URL: | https://syconintl-my.sharepoint.com/:o:/p/estephens/Evga6koYqBxPjw44uJkqV5wBlXsVI9svILKySQBy3YlQAA?e=tFIP02 |
Full analysis: | https://app.any.run/tasks/4444dc65-be43-4380-85a8-b1d0f04b635f |
Verdict: | Malicious activity |
Analysis date: | November 08, 2019, 13:21:57 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 65AB2F3E4F1A5DB36AAF6E62FCC3E102 |
SHA1: | 033CFDDC89682E2FB9268EA0DD50995A50939619 |
SHA256: | 56953F67F89A4FD802637C6BFFCDB5F2F166166D737EC3DC4CB6091F5A72B5DE |
SSDEEP: | 3:N8RdL7IciN+ArL5pDAOrTjd176juHDTMys1VX:2z7Iv+AfXDAI6jkg/fX |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2428 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://syconintl-my.sharepoint.com/:o:/p/estephens/Evga6koYqBxPjw44uJkqV5wBlXsVI9svILKySQBy3YlQAA?e=tFIP02" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3468 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2428 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1244 | "C:\Program Files\Opera\opera.exe" | C:\Program Files\Opera\opera.exe | explorer.exe | |
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Version: 1748 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2428 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2428 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3468 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3BX5YRHO\WopiFrame[1].aspx | — | |
MD5:— | SHA256:— | |||
3468 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3BX5YRHO\init[1].js | text | |
MD5:EA0D3046441B91BE3B9AC4604EDB1DD5 | SHA256:F53874F86E931BE72A4065B0F6F8108081F4EC93BAE1956A592B21D3E779C078 | |||
3468 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:F546ACCC144780D1C7911B8D38C4494E | SHA256:82201219C5479111B298921B414CC9E2BD2F7D45991DAAEBB1E0AF8C22F36345 | |||
3468 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat | dat | |
MD5:5F4635A0E697BA31BAB4C5A6AE903F52 | SHA256:BF615645862BC89E2E3FBCAA915454DAE723EEC9C6AF551DE8A6B075544B9B0E | |||
3468 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\47QMO1N0\initstrings[1].js | text | |
MD5:F3DD4BBCB0B29298C399965AFE363196 | SHA256:8738756CF1F86BB9524D1F67ADFA02D9AAB26D917802F4CA58BE0404A922FE0D | |||
3468 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:D667D9DD005A44AD88169DB8B0D1D052 | SHA256:4680B14E7E4E75D439B9EB4A8014517FBD143BA0B963E67BFF1EF27E6277AA46 | |||
3468 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GLKVS81S\blank[1].js | text | |
MD5:FDA099FF2FAC08C3C6421848657975B3 | SHA256:9CF5CA90610882A0BD2E985C457A928BA7838C3A71E1A979A66B898D2E4514CF | |||
3468 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3BX5YRHO\WopiFrame[1].htm | html | |
MD5:713DB0362DD0D1C2B3B0673EB77E73FB | SHA256:D2806CCDED6D27B1D5916F91E5EB59619B8E236D1506EA956A8BC2C7A02AE9EF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1244 | opera.exe | GET | 200 | 72.21.91.29:80 | http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl | US | der | 564 b | whitelisted |
2428 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2428 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1244 | opera.exe | 185.26.182.93:443 | certs.opera.com | Opera Software AS | — | whitelisted |
3468 | iexplore.exe | 184.50.167.104:443 | static.sharepointonline.com | Akamai Technologies, Inc. | NL | whitelisted |
3468 | iexplore.exe | 13.107.6.171:443 | onenote.officeapps.live.com | Microsoft Corporation | US | whitelisted |
1244 | opera.exe | 107.167.110.216:443 | sitecheck2.opera.com | Opera Software Americas LLC | US | malicious |
1244 | opera.exe | 185.26.182.94:443 | certs.opera.com | Opera Software AS | — | whitelisted |
3468 | iexplore.exe | 13.107.136.9:443 | syconintl-my.sharepoint.com | Microsoft Corporation | US | whitelisted |
1244 | opera.exe | 72.21.91.29:80 | crl4.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1244 | opera.exe | 13.107.136.9:443 | syconintl-my.sharepoint.com | Microsoft Corporation | US | whitelisted |
2428 | iexplore.exe | 72.247.225.58:443 | c1-onenote-15.cdn.office.net | Akamai Technologies, Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
syconintl-my.sharepoint.com |
| suspicious |
www.bing.com |
| whitelisted |
static.sharepointonline.com |
| whitelisted |
onenote.officeapps.live.com |
| whitelisted |
c1-onenote-15.cdn.office.net |
| whitelisted |
certs.opera.com |
| whitelisted |
sitecheck2.opera.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |