URL: | https://cartoonclassic.github.io/ |
Full analysis: | https://app.any.run/tasks/2a01720b-4329-4e8a-9d56-c78d14250b6d |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 21:48:49 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 08F305F57CBDC8085E2DC2EA3BC737DA |
SHA1: | 85E0E97EAD5E4412CFED424D3C8D2AF9455E5991 |
SHA256: | 69300EC5A9F576AC4DAEBB217045CB8FDB3C39E2516D0C933C63CF81CB73A082 |
SSDEEP: | 3:N8ZXRKQyJ+:2CP+ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3408 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://cartoonclassic.github.io/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3932 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3408 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3760 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\Cartoon_Classic.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | iexplore.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | binary | |
MD5:6954B6BC327E46B7B68B191B900DB8F6 | SHA256:EB72A1D307C2B35680187CE7A49D4C13571775D518F5CDEB803F115CA90BF318 | |||
3932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:8D0B18ACDB128088CD477B70EB24769B | SHA256:1604E28CFD2B93BB422911155840C3437838662434CB4A35F0309A04939F239B | |||
3932 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\8T3ZOYN8.htm | html | |
MD5:8BEC7EC4957FCBC619FE00D85C8C0DFE | SHA256:9DD6F0AEDB54B1C3BF82DF60FC4142F444D32F9D230D6BE371FEEC3B390D43A3 | |||
3932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | der | |
MD5:E1817D34D647D15C961327938AA58C4A | SHA256:CA2D2DB19D9A688484F592397EBC22270DC2B6F653C583B8DFDF27CFF24E0E07 | |||
3932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | binary | |
MD5:60F72F3E456577F5FD99B388C1555521 | SHA256:AC423DCF417EA83F67CDA7A7372A56DE60738D15AA03D43621D44EE5D16C6946 | |||
3932 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style[1].css | text | |
MD5:B5C7C31A0F1B1C246B69AA975B3B72BC | SHA256:18DBC40CD5631C5B85E900B08D56337A073AE2E6947CBF727BA4C6F31241EB50 | |||
3932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_043C840D28CDD26D33370C4C34146D79 | der | |
MD5:E5E83AC13AAFAA8905EB522C4521A72F | SHA256:F01155BF27FBD113A7E78ED2DBE9710BB0352F1CA5AF71220D8C51EEAE730DD5 | |||
3932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | binary | |
MD5:2FB7D02308DCF34A8242412C6CA62D63 | SHA256:E940D4709C0E1C6D90CBFD7C1B2DB89AA852B809D493B39DC90308CA370BD48B | |||
3932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:13963B4534C78600BEB9CC16B23E8766 | SHA256:301CEB272F6460966CC12E1E371BE2EC5E24EF8AD10430A01CE9DC1FF04F736F | |||
3932 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\main[1].js | text | |
MD5:5582E03D8BF450FB797C97D9813AE3F5 | SHA256:72CA60625E69835E96CA9A27F89F6130111447259ADB1C7E7CCB58C6BB7865D9 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3408 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
3408 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3408 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
3932 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEA0ijpIftfb6cA%2FVTEnYrfQ%3D | US | der | 279 b | whitelisted |
3932 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?57491bc46836ccb5 | US | compressed | 4.70 Kb | whitelisted |
3932 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f8fa4bb561dbb3e8 | US | compressed | 4.70 Kb | whitelisted |
3932 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3932 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
3932 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
3932 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3408 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3932 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
3932 | iexplore.exe | 142.250.185.131:443 | fonts.gstatic.com | GOOGLE | US | whitelisted |
3932 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
3932 | iexplore.exe | 185.199.108.153:443 | cartoonclassic.github.io | FASTLY | US | shared |
3408 | iexplore.exe | 162.159.128.232:443 | media.discordapp.net | CLOUDFLARENET | — | shared |
3408 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
3932 | iexplore.exe | 142.250.186.42:443 | fonts.googleapis.com | GOOGLE | US | whitelisted |
3932 | iexplore.exe | 104.17.24.14:443 | cdnjs.cloudflare.com | CLOUDFLARENET | — | suspicious |
3932 | iexplore.exe | 104.16.87.20:443 | cdn.jsdelivr.net | CLOUDFLARENET | — | shared |
Domain | IP | Reputation |
---|---|---|
cartoonclassic.github.io |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
media.discordapp.net |
| whitelisted |
code.iconify.design |
| suspicious |
cdn.jsdelivr.net |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Misc activity | ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) |
3932 | iexplore.exe | Misc activity | ET INFO Observed Discord Domain (discordapp .com in TLS SNI) |
3932 | iexplore.exe | Misc activity | ET INFO Observed Discord Domain (discordapp .com in TLS SNI) |
3932 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM ESTABLISHED invalid ack |
3932 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM Packet with invalid ack |
3932 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM ESTABLISHED packet out of window |
3932 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM ESTABLISHED packet out of window |
3932 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM ESTABLISHED invalid ack |
3932 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM Packet with invalid ack |
3932 | iexplore.exe | Generic Protocol Command Decode | SURICATA STREAM ESTABLISHED packet out of window |