URL: | http://0nt3ck4rg0.dyndns-web.com:31682 |
Full analysis: | https://app.any.run/tasks/979ef571-1371-40a2-afb6-d10712e7c48d |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 09:59:53 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 7C13C33352C05579DD493BD30C02472F |
SHA1: | BC8BB491C27F7650E9E0C2B48C1816113B88E448 |
SHA256: | 57A7BFC0178D789F2E85F029D5CABC56F17CD0617339D351999ED2A7318F8303 |
SSDEEP: | 3:N1KYc80X7A:CYj2M |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2908 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://0nt3ck4rg0.dyndns-web.com:31682" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3376 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2908 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3736 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2908 CREDAT:3413261 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\YXC9VRRD.htm | html | |
MD5:5E919AB06B00289A05A861D74588BE2D | SHA256:995894BAB765F95DBA6DF4D2D650D103049E123CBD2626039E2725D117F93D65 | |||
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\logo[1].png | image | |
MD5:19249BC3B62FA1D192FD60DD47E95378 | SHA256:A0F47951E03CA90A2E3962A6EF82A45EBC70A91F95521E6DC21742B19BBD0F91 | |||
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\logoinicio[1].png | image | |
MD5:19249BC3B62FA1D192FD60DD47E95378 | SHA256:A0F47951E03CA90A2E3962A6EF82A45EBC70A91F95521E6DC21742B19BBD0F91 | |||
2908 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:794F1817C1E752505C5E02F92D7207B3 | SHA256:C598DECDB5659AC43EFE909C2EBD8B63B79A4DD27FA49F51FA0644BDEEBDFEA6 | |||
2908 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\customer[1].png | image | |
MD5:0264E4BAC03AE25034B60DEB9874F1BA | SHA256:6FFDB80FF29CF6FA832A6E10EB942FF4691B916E3D6E6A2F9CF52EB188CEEAC3 | |||
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style[1].css | text | |
MD5:D4FC277217CE61E2846C58C054927EF9 | SHA256:A4CDBBC4B624F32175CB80026458A12533DDC7CA674FDACA750219E1C80524AB | |||
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\agencias[1].png | image | |
MD5:8E40E61BBCEF9C800D8BE29CCB170EBD | SHA256:CE7809883880AAE6C0C5CF66E85367BBCC9412D4CB561F2BFF1CD3BBFCE5CE87 | |||
2908 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\tecnokargo[1].ico | image | |
MD5:761C8E4B9859EF726B29EC98E51DAB55 | SHA256:335449375D4E96E4653913EB21BF354C795A45DDD4A2829C9D0EB3C555A7BA7C | |||
3376 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\agentes[1].png | image | |
MD5:878C68A2CF6F71C73CC6D669247FB652 | SHA256:99F9D8C47BB94DA88EB72CCDC92C2E875BB2A9FE9DB382EB75CCB4682FAF4CFC |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3376 | iexplore.exe | GET | 200 | 162.229.157.161:31682 | http://0nt3ck4rg0.dyndns-web.com:31682/img/agencias.png | US | image | 5.30 Kb | suspicious |
2908 | iexplore.exe | GET | 200 | 162.229.157.161:31682 | http://0nt3ck4rg0.dyndns-web.com:31682/img/tecnokargo.ico | US | image | 1.12 Kb | suspicious |
2908 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3376 | iexplore.exe | GET | 200 | 162.229.157.161:31682 | http://0nt3ck4rg0.dyndns-web.com:31682/style.css | US | text | 13.1 Kb | suspicious |
3376 | iexplore.exe | GET | 200 | 162.229.157.161:31682 | http://0nt3ck4rg0.dyndns-web.com:31682/img/agentes.png | US | image | 6.93 Kb | suspicious |
3736 | iexplore.exe | GET | 200 | 162.229.157.161:31682 | http://0nt3ck4rg0.dyndns-web.com:31682/casillero/css/style.css | US | text | 8.62 Kb | suspicious |
3376 | iexplore.exe | GET | 200 | 162.229.157.161:31682 | http://0nt3ck4rg0.dyndns-web.com:31682/img/diagonal.png | US | image | 144 b | suspicious |
3376 | iexplore.exe | GET | 200 | 162.229.157.161:31682 | http://0nt3ck4rg0.dyndns-web.com:31682/img/logoinicio.png | US | image | 5.13 Kb | suspicious |
3376 | iexplore.exe | GET | 200 | 162.229.157.161:31682 | http://0nt3ck4rg0.dyndns-web.com:31682/ | US | html | 9.10 Kb | suspicious |
3376 | iexplore.exe | GET | 200 | 107.180.51.105:80 | http://www.tecnokargo.com/clientes/0/logo.png | US | image | 5.13 Kb | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2908 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2908 | iexplore.exe | 162.229.157.161:31682 | 0nt3ck4rg0.dyndns-web.com | AT&T Services, Inc. | US | suspicious |
2908 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 162.229.157.161:31682 | 0nt3ck4rg0.dyndns-web.com | AT&T Services, Inc. | US | suspicious |
— | — | 107.180.51.105:80 | www.tecnokargo.com | GoDaddy.com, LLC | US | unknown |
3376 | iexplore.exe | 162.229.157.161:31682 | 0nt3ck4rg0.dyndns-web.com | AT&T Services, Inc. | US | suspicious |
2908 | iexplore.exe | 178.79.242.0:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | DE | whitelisted |
3736 | iexplore.exe | 162.229.157.161:31682 | 0nt3ck4rg0.dyndns-web.com | AT&T Services, Inc. | US | suspicious |
3376 | iexplore.exe | 107.180.51.105:80 | www.tecnokargo.com | GoDaddy.com, LLC | US | unknown |
— | — | 172.217.18.106:80 | ajax.googleapis.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
0nt3ck4rg0.dyndns-web.com |
| suspicious |
www.tecnokargo.com |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
maxcdn.bootstrapcdn.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO DYNAMIC_DNS Query to a Suspicious *.dyndns-web.com Domain |
3376 | iexplore.exe | Potentially Bad Traffic | ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain |
3376 | iexplore.exe | Potentially Bad Traffic | ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain |
3376 | iexplore.exe | Potentially Bad Traffic | ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain |
3376 | iexplore.exe | Potentially Bad Traffic | ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain |
3376 | iexplore.exe | Potentially Bad Traffic | ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain |
3376 | iexplore.exe | Potentially Bad Traffic | ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain |
3376 | iexplore.exe | Potentially Bad Traffic | ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain |
2908 | iexplore.exe | Potentially Bad Traffic | ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain |
3736 | iexplore.exe | Potentially Bad Traffic | ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain |