URL: | https://www.buckle.com/ |
Full analysis: | https://app.any.run/tasks/d6a638c4-3fe0-479b-8ec5-d4aa42135298 |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 19:54:55 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 99910EE5043F7B1BD36F38C303F80E30 |
SHA1: | 46C438CDA4D8D3A7B126FA0E0C6E9B413B2BC744 |
SHA256: | 65248A71E6565571E7222F3F2F59B5BEA5F4178B14869EFEB62476B1812DAFE1 |
SSDEEP: | 3:N8DSLwwLdIK:2OLw+R |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3240 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://www.buckle.com/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1880 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3240 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1880 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\OGI11NAX.txt | text | |
MD5:096DFDB20FFD4FACA9EE2B96D3C2595B | SHA256:B51935666F67FA3A83B25604AF5EC32BD7514F9C9028118F63E69CC5F8A058CC | |||
1880 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | binary | |
MD5:68B8153CDFEA705804E1BA462CE85BA1 | SHA256:B6F83B77494752571A8C0AE4E78DD4CE337EBCC03A2C58B765705F10A1E26788 | |||
1880 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\80TBUBW4.txt | text | |
MD5:45A005B60B84C170999CB67FBA2A43DF | SHA256:F5CB59A92B1EA18EDA44F8EB5947D4F78C72A8EF3D5489A12C4B8CDB34C74832 | |||
1880 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\NLE5KKL2.txt | text | |
MD5:D4AF1E036B84F9DCD5C5B0D73F274415 | SHA256:D4A6AA4319A721101CEECDEE77732BBCC7966C2D435ABA5A5714759C4338E945 | |||
1880 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\JO3RCXNZ.txt | text | |
MD5:9C6BDF0FB00A84D9B2D954AAF31FAA0F | SHA256:FCA77AAF233DD7009C772160EBFACD4CD134BDDAC7878E5EB8F7140B5A2216DB | |||
1880 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:DD296C305D57BCBA316DD24784016525 | SHA256:523D22F9888D5B4C5C788DA72AB3E915055406EA7D21239BCC9DCBD80F873AE9 | |||
3240 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:B8BDA0B382A7D056A4241B388338B778 | SHA256:7BAA967F6686CCE471826B20FFA5CB7FEB4BF3C5C0BF43F51F08E84EB5850DD2 | |||
1880 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | der | |
MD5:FDF91F6E6430159255A855CFA8DB51BD | SHA256:6F023549DEA5615AD2C405C3C1AB1D9EF8F0C8792646644C13B15BD63A642633 | |||
1880 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\O0DPYYDF.txt | text | |
MD5:EE43DC0C0309064BB57B21E87C68115A | SHA256:4C28AB243A0F1FBB0B2C1DAC0DB3862AA72DCA206D0A1EEC35D550C48167D96A | |||
3240 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | binary | |
MD5:AC3EB37C4EA903F4BB9285C35E4171AA | SHA256:C60F0219B2D8CD655F09425316BEBAF675CE71E495B303E14FFEF421293EFEE5 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3240 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
1880 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
1880 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
1880 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGOlwNI5ZtyUEgHpNAgRyd0%3D | US | der | 471 b | whitelisted |
1880 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
1880 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
1880 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD6a7qQTCYd8hJU9n3M3mXb | US | der | 472 b | whitelisted |
1880 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEBJBetlj4ZeUEqggpI8HVMI%3D | US | der | 471 b | whitelisted |
1880 | iexplore.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D | US | der | 1.40 Kb | whitelisted |
1880 | iexplore.exe | GET | 200 | 142.250.185.99:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEB%2Fvu3PmotRDEvKn%2FiRyWpo%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1880 | iexplore.exe | 152.199.16.8:443 | cmsstatic.bucklecontent.com | EDGECAST | US | unknown |
3240 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
1880 | iexplore.exe | 192.229.182.159:443 | www.buckle.com | EDGECAST | GB | unknown |
1880 | iexplore.exe | 151.101.2.133:443 | cdn.yottaa.com | FASTLY | US | malicious |
1880 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
1880 | iexplore.exe | 23.205.251.151:443 | se.monetate.net | AKAMAI-AS | DE | unknown |
3240 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
1880 | iexplore.exe | 23.216.77.69:80 | ctldl.windowsupdate.com | Akamai International B.V. | DE | suspicious |
1880 | iexplore.exe | 142.250.185.99:80 | ocsp.pki.goog | GOOGLE | US | whitelisted |
1880 | iexplore.exe | 142.250.186.42:443 | fonts.googleapis.com | GOOGLE | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.buckle.com |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
se.monetate.net |
| whitelisted |
cdn.yottaa.com |
| suspicious |
cmsstatic.bucklecontent.com |
| unknown |
fonts.googleapis.com |
| whitelisted |
photorankstatics-a.akamaihd.net |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
1880 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1880 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1880 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1880 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1880 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
1880 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |