: | 192:IX8TeoFH8IniRcLGPUvm1ETK5o50NSZE+D4r43anRY5zgkkS+UGYNs9o/QzHL6SS:IX8TKXyxoPMGvYgOp/s0PFi5BW |
.html | | | HyperText Markup Language (100) |
---|
Originator: | Microsoft Word 15 |
---|---|
Generator: | Microsoft Word 15 |
ProgID: | Word.Document |
ContentType: | text/html; charset=windows-1252 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2196 | "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\Desktop\NewSafeland Title Agency LLC Monday January 24 2022 925 AM.htm.html" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3236 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2196 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3316 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2196 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2348 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2196 CREDAT:6239234 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2572 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\admin\Desktop\NewSafeland Title Agency LLC Monday January 24 2022 925 AM.htm.html | C:\Program Files\Google\Chrome\Application\chrome.exe | Explorer.EXE | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
2772 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e6cd988,0x6e6cd998,0x6e6cd9a4 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
3824 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1048,3232859079724927651,11007784367420244271,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1076 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
2200 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1048,3232859079724927651,11007784367420244271,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1344 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
4000 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,3232859079724927651,11007784367420244271,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
3272 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,3232859079724927651,11007784367420244271,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2572 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61EF198D-A0C.pma | — | |
MD5:— | SHA256:— | |||
2196 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF3E9852F2539E7058.TMP | gmc | |
MD5:56DAA39F1FDD43BF7F221E3C6B39CA04 | SHA256:82336F3417780979F7BDB7B6495D971936CEA43C554B61A5F53E28760EF1860C | |||
2196 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF4FEB0B5905F23A65.TMP | gmc | |
MD5:F86300CDE1DD44050A6629C5D8BFF735 | SHA256:1235245FEC5902C2ED0D9111DCF758AE74C33FC23FCCE53D3217A40BAD36A27B | |||
2196 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFDB73A20FDDA2944E.TMP | gmc | |
MD5:0FFE05572770DB8033639CE2CF230054 | SHA256:46ECD268265C6880514A7FFDB71730C37E8230B93651D66989ECEEFDDD941D44 | |||
2196 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{473E4813-7D5C-11EC-A45D-12A9866C77DE}.dat | binary | |
MD5:732F0DAFC7B6FF75DD76014B3377AD17 | SHA256:2C2EC7167F850377F3F500E2B92BC8D38B6EDE80E688A0AE5546AD33ABCF7362 | |||
2196 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{473E4815-7D5C-11EC-A45D-12A9866C77DE}.dat | binary | |
MD5:A3FF4D0EF29ED9F88B63D943E5BC4867 | SHA256:304F6165A1962A2A2932273CA7B1FB126D0C33FC5FDDA7E9734BF876582065E1 | |||
2196 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFFBF12611CC8144EE.TMP | gmc | |
MD5:4F341A9B3A1B2F67D09E3227AAAFA4F9 | SHA256:96AD84E9086670BB536F17EB0C827103E45A4EE1322EC37BE39171784BA64EFA | |||
2196 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{473E4816-7D5C-11EC-A45D-12A9866C77DE}.dat | binary | |
MD5:1D4FE6B92ABBEB8980F8C57CC3E9ABF5 | SHA256:67F875396594967C2B87AFDBBB96FDF18159A557FAFD2EA485D6DE7B26B43F9B | |||
2196 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF3AD8D151A584D229.TMP | gmc | |
MD5:7C03BCB987568F2F5A1128FCFD2158BD | SHA256:902EB6B568C250160FE812A6B7529894E9495FF342B886FD0CE26436B4C82101 | |||
2196 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.dat | binary | |
MD5:9E01101903CA621CDA6A98068F95A6AA | SHA256:232FC519FEE8C8798B1B07FDEA70D116FFB13E17431341D9E98E13E3B89C9A98 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw | US | binary | 5.78 Kb | whitelisted |
860 | svchost.exe | HEAD | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw | US | — | — | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw | US | binary | 7.10 Kb | whitelisted |
2200 | chrome.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e609f11bd47efc4a | US | compressed | 59.9 Kb | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw | US | binary | 9.90 Kb | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw | US | binary | 43.6 Kb | whitelisted |
2200 | chrome.exe | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx | US | crx | 242 Kb | whitelisted |
2196 | iexplore.exe | GET | 200 | 67.26.75.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?15d924fd7b8b52ce | US | compressed | 4.70 Kb | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw | US | binary | 9.90 Kb | whitelisted |
860 | svchost.exe | HEAD | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZjE0QUFYTUR2NXNIakJsbE5jbXNrUkdfQQ/4.10.2391.0_oimompecagnajdejgnnjijobebaeigek.crx | US | binary | 19.9 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2200 | chrome.exe | 142.250.185.99:443 | update.googleapis.com | Google Inc. | US | whitelisted |
2200 | chrome.exe | 142.250.186.131:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2200 | chrome.exe | 142.250.185.78:443 | clients2.google.com | Google Inc. | US | whitelisted |
2200 | chrome.exe | 142.250.186.100:443 | www.google.com | Google Inc. | US | whitelisted |
2200 | chrome.exe | 142.250.185.202:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2200 | chrome.exe | 142.250.184.195:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
2200 | chrome.exe | 34.104.35.123:80 | edgedl.me.gvt1.com | — | US | whitelisted |
2200 | chrome.exe | 142.250.186.67:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
2200 | chrome.exe | 216.58.212.173:443 | accounts.google.com | Google Inc. | US | whitelisted |
2200 | chrome.exe | 52.204.90.22:443 | urldefense.com | Amazon.com, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
clients2.google.com |
| whitelisted |
accounts.google.com |
| shared |
clientservices.googleapis.com |
| whitelisted |
urldefense.com |
| shared |
update.googleapis.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
edgedl.me.gvt1.com |
| whitelisted |
www.google.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Misc activity | ET INFO Suspicious Glitch Hosted DNS Request - Possible Phishing Landing |
2200 | chrome.exe | Misc activity | ET INFO Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing |
2200 | chrome.exe | Misc activity | ET INFO Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing |