URL: | http://uhceservice.com/ |
Full analysis: | https://app.any.run/tasks/c79552f7-994f-4e6f-8064-93d462ec84db |
Verdict: | Malicious activity |
Analysis date: | December 05, 2022, 20:25:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 44752A81CACD955183606D3DFC767F23 |
SHA1: | 11295692956961E35DF1A50B358694E3865B2FB4 |
SHA256: | 5C1B74A5D8E23F843B493FAB250126FD01448D699BA2645B51E255DC3BEDC152 |
SSDEEP: | 3:N1KLoA8:CkH |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2436 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://uhceservice.com/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
568 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2436 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (2436) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2436) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (2436) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 31000807 | |||
(PID) Process: | (2436) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (2436) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 31000807 | |||
(PID) Process: | (2436) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2436) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2436) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2436) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2436) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2436 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
2436 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[2].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
568 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\TW3JC7B9.htm | html | |
MD5:C987012FF54472B0B17F8D52D156A6DD | SHA256:BCEF076451076202C7B72D98A5B4636285467110EBD7A179E924D121AC308778 | |||
2436 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
568 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\d4a6d4bd[1].htm | html | |
MD5:8D7EE403185D30B6EB33B72EA7E0E134 | SHA256:CA3EF9B142F944B0F616261D023F47B91B23BB7157AE42BEEFAEAF25B6C2F91B | |||
568 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\arrows[1].png | image | |
MD5:0CB2E5165DC9324EB462199F04E1FFA9 | SHA256:67DFF0AAD873050F12609885F2264417CCDD0D438311000A704C89F0865F7865 | |||
568 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\LDIpaoiQNgArA8kR7ulhZ8P_NYOsg70R8A[1].woff | woff | |
MD5:8A7485A2BFAD1020E87E730FAF1BB4EF | SHA256:BA5A608E38133ACDFD6A100645AC7AB328D3D78E155C3EA68623657ECFFF7AB7 | |||
2436 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C | der | |
MD5:CC4A1C70F16AFDC865CFFC67CAEDE5A1 | SHA256:69227D14D500F270B8662234349D38AC2639FA6CC656CC687797D7DF0A747333 | |||
568 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
568 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\caf[1].js | text | |
MD5:4E136CBCC7A57C82ECF7B7757F0DEE34 | SHA256:2499F63F73EBBB4A49F42669A55EB5C7B42799E591DCA36970BA9AB9BA17B9AF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
568 | iexplore.exe | GET | 200 | 185.53.178.30:80 | http://c.parkingcrew.net/scripts/sale_form.js | DE | text | 761 b | whitelisted |
568 | iexplore.exe | GET | 200 | 76.223.26.96:80 | http://ww9.uhceservice.com/ | US | html | 5.86 Kb | malicious |
568 | iexplore.exe | GET | 200 | 74.206.228.78:80 | http://uhceservice.com/ | US | html | 247 b | whitelisted |
568 | iexplore.exe | GET | 200 | 142.250.185.68:80 | http://www.google.com/adsense/domains/caf.js | US | text | 52.2 Kb | whitelisted |
568 | iexplore.exe | POST | 200 | 74.206.228.78:80 | http://uhceservice.com/ | US | html | 155 b | whitelisted |
568 | iexplore.exe | GET | 200 | 142.250.186.138:80 | http://fonts.googleapis.com/css?family=Port+Lligat+Slab | US | text | 192 b | whitelisted |
568 | iexplore.exe | GET | 200 | 13.32.23.64:80 | http://d38psrni17bvxu.cloudfront.net/scripts/maincaf.js | US | text | 6.84 Kb | malicious |
568 | iexplore.exe | GET | 200 | 76.223.26.96:80 | http://ww9.uhceservice.com/track.php?domain=uhceservice.com&toggle=browserjs&uid=MTY3MDI3MjAwMS4wOTM4OjcxNDkyOTdmYmVlYmJiMWQ5YjZiNDYyZTNiYjYwYjViYWMzMDNmODA3ZjcxM2Q5OGJhNWU5YjgwODc2MmFjZmU6NjM4ZTU0MDExNmU0Yw%3D%3D | US | binary | 20 b | malicious |
2436 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/DigiCertGlobalRootCA.crl | US | der | 779 b | whitelisted |
568 | iexplore.exe | GET | 200 | 13.32.23.64:80 | http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png | US | image | 11.1 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2436 | iexplore.exe | 13.107.21.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
568 | iexplore.exe | 173.239.5.6:80 | — | WEBAIR-INTERNET | US | malicious |
— | — | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | suspicious |
2436 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
568 | iexplore.exe | 74.206.228.78:80 | — | WEBAIR-INTERNET | US | malicious |
2436 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
568 | iexplore.exe | 76.223.26.96:80 | ww9.uhceservice.com | AMAZON-02 | US | malicious |
2436 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | EDGECAST | US | whitelisted |
— | — | 152.199.19.161:443 | iecvlist.microsoft.com | EDGECAST | US | whitelisted |
— | — | 76.223.26.96:80 | ww9.uhceservice.com | AMAZON-02 | US | malicious |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
ww9.uhceservice.com |
| malicious |
www.google.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
568 | iexplore.exe | A Network Trojan was detected | ET MALWARE Win32/Zonebac Traffic Redirect |