URL: | https://brandequity.economictimes.indiatimes.com/etl.php?url=https://benedettisaic.com.ar/tpue/settings/jonathan.lee/[email protected] |
Full analysis: | https://app.any.run/tasks/419784bf-ed7d-4b2a-af26-780dd67a3695 |
Verdict: | Malicious activity |
Analysis date: | April 01, 2023, 09:32:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 7676E24F8EA7EBCA9926FC07971CAB41 |
SHA1: | EDA2FF8FA6BDBF42DE11A68852B1FC79CB8C0033 |
SHA256: | 63A3BB9A8B9E46A49BA1248A41CD2C0461C57C85039B227482D77035A9967332 |
SSDEEP: | 3:N8aoMFd8h/MUdwvLnwQ6VYw3sLGeK6vxwVYWLLS/WLL8ndI:2bMIh/MfzwhOw8LGeK6vxmYWLLgWLLyI |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2696 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://brandequity.economictimes.indiatimes.com/etl.php?url=https://benedettisaic.com.ar/tpue/settings/jonathan.lee/[email protected]" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3204 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2696 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3236 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Outlook Exit code: 0 Version: 14.0.6025.1000 Modules
| |||||||||||||||
3392 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Exit code: 0 Version: 14.0.6025.1000 Modules
|
(PID) Process: | (2696) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 0 | |||
(PID) Process: | (2696) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30847387 | |||
(PID) Process: | (2696) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30847437 | |||
(PID) Process: | (2696) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2696) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2696) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2696) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (2696) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (2696) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (2696) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:81F271FC935F3F881C61F39413B128D2 | SHA256:0B9B162748173A3447DF6A6E1018282EA2629376C14EE924F116F2C1E5EB5CD2 | |||
2696 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:7DB845ACB718291C22814AC5C3E936E9 | SHA256:A834C4A03A2F23E8732585E76B073DF89E0A6CD077BB2C08AECD48C9F57BCC2B | |||
3204 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DM2TQ6S1.txt | text | |
MD5:422A90DF5D0BFA2947500FB15DC7D5EB | SHA256:D7793E5D6557527847307AD888F5732D8A0A81B2105C011CF1A7FEF7321A2A7C | |||
3204 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\V2XWWY7R.txt | text | |
MD5:80F6358123027A027843B2B737D8EFCA | SHA256:972E0B74105D5A455685234032EB0A50B6119966D8AF78860F0FEC5C8CB0BFA1 | |||
3204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | binary | |
MD5:15F3F81A05FBE73992E171ADC948504E | SHA256:BA5071BE3A072CF5F8E1A4EF98EE553E9BB6AE2AD5A7FB3147E84EB71F3094BF | |||
3204 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\X56VW4YP.txt | text | |
MD5:85ED8567DC738A3D4F66BED1E6345F3C | SHA256:E914AB81B0F1E4F1EB4BA7C5FA55A336796F37AE9273103AD047119D54BEBF29 | |||
3204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | der | |
MD5:21ED9CA0F4579A63723066FAB3CDB1E9 | SHA256:818A6653F6011A83D251998208826644FE68D228A739C87EC14E470E10817889 | |||
2696 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | binary | |
MD5:DC04164860A38615A607AFF3FA66DC92 | SHA256:2A4FE39C30300F1295BE30B37CA327D278BFD708B7AC5A4B91EFA2C15CEAA542 | |||
3204 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\V1J1J09P.txt | text | |
MD5:CB7F7D3EA2FD46880B92ECDEA2D4B38B | SHA256:381628629389B2DF51BE8372578C7AC727A39E9BB29AF8B2BD397809B3E8C2B8 | |||
3204 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\A3D5Q0SE.txt | text | |
MD5:85414D519EC6CBA0685DF00CD4FE0120 | SHA256:E55C7C328EA5C40213367759D32A5BFDED2874AEB7DD0C01CFD8787446DD19C9 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3204 | iexplore.exe | GET | 200 | 95.101.54.107:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNLALrHsXG6zwZTFwfYE7KENw%3D%3D | DE | der | 503 b | shared |
2696 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
3204 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
3204 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3204 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d729af5ece66d986 | US | compressed | 61.1 Kb | whitelisted |
3204 | iexplore.exe | GET | 200 | 23.37.41.57:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
3204 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?76ce3b6368335e5d | US | compressed | 4.70 Kb | whitelisted |
3392 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
3204 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b983db5669f14d8e | US | compressed | 61.1 Kb | whitelisted |
3204 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?94000ae1bd6474a5 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3204 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
2696 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | EDGECAST | US | whitelisted |
3204 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
2696 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3204 | iexplore.exe | 95.101.54.107:80 | r3.o.lencr.org | Akamai International B.V. | DE | suspicious |
2696 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
3204 | iexplore.exe | 104.109.57.57:443 | brandequity.economictimes.indiatimes.com | AKAMAI-AS | DE | whitelisted |
3392 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3204 | iexplore.exe | 23.37.41.57:80 | x1.c.lencr.org | AKAMAI-AS | DE | suspicious |
3204 | iexplore.exe | 190.183.195.2:443 | benedettisaic.com.ar | Gigared S.A. | AR | suspicious |
Domain | IP | Reputation |
---|---|---|
brandequity.economictimes.indiatimes.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
benedettisaic.com.ar |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |
use.fontawesome.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |