URL: | https://www.bing.com/search?q=TEST&qs=n&form=QBRE&sp=-1&ghc=1&lq=0&pq=test&sc=10-4&sk=&cvid=ED507D1A9D8E40F09A9008A1AF2691FC&ghsh=0&ghacc=0&ghpl= |
Full analysis: | https://app.any.run/tasks/9d452634-5a95-42cd-9369-dd6f826d9de9 |
Verdict: | Malicious activity |
Analysis date: | April 17, 2023, 07:27:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 17154D053AF189E11D56CBFB2101E1C1 |
SHA1: | A67314B1734D5B55C27664844770A91649F13C40 |
SHA256: | 5EB6353E2DA49B085A319720A64A5216E6861CC5B5703052D77F5BD43849A8C7 |
SSDEEP: | 3:N8DSLsBAEXGpcSLfK1/SPa3A058uQdgFjaws:2OLsBBGWSKqi3J8tdBn |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2468 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://www.bing.com/search?q=TEST&qs=n&form=QBRE&sp=-1&ghc=1&lq=0&pq=test&sc=10-4&sk=&cvid=ED507D1A9D8E40F09A9008A1AF2691FC&ghsh=0&ghacc=0&ghpl=" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1372 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2468 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3068 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2468 CREDAT:3872012 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (2468) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 0 | |||
(PID) Process: | (2468) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30847387 | |||
(PID) Process: | (2468) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30847437 | |||
(PID) Process: | (2468) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2468) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2468) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2468) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (2468) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (2468) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (2468) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2468 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
2468 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
1372 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\G74P58G2.txt | text | |
MD5:12108C52DB1609A83628ADC90BC69BE9 | SHA256:0BA5EC40789FAF6EF3FFE0D00E4EFB2D666424A0BC5D4A5107608FD49C7B069D | |||
1372 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\N791BUM3.txt | text | |
MD5:4F701527CF0940CB02A6240738DC311C | SHA256:BA531818AC5CE6079E6DAF7C30607D347E0DD937DFE488F5A53E2C132C65A2F3 | |||
1372 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LOYGHP7K.txt | text | |
MD5:4BE77A6A7EEA3270ED46E3EDE283733F | SHA256:F8151DEA538A4479CED12163349F6F6ED9138CB447CA42AEA758C396A2743756 | |||
1372 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\U5GV4K2P.txt | text | |
MD5:746BAB692A9DEC5FB7A4B24E84C26F74 | SHA256:838A3F4EA88261E3B647515F77C0236BC76DE8582DE25FC0A353E59143D39C10 | |||
1372 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\9ZMS2DPE.txt | text | |
MD5:8BB6B2607C2C62123E1D5849E92F0E5A | SHA256:7F3D1C5B4E15B0B21AC315A688CD870E764609EDA5CD9B5C0F8B30C06E3E6C96 | |||
1372 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:DB3701DC8C923B368A32B27223D47DFF | SHA256:3DE0973396494CFF9F0D51841D465E9BBAF7EDC37E0DA741814D0355D29C8EFD | |||
2468 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:FB5572497B4AF07B1EBD6EAA82F1FB8F | SHA256:FA397D0CDD2DFDE80AB9AEFFF0B45C02675C877141651B3F91E806FE2D1AFD6C | |||
2468 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:BB318A2BEB85343E1E3B62113A35DD23 | SHA256:46E039CA07D22D6643137A002FD23CBE1A416F9C5BA2E91A2F6F5AB9B11E59E4 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1372 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?70597944179657b7 | US | compressed | 61.1 Kb | whitelisted |
2468 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?49d6105bf6215981 | US | compressed | 4.70 Kb | whitelisted |
3068 | iexplore.exe | GET | 200 | 52.222.226.205:80 | http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEA7POWUiXTT1gBnjvd86LYQ%3D | US | der | 471 b | whitelisted |
3068 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEA8cICc7HjNCLWczgReJ3Vo%3D | US | der | 471 b | whitelisted |
3068 | iexplore.exe | GET | 200 | 52.222.226.205:80 | http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEA6tELOm1jlqT90Z1c5ecKE%3D | US | der | 471 b | whitelisted |
2468 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
3068 | iexplore.exe | GET | 200 | 108.138.2.173:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
1372 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?673927cafc4a60f3 | US | compressed | 61.1 Kb | whitelisted |
1372 | iexplore.exe | GET | 200 | 23.37.62.128:80 | http://x1.c.lencr.org/ | DE | der | 717 b | whitelisted |
3068 | iexplore.exe | GET | 200 | 52.222.250.42:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D | US | der | 1.39 Kb | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2468 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
1372 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
2468 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
1372 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
1372 | iexplore.exe | 40.126.31.71:443 | login.microsoftonline.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
1372 | iexplore.exe | 2.16.187.19:443 | — | Akamai International B.V. | DE | whitelisted |
2468 | iexplore.exe | 2.23.209.130:443 | www.bing.com | Akamai International B.V. | GB | malicious |
1372 | iexplore.exe | 2.23.209.179:443 | www.bing.com | Akamai International B.V. | GB | suspicious |
— | — | 2.23.209.140:443 | www.bing.com | Akamai International B.V. | GB | suspicious |
2468 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | EDGECAST | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
r.bing.com |
| whitelisted |
th.bing.com |
| whitelisted |
login.microsoftonline.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3068 | iexplore.exe | Misc activity | ET INFO Observed ZeroSSL SSL/TLS Certificate |
3068 | iexplore.exe | Misc activity | ET INFO Observed ZeroSSL SSL/TLS Certificate |