File name: | [email protected]_63963965Application.HTML |
Full analysis: | https://app.any.run/tasks/3e9fb337-989d-4f53-a5ee-c308ba30e0d9 |
Verdict: | Malicious activity |
Analysis date: | August 02, 2022, 13:58:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | BD05664F01205FA90774F42468A8743A |
SHA1: | F3DF825EF2E3C70A5BC70F4A7C935BE10A65BF57 |
SHA256: | 58C45547BCCCE5EB16D84BAE13EB0C2813FFE03E34EAE622B65468A6B289CA37 |
SSDEEP: | 96:SREaKX0rxXqfARGRqIdQ3O4EZTbbdddddQm0KGZPmEajUjVa6N+dOndARCCJdddw:SREaKqxXeSkqIdQfEZLQPmEaIjVa6NGw |
.html | | | HyperText Markup Language (100) |
---|
Title: | Letsdefend.io |
---|---|
Generator: | MSHTML 11.00.10570.1001 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2868 | "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\[email protected]_63963965Application.HTML" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3324 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2868 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3192 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2868 CREDAT:144396 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2024 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2868 CREDAT:398593 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2868 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{3A9A48CB-126B-11ED-8C9F-1203334A04AF}.dat | binary | |
MD5:DAF80FCD0BECE50D972734E451166FE8 | SHA256:59293591953338F043FA302F8E0357FA5F3FB11284CEB0EA9EAF72A7A7AF6C3A | |||
2868 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFA95FBC1394C81EC7.TMP | gmc | |
MD5:7362BD84D810EE0601E526AD84AEA0B5 | SHA256:D516E4DBBAFD5C7BE0DC2FCC8D769EB6E4FBD03BC6D0D465CF4BB73631AEF4E4 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2868 | iexplore.exe | GET | — | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0576e8eab23eee9a | US | — | — | whitelisted |
3324 | iexplore.exe | GET | 404 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8350abeffc38737f | US | xml | 341 b | whitelisted |
3192 | iexplore.exe | GET | 404 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ca55d225db168cb9 | US | xml | 341 b | whitelisted |
3324 | iexplore.exe | GET | 404 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8db5b3357d942f05 | US | xml | 341 b | whitelisted |
3192 | iexplore.exe | GET | 404 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ab665d0be189f08e | US | xml | 341 b | whitelisted |
2868 | iexplore.exe | GET | 404 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e978236cf5026882 | US | xml | 341 b | whitelisted |
3192 | iexplore.exe | GET | 404 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d93f63a212c38daa | US | xml | 341 b | whitelisted |
3324 | iexplore.exe | GET | 404 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fb9f35f689313587 | US | xml | 341 b | whitelisted |
2868 | iexplore.exe | GET | 404 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?88c3a022c3d87fd8 | US | xml | 341 b | whitelisted |
2868 | iexplore.exe | GET | 404 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?cd22d8142f7f1de5 | US | xml | 341 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3192 | iexplore.exe | 142.250.74.206:443 | encrypted-tbn0.gstatic.com | Google Inc. | US | whitelisted |
3324 | iexplore.exe | 162.125.66.15:443 | dl.dropboxusercontent.com | Dropbox, Inc. | DE | malicious |
3192 | iexplore.exe | 162.125.66.15:443 | dl.dropboxusercontent.com | Dropbox, Inc. | DE | malicious |
2868 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3324 | iexplore.exe | 142.250.74.206:443 | encrypted-tbn0.gstatic.com | Google Inc. | US | whitelisted |
— | — | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2868 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3192 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 96.16.143.41:443 | go.microsoft.com | Akamai International B.V. | US | whitelisted |
3324 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
dl.dropboxusercontent.com |
| shared |
encrypted-tbn0.gstatic.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
tecyardit.com |
| malicious |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ieonline.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3324 | iexplore.exe | Misc activity | ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI) |
3324 | iexplore.exe | Misc activity | ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI) |
3192 | iexplore.exe | Misc activity | ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI) |
3192 | iexplore.exe | Misc activity | ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI) |
3192 | iexplore.exe | Misc activity | ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI) |
3192 | iexplore.exe | Misc activity | ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI) |