URL: | https://community.expensify.com/discussion/4869/how-to-manage-domain-members |
Full analysis: | https://app.any.run/tasks/0ff82541-33a5-44a1-86b2-069a5c549f0d |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 22:16:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 3E7A5B34455BFC4549477817DB92247E |
SHA1: | BF0561CE248B4038737018456750EC65076B6249 |
SHA256: | 6854D1E11FE8CFC762BD1767063AFC4AB3692CC66D004AD39EC4493445A413E9 |
SSDEEP: | 3:N8XAMVZf2K6W4XNIZlLKDWn:2QM7gJ9XDW |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1528 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://community.expensify.com/discussion/4869/how-to-manage-domain-members" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1204 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1528 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:929EEE375429CAA9D9817BAF324334AF | SHA256:4AE6EB7D37807632A3326DFDDC02711EACF0AB9B73595BFB6E0B11F69F99AF05 | |||
1204 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\prettify[1].css | text | |
MD5:AC6F30A6189533B3CD7DBC8A0C03976B | SHA256:8E6EAF31579EC46D3098CB9C272F1C8B59D8D08892B9A48184913EF0FE8357A2 | |||
1204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:87AAD071DDAAAD8ADB70E4DABCC1A750 | SHA256:2D558A3FE733F9893095B3758FF661E7B48DB7D8D725D7AC9EDBFFABC65D1613 | |||
1204 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\how-to-manage-domain-members[1].htm | html | |
MD5:37D074EF39488C2057B4FF1211E4AFFB | SHA256:8B698BA9D14EC26647FE7660D761244A359D03515872C0BA7FC2B7934D0AA0C7 | |||
1204 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\style-compat[1].css | text | |
MD5:75FF53A0C58F96AF03194605E345C92C | SHA256:02A9182D0C2599B86DD0BAC81729897E80DA1620CD71D36FC8E282061B58A0F2 | |||
1204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:A0CA8D08B6F4474B2994D5D095357738 | SHA256:C799D11465524B39A337E24D2848CEB80087EF2E92CA3D3C42829AA1B7A3CD81 | |||
1204 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\advanced-search[1].css | text | |
MD5:3A97A1ABB1D39D614A24D4CE8923A7CF | SHA256:0CF770DB446EB06891633A7BDAA99466A7BFB39EB86D19B6B88A9B9A7C56EFB8 | |||
1204 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\4aeec7ca8bd6c22fd93c.min[1].css | text | |
MD5:C96A61B38C56DB8E56B96BDB1147A49D | SHA256:FC867C47E28D1D1F9A177755ABEAECB9AFB049B77B511807F55CBBA13B665D8B | |||
1204 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\editor[1].css | text | |
MD5:70C1256C5E66A877E355BECE754417D7 | SHA256:4997A44799DAAAC0CA7F62C5E54A2CE9B5E934223756DCD47D3DCC87D9E82D80 | |||
1204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1204 | iexplore.exe | GET | 200 | 142.250.186.35:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
1204 | iexplore.exe | GET | 200 | 142.250.186.35:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGOlwNI5ZtyUEgHpNAgRyd0%3D | US | der | 471 b | whitelisted |
1204 | iexplore.exe | GET | 200 | 142.250.186.35:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
1204 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
1204 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?453d79ac6bbc3f99 | US | compressed | 4.70 Kb | whitelisted |
1204 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6bad4fdc3b24b047 | US | compressed | 4.70 Kb | whitelisted |
1528 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
1528 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1528 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
1204 | iexplore.exe | 142.250.186.35:80 | ocsp.pki.goog | GOOGLE | US | whitelisted |
1204 | iexplore.exe | 172.217.16.206:443 | www.google-analytics.com | GOOGLE | US | whitelisted |
1204 | iexplore.exe | 162.159.138.78:443 | community.expensify.com | CLOUDFLARENET | — | shared |
1204 | iexplore.exe | 104.18.194.13:443 | us.v-cdn.net | CLOUDFLARENET | — | unknown |
1204 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
1204 | iexplore.exe | 104.16.213.59:443 | www.expensify.com | CLOUDFLARENET | — | shared |
1204 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
1204 | iexplore.exe | 142.250.74.200:443 | www.googletagmanager.com | GOOGLE | US | suspicious |
1528 | iexplore.exe | 104.18.194.13:443 | us.v-cdn.net | CLOUDFLARENET | — | unknown |
Domain | IP | Reputation |
---|---|---|
community.expensify.com |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
us.v-cdn.net |
| unknown |
www.google-analytics.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
www.expensify.com |
| whitelisted |