URL: | https://t.co/0nr87GLgAW?signature=newsletter&trackingid=pS5kRQ4e2wN6Yy9reuduu7kerzOTdluR |
Full analysis: | https://app.any.run/tasks/a355220a-652f-4d9b-99f9-4d9bad94163c |
Verdict: | Malicious activity |
Analysis date: | April 01, 2023, 04:35:53 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 29DD042797A5D6E5173637B9DA449889 |
SHA1: | 2F6B96A6E2E58F6281CB5BE3348E70CDCEF17847 |
SHA256: | 635C1707D3CA191AC9E5C90DE9DCD9425706DB66E4796047812F1FEAE4F455D4 |
SSDEEP: | 3:N8DIrRpyaLoXAivOWMrBYV24mXJMCY3:28rPyzAimyoKL3 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1112 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://t.co/0nr87GLgAW?signature=newsletter&trackingid=pS5kRQ4e2wN6Yy9reuduu7kerzOTdluR" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3140 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1112 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (1112) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 0 | |||
(PID) Process: | (1112) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30847387 | |||
(PID) Process: | (1112) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30847437 | |||
(PID) Process: | (1112) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (1112) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (1112) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (1112) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (1112) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (1112) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (1112) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_CF2AD78C62075BBC8FE4154D67C0C1C0 | binary | |
MD5:3A90A8AA8F00EA6F02CB277D8C3AD206 | SHA256:327135522E4DA44ED7837CD5F32786B3B08988AD4481760221D391A4208B696D | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565 | binary | |
MD5:1E2C8C68A8D715345AF85A39746A7325 | SHA256:360CB16BB43BDCC1AD796233596F451C2273D0716EE4590B79EBB4C67D3FEF76 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565 | der | |
MD5:84B1F477C90DBEB15A36B2CCAC368A13 | SHA256:00AF63B52D5AB007911925C905AF313AEFB5F6B61E8DFD17BED35ABF8B0786EF | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\BGPPG3C1.txt | text | |
MD5:5FBFD51FA6E507D92160C6922B70747F | SHA256:D86BD80A717482A167B68BA32929DBB8927CA2E1755160BE77C44D6D52508C41 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:1375B45F7270508DE8ED9DA7EC3D2B5A | SHA256:36603229A9676C4728F371F32160DD89705B3DCA4F2043A0B753EC08F2CA4872 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:4CB4272060CC7A549D613140F1EBA725 | SHA256:D483BE725C7117DA3152206FE22CECE7E1AF688D5FC18CE4B8A502E925A6645C | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\60VY46IE.txt | text | |
MD5:5DDFDBCD7454C0E9C9A78240F7694AFB | SHA256:1591A406388AC9BDA4B3B141AF7469744602B355B4397AF087D7F6E734DC3801 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_CF2AD78C62075BBC8FE4154D67C0C1C0 | der | |
MD5:AFDD13C91FBD7FD640DEBBF9A09AB1B6 | SHA256:A2DA3670150CF784C5AE5C4CC78816A35AD3C20D0CF48006581217BBC411A5B6 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\NX4QGD33.txt | text | |
MD5:00F03976DF3D71D0B3AD1BFECBEF71A1 | SHA256:56B2B60420709EC4CF332323DB782B8B6A286AF485BB918FF47D621900EB1099 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SY2BNW62.txt | text | |
MD5:89FFD05C3890D8D4A560DD36777B92F0 | SHA256:6368C00DFE12CEDBB3633F724D682E5C6CFD1F70060F81BDE1049B0927569E1F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3140 | iexplore.exe | GET | 200 | 13.224.192.222:80 | http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAETQaoJFbZl9Ajcad9oq0c%3D | US | der | 471 b | whitelisted |
3140 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
3140 | iexplore.exe | GET | 200 | 152.199.19.74:80 | http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEEsrARXN5cdIGzzd%2Ft4RFp4%3D | US | der | 1.53 Kb | shared |
3140 | iexplore.exe | GET | 200 | 108.138.2.107:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
3140 | iexplore.exe | GET | 200 | 52.222.250.185:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D | US | der | 1.39 Kb | shared |
3140 | iexplore.exe | GET | 200 | 52.222.250.185:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D | US | der | 1.39 Kb | shared |
3140 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D | US | der | 471 b | whitelisted |
3140 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D | US | der | 471 b | whitelisted |
1112 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
3140 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3140 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
1112 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
3140 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
1112 | iexplore.exe | 13.107.21.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3140 | iexplore.exe | 104.244.42.69:443 | — | TWITTER | US | suspicious |
3140 | iexplore.exe | 193.168.193.168:443 | behindthespot.com | Hostinger International Limited | DE | unknown |
3140 | iexplore.exe | 13.107.42.14:443 | linkedin.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | suspicious |
3140 | iexplore.exe | 23.37.41.57:80 | x1.c.lencr.org | AKAMAI-AS | DE | suspicious |
3140 | iexplore.exe | 18.66.120.232:443 | www.amazon.com | AMAZON-02 | US | unknown |
3140 | iexplore.exe | 152.199.19.74:80 | s.symcd.com | EDGECAST | US | unknown |
Domain | IP | Reputation |
---|---|---|
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
linkedin.com |
| whitelisted |
www.linkedin.com |
| whitelisted |
behindthespot.com |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
www.amazon.com |
| whitelisted |
s.symcd.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
3140 | iexplore.exe | Misc activity | ET INFO Observed ZeroSSL SSL/TLS Certificate |
3140 | iexplore.exe | Misc activity | ET INFO Observed ZeroSSL SSL/TLS Certificate |