File name: | Payment#2068.html |
Full analysis: | https://app.any.run/tasks/22292ab6-6deb-4fad-b21f-01bd42dbd90a |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 19:43:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 2AC213AB3A81BF7456EAACB4AA7103E9 |
SHA1: | DCB398DD20F0C8CD65C1048D3842C131C5827224 |
SHA256: | 6125393E8592C331FA726B6C0BCB23813303D5A4C9A74135255D3F15144A567C |
SSDEEP: | 24576:sPP2Drpn14IsIBq5fHoky6DNzrn/RmDbvSnKVDwFX:bl9A5ffzz0DbKH |
.html | | | HyperText Markup Language (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1160 | "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\Payment#2068.html" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2484 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1160 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2236 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1160 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3792 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2212 | "C:\Program Files\WinRAR\WinRAR.exe" a -ep1 -scul -r0 -iext -- Downloads.rar C:\Users\admin\Links\Downloads.lnk | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
1748 | "C:\Program Files\WinRAR\WinRAR.exe" a -ep1 -scul -r0 -iext -- Downloads.rar C:\Users\admin\Downloads | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
1376 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
1164 | "C:\Program Files\WinRAR\WinRAR.exe" a -ep1 -scul -r0 -iext -- Downloads.rar C:\Users\admin\Links\Downloads.lnk | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
4064 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
2864 | C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1160 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:AFC3E2584B32E1E7C23C33E9534089A5 | SHA256:61597F5F937DA250A5ED7B4B82867BEBC546A5A35C0029982A003B1E9CBD2E7E | |||
1160 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Y9BSEY9D.txt | text | |
MD5:A0638C2491A7F1B6286BE3887E02F2E4 | SHA256:8B1494A4861DF289A7F5182ECB1E2970A62A3F1DEE5C9507CA520324A3F2A619 | |||
1160 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F | der | |
MD5:706D6538FD37693AD6E2784B2EA35218 | SHA256:3BE2AF083FFD1E6BF9762687183226AA01EC65B391AFDFAE8ECDAFC247F5C77E | |||
1160 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:D39DB824E460B95B892136F777A42F0F | SHA256:D110B37599EA2DCB6567FD1BF5526ADA1F69F44BB77891ADD8B8AE075DB041EE | |||
2212 | WinRAR.exe | C:\Users\admin\Links\Downloads.rar | compressed | |
MD5:C4ABC4E1B905843E8AE4D12F3FA737D5 | SHA256:D17ED58A212FE98638AB5715EABE3707F7CFDCBC0D4F1FFFA6EC7E3D4206A2FA | |||
1160 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:2146735789906133A1F83403E9A4A0AB | SHA256:A29CACA5991E5B80F378A56216D5CBCC1B8C1B1B94C5770A806C3AF2234CB192 | |||
2484 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:1817776FAD6D1DA89697557E3E537527 | SHA256:55D564F6FE4386C5CE54AC3556B8866160611DD42D9837FF1ACB0141978B370C | |||
1160 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\GDYAITI7.txt | text | |
MD5:CD3A15866C5792D07EBFCF9C1DEFAB44 | SHA256:EE29C33A804B7B4F56D504A164B5A706224F12309B322FB227856A5E1DD00865 | |||
2484 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
1160 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\K7GY3VAD.txt | text | |
MD5:8EECA7963EE6E6FF83905200D24780EC | SHA256:3F097743DF54307C2740D837BDD4ECB315D8AB3A0F75B3CD7E2D06C36A1D0E86 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1160 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
1160 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
1160 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
444 | svchost.exe | GET | 200 | 13.107.4.50:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9fb93d2205d0bb6e | US | compressed | 4.70 Kb | whitelisted |
2484 | iexplore.exe | GET | 200 | 13.107.4.50:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8cc4d465f42daea0 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1160 | iexplore.exe | 23.216.77.80:80 | ctldl.windowsupdate.com | Akamai International B.V. | DE | suspicious |
1160 | iexplore.exe | 13.107.21.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
1160 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | EDGECAST | US | whitelisted |
1160 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
1160 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
1160 | iexplore.exe | 23.216.77.69:80 | ctldl.windowsupdate.com | Akamai International B.V. | DE | suspicious |
2484 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | EDGECAST | US | whitelisted |
1160 | iexplore.exe | 204.79.197.203:443 | www.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
444 | svchost.exe | 13.107.4.50:80 | ctldl.windowsupdate.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
1160 | iexplore.exe | 20.25.53.147:443 | query.prod.cms.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
ieonline.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
www.msn.com |
| whitelisted |