download: | redir_ie.html |
Full analysis: | https://app.any.run/tasks/592cd056-3c22-4b27-8684-62ef8cbca86e |
Verdict: | Malicious activity |
Analysis date: | February 21, 2020, 21:17:03 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text |
MD5: | 7333E66FF3ACC3216D168801903F388F |
SHA1: | BE1214886897A929AC09239494D99A082A763E45 |
SHA256: | 54032AAB22CD297D5915B12777E2676C7D4C359C63C77B37A80D3CC8C0137EBF |
SSDEEP: | 3:qVvzL6HjJMzVJu+x73BISLfZVKNhtv0GL:qFzLOMRJR1vLhVWhd0GL |
.html | | | HyperText Markup Language (100) |
---|
Refresh: | 4; URL='https://www.msn.com' |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3744 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\redir_ie.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2860 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3744 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3692 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3744 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3744 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3692 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab9776.tmp | — | |
MD5:— | SHA256:— | |||
3692 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar9777.tmp | — | |
MD5:— | SHA256:— | |||
3692 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\YC7MESPT.txt | — | |
MD5:— | SHA256:— | |||
3692 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GB0ZYKXR.txt | — | |
MD5:— | SHA256:— | |||
3692 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_5FDD03068CBBD8A96F3AB9595BA10093 | binary | |
MD5:447C4C004439C85E2DE6F884CB34C14B | SHA256:8985F51CAAED6615CE5B967E3718A42BE4B22BB7DC48A7DE91C949D2B3FCC76D | |||
3692 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\CPEWPG9T.txt | text | |
MD5:A35F7599A7F3F058613DE4A7DF9C5601 | SHA256:28DCDF41FCDE3D2BF543EC8C356628FC43FA9519CA942E322ED72CAE44EF1E43 | |||
3692 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04 | der | |
MD5:DE955FE82F4521B696C992706C9CCB3D | SHA256:B9C0B4ADA722249550F17DD2B5A734EEE2AD7776BF88B8329379898A6E60647E | |||
3692 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | binary | |
MD5:D2E1E53E1127C10F7167125044666138 | SHA256:72B56CC0CAC396B1971EAB268F6C3634F361DC97B0D3582397E1389225DBE4AB | |||
3692 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04 | binary | |
MD5:687E1DA2B40050A4A2A89A33D76FCBB5 | SHA256:58553F385EDBDD3894660D3B4F0E2488141C1DF3A8E6F528C6B17650CEE0251D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3692 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAtb9ltrp%2FvQiykNkEU33uA%3D | US | der | 471 b | whitelisted |
3692 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
3692 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDu3mVgzTXArwIAAAAAWXG3 | US | der | 472 b | whitelisted |
3692 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D | US | der | 1.47 Kb | whitelisted |
3744 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3692 | iexplore.exe | GET | 200 | 104.18.24.243:80 | http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0ACT6jyC8wXTpAKkoAAAAJPqM%3D | US | der | 1.79 Kb | whitelisted |
3744 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3692 | iexplore.exe | GET | 200 | 151.101.2.133:80 | http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkbwjNvPLFRm7zMB3V80 | US | der | 1.49 Kb | whitelisted |
3692 | iexplore.exe | GET | 200 | 104.18.24.243:80 | http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0ACT6jyC8wXTpAKkoAAAAJPqM%3D | US | der | 1.79 Kb | whitelisted |
3692 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3744 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3692 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3692 | iexplore.exe | 2.16.186.35:443 | static-global-s-msn-com.akamaized.net | Akamai International B.V. | — | whitelisted |
3692 | iexplore.exe | 204.79.197.203:443 | www.msn.com | Microsoft Corporation | US | whitelisted |
3692 | iexplore.exe | 216.58.207.67:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3692 | iexplore.exe | 172.217.23.142:443 | play.google.com | Google Inc. | US | whitelisted |
3692 | iexplore.exe | 104.86.44.115:443 | linkmaker.itunes.apple.com | Akamai Technologies, Inc. | NL | unknown |
3692 | iexplore.exe | 111.221.29.254:443 | web.vortex.data.msn.com | Microsoft Corporation | HK | whitelisted |
3692 | iexplore.exe | 152.199.21.175:443 | cookies.onetrust.mgr.consensu.org | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3692 | iexplore.exe | 104.18.24.243:80 | ocsp.msocsp.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.msn.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
static-global-s-msn-com.akamaized.net |
| whitelisted |
linkmaker.itunes.apple.com |
| whitelisted |
play.google.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
web.vortex.data.msn.com |
| whitelisted |
optanon.blob.core.windows.net |
| whitelisted |