URL: | https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.adnocdistribution.ae%2F&data=05%7C01%7CMeshal.AlFaras%40JanusHenderson.com%7Cb35e2726aa5c4f6e802f08daa55c0d77%7C09d5c224c6244040ba7bdcfa64d7b17a%7C0%7C0%7C638004113417837859%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yl6%2B9NGLRNLW6pcOKtK92Df1viCfzJShHOLBYGcJQ9M%3D&reserved=0 |
Full analysis: | https://app.any.run/tasks/f988ec8d-0807-4fb4-9805-dab5f467c27c |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 07:29:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | D068E0EA1A4D15C0BE49FE5A8687493C |
SHA1: | 02A28FA9FE71C2E0744099C295E89D849E7B0DBF |
SHA256: | 642D4DEFBBFB82E4727D0EA5B6E4A9B81985EBC3B63FF1135E000AE311A44270 |
SSDEEP: | 6:2bV9iRXPNHszBL7jyaJcubyAZIRXSGZVc+W0S8iMjcVaVbeAiJbUuRCmuFM3vXYm:2bqVsVGaJzyAZsFRRiMLKP7RJPYbNM |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2652 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.adnocdistribution.ae%2F&data=05%7C01%7CMeshal.AlFaras%40JanusHenderson.com%7Cb35e2726aa5c4f6e802f08daa55c0d77%7C09d5c224c6244040ba7bdcfa64d7b17a%7C0%7C0%7C638004113417837859%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yl6%2B9NGLRNLW6pcOKtK92Df1viCfzJShHOLBYGcJQ9M%3D&reserved=0" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2560 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2652 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2560 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2F23D0F5E4D72862517E1CB26A329742_F6FACC49395CFA949BCE851E73323C49 | der | |
MD5:FC3590371542781688A0E00B5633FB09 | SHA256:9A3B60E421D01707341754521C847E2BFE5FC7D9032A8AA23435713052D86BB5 | |||
2560 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\1E94DJDB.htm | html | |
MD5:4805491388D0EEA4C2903DDB823AD53D | SHA256:305E9C5DDBFDBA4835B51555C02DF916D13A4CCF3831DF053349CA714EF6BC99 | |||
2560 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | der | |
MD5:E1817D34D647D15C961327938AA58C4A | SHA256:CA2D2DB19D9A688484F592397EBC22270DC2B6F653C583B8DFDF27CFF24E0E07 | |||
2652 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:3AF1BE7F0163DC2F1113720BA304A1A0 | SHA256:AC4ED153A9CB392D3D7D8FFAE523C209A791846599A79D39C8629D981CF30A5A | |||
2560 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_C89A7CE86B947A5BDDEC66331470004A | der | |
MD5:60DEA52ABE2437132A0387AD8BECC0AC | SHA256:AC998FB48810AEB183EC2D19CFD58B81F2243207ADD4C553E1E87F00FA6D5F3F | |||
2560 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2F23D0F5E4D72862517E1CB26A329742_F6FACC49395CFA949BCE851E73323C49 | binary | |
MD5:9EBD95DD528CDDCA5A01DA4B9F29A2C5 | SHA256:5642AD9CABE03ED202FEBD91264D237F53E2B67D2AE766E9033C4250C66903F6 | |||
2560 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_86C2A03C133240EC4C95180B9FD368BB | der | |
MD5:46DA46BA922E8E17F48B2D3BE9EBEC2F | SHA256:6BFE470053F6911DAA8B62CEF95966C472EDA903ED6A2969D6E16635D28AD186 | |||
2652 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
2560 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | der | |
MD5:2A73C0DFBC788D680BC05EF945818809 | SHA256:E34EBA1B8C5E9546853E6EC7F66F24C5FCBD0B992770F6A356DB1366778663C5 | |||
2560 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0 | der | |
MD5:3662F9629EB6B944494B72ACF272C86F | SHA256:B07B0C95B9D8ECD5DAAAAAE7454BADFFACA468A431440075304A6567ED1899DF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2560 | iexplore.exe | GET | 301 | 23.36.162.69:80 | http://www.adnocdistribution.ae/ | NL | — | — | malicious |
2560 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEA9iL28hwv9dUh9yOh1H1i0%3D | US | der | 471 b | whitelisted |
2560 | iexplore.exe | GET | 200 | 142.250.186.131:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
2560 | iexplore.exe | GET | 200 | 142.250.186.131:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD6a7qQTCYd8hJU9n3M3mXb | US | der | 472 b | whitelisted |
2560 | iexplore.exe | GET | 200 | 142.250.186.131:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEBJBetlj4ZeUEqggpI8HVMI%3D | US | der | 471 b | whitelisted |
2560 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEA0aHh2m4v8BYKcHnBQHQfw%3D | US | der | 471 b | whitelisted |
2560 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAeYNgOt45kIIZygDCe8imw%3D | US | der | 471 b | whitelisted |
2560 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
2560 | iexplore.exe | GET | 200 | 142.250.186.131:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
2560 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2652 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
2560 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
2560 | iexplore.exe | 23.36.162.69:443 | www.adnocdistribution.ae | Akamai International B.V. | DE | suspicious |
2560 | iexplore.exe | 23.36.162.69:80 | www.adnocdistribution.ae | Akamai International B.V. | DE | suspicious |
2560 | iexplore.exe | 104.47.57.28:443 | nam02.safelinks.protection.outlook.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | suspicious |
2560 | iexplore.exe | 104.47.51.28:443 | nam02.safelinks.protection.outlook.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | suspicious |
2652 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
2560 | iexplore.exe | 216.58.212.132:443 | www.google.com | GOOGLE | US | whitelisted |
2652 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
— | — | 2.21.20.155:443 | snap.licdn.com | Akamai International B.V. | DE | suspicious |
Domain | IP | Reputation |
---|---|---|
nam02.safelinks.protection.outlook.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.adnocdistribution.ae |
| malicious |
www.googletagmanager.com |
| whitelisted |
www.google.com |
| whitelisted |
5p4rk13.com |
| unknown |
www.google-analytics.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2560 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2560 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2560 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2560 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2560 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2560 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2560 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2560 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |