URL: | https://urldefense.com/v3/__https://tools.usps.com/go/TrackConfirmAction.action?tLabels=9449009205568659659474__;!!Ktv5FdJ1IDJ8!rnDONBoilyrwo0q3oXslIvQE7rF-EIiiOPXrCoclBDdjSlmQW08ENDZYZt-te0MZLHFqvI7PXEM2d0Eyq850$ |
Full analysis: | https://app.any.run/tasks/80181ca0-88b8-49ff-bc36-68ea7653ce63 |
Verdict: | Malicious activity |
Analysis date: | May 25, 2022, 17:48:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 2E011D204C065F410FB59F5783217786 |
SHA1: | 4A1D6BF2099EFE43480598942DEDE327A321A37B |
SHA256: | 62CF2057D947BDE3FD5BA124541D77C7774AE197E5587A64DBB309312FED2C6B |
SSDEEP: | 6:2UJtIrhV6KlwXUGEMLEl7r7dYKODF4Pd2d/kRVr:2U0dlyseEl75ODFJdcRV |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1620 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://urldefense.com/v3/__https://tools.usps.com/go/TrackConfirmAction.action?tLabels=9449009205568659659474__;!!Ktv5FdJ1IDJ8!rnDONBoilyrwo0q3oXslIvQE7rF-EIiiOPXrCoclBDdjSlmQW08ENDZYZt-te0MZLHFqvI7PXEM2d0Eyq850f7f81a39-5f63-5b42-9efd-1f13b5431005quot; | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
912 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1620 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (1620) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (1620) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (1620) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30961759 | |||
(PID) Process: | (1620) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (1620) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30961759 | |||
(PID) Process: | (1620) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (1620) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (1620) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (1620) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (1620) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | der | |
MD5:0C86423D9E870E9429A03FAA09F8DBE8 | SHA256:B9D42DAB7AEFC5DF398306001FD5E8858BE34A15AEB16E3C02B1DAB7D617C3A9 | |||
912 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\E6TXSHAS.txt | text | |
MD5:4D2A9AE52CDB4721D39033E919B5DD9B | SHA256:624D157FAAEC487A0295D0D78A6C41D54B9BD96C25AC20F893BC064CF7F69339 | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | der | |
MD5:7E7CA49AA6BD972FB4319C09E5BE91A4 | SHA256:24C53A1140A182EBFE7B8578275CD9D62D7192B36285842723ECB2FBF7743E68 | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_DAD45A86502C05AF671CDFB147052D91 | der | |
MD5:4A7F4DFBC0BD06992D3B3256ADA05F6F | SHA256:C9EBFBCBD8E865896B60004B4EA60FD31F5155B9EAF5D0346C5A4623323EF5C8 | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B | binary | |
MD5:21ED862C4CE2F9B2EEECE1AE4ACB0761 | SHA256:4BC51B1BD958527C33AC9E53A2AA24640715AC7C3570435B1DFC2C039A1614F4 | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:5CB3780DB29EA7986931CD5AD7EAAFC7 | SHA256:72AACE9FA69A6760F5065D20D779A497A71FD915EABDD6F7E8B4D84EF10EDDD7 | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B | der | |
MD5:9F545906AE7B10CA6AE8C361B80D19F1 | SHA256:E66A226650C0B260833E6F37088E653618CD16DB1D58FDBC39A05DC0E50C3377 | |||
912 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z33SG89O.txt | text | |
MD5:EDB22CCEA08972B39280E5D56932F863 | SHA256:CB7820D50B82041C019BDEF14BBAE365789054550459392E1CE66C14779D5514 | |||
912 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\31TTCRGI.txt | text | |
MD5:42B4B649F86CA1BB88455008767DE704 | SHA256:A9B7A3B227C87E69DFFB5A21FBEF0DED2E60731BC67048B2477EA1476416119F | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | binary | |
MD5:527EDF5B7DC09471BC002699A5BFC876 | SHA256:E4CDFB9537884614E46E5D934A7765659F0F08F6A6EE8BB12D27812EDB258A48 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
912 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDwQ9JNOs3IcArkp%2FBu7NbU | US | der | 472 b | whitelisted |
912 | iexplore.exe | GET | 200 | 104.18.32.68:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
912 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D | US | der | 727 b | whitelisted |
912 | iexplore.exe | GET | 200 | 188.114.98.156:80 | http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEBBsbMdZKid6hcZfT6LpnsI%3D | US | der | 471 b | whitelisted |
912 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
912 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
1620 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
912 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
912 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
912 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
912 | iexplore.exe | 172.64.155.188:80 | ocsp.comodoca.com | — | US | suspicious |
1620 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
912 | iexplore.exe | 192.229.221.165:443 | tools.usps.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | suspicious |
912 | iexplore.exe | 142.250.186.46:443 | www.googleoptimize.com | Google Inc. | US | whitelisted |
912 | iexplore.exe | 188.114.98.156:80 | ocsp.sectigo.com | Cloudflare Inc | US | unknown |
912 | iexplore.exe | 52.71.28.102:443 | urldefense.com | Amazon.com, Inc. | US | suspicious |
912 | iexplore.exe | 104.18.32.68:80 | ocsp.comodoca.com | Cloudflare Inc | US | suspicious |
912 | iexplore.exe | 172.217.23.99:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
912 | iexplore.exe | 104.17.225.78:443 | fast.fonts.net | Cloudflare Inc | US | unknown |
912 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
urldefense.com |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
ocsp.sectigo.com |
| whitelisted |
tools.usps.com |
| suspicious |
ocsp.digicert.com |
| whitelisted |
www.googleoptimize.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
912 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
912 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
912 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
912 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |