URL: | https://pixel.mathtag.com/click/img?exch_aid=3a0f6f902bf3729c512c6a81a7d49a1c565d5764&mt_aid=7399895530664286874&mt_id=9717175&mt_adid=250114&mt_sid=10015533&mt_exid=9&mt_inapp=0&mt_os=Windows&mt_uuid=269f60a5-f723-4900-903f-7c61217cd76a&mt_cid=269f60a5-f723-4900-903f-7c61217cd76a&mt_3pck=https%3A//beacon-nf.rubiconproject.com/beacon/v2/t/0/8723d7b6-4139-461e-a6d4-94062042f284/&mt_lp=https%3A//www.bybit.com/en-us/promo/global/bybitlevelup%3Fmedium%3Dpaid_banner%26source%3Dmediamath%26channel%3Dpaid_%26campaign%3Dimc_q122_tr_en%26stage%3Dcurious_pros%26term%3Dbanner_728x90%26content%3Dproduct_usp_v1%26dtpid%3D1640174340449&redirect=https%3A%2F%2Fd.adx.io%2Fdclicks%3Fxb%3D35CJa4376%26xd%3D28%26xnw%3Dxad%26xtm_content%3D15647871060.698.4279.103210962%26xauto_diux%3Ddxid%26xu%3Dhttps%3A%2F%2Fwww.bybit.com%2Fen-us%2Fpromo%2Fglobal%2Fbybitlevelup%3Fmedium%3Dpaid_banner%26source%3Dmediamath%26channel%3Dpaid_%26campaign%3Dimc_q122_tr_en%26stage%3Dcurious_pros%26term%3Dbanner_728x90%26content%3Dproduct_usp_v1%26dtpid%3D1640174340449 |
Full analysis: | https://app.any.run/tasks/372ff6ea-c66d-49c8-9665-7d541f69b38e |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 18:37:53 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | DFD848B6309C736258B886151A1A8DD9 |
SHA1: | F8BEE04F8C4992CE4F37DB36038E3A0C2D632C9B |
SHA256: | 69947E19FF49697D1DFCAD3B5036D05E1FDE6DCBDF1E8E16B3E7560BA5DF29B9 |
SSDEEP: | 24:2Ia2EhGc3832FsdmjZIyB9GlR88rumqgf+i4YoyB9GlR88rumqgG:e2/QwjqIyuRfr/Fx4LyuRfr/k |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1828 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://pixel.mathtag.com/click/img?exch_aid=3a0f6f902bf3729c512c6a81a7d49a1c565d5764&mt_aid=7399895530664286874&mt_id=9717175&mt_adid=250114&mt_sid=10015533&mt_exid=9&mt_inapp=0&mt_os=Windows&mt_uuid=269f60a5-f723-4900-903f-7c61217cd76a&mt_cid=269f60a5-f723-4900-903f-7c61217cd76a&mt_3pck=https%3A//beacon-nf.rubiconproject.com/beacon/v2/t/0/8723d7b6-4139-461e-a6d4-94062042f284/&mt_lp=https%3A//www.bybit.com/en-us/promo/global/bybitlevelup%3Fmedium%3Dpaid_banner%26source%3Dmediamath%26channel%3Dpaid_%26campaign%3Dimc_q122_tr_en%26stage%3Dcurious_pros%26term%3Dbanner_728x90%26content%3Dproduct_usp_v1%26dtpid%3D1640174340449&redirect=https%3A%2F%2Fd.adx.io%2Fdclicks%3Fxb%3D35CJa4376%26xd%3D28%26xnw%3Dxad%26xtm_content%3D15647871060.698.4279.103210962%26xauto_diux%3Ddxid%26xu%3Dhttps%3A%2F%2Fwww.bybit.com%2Fen-us%2Fpromo%2Fglobal%2Fbybitlevelup%3Fmedium%3Dpaid_banner%26source%3Dmediamath%26channel%3Dpaid_%26campaign%3Dimc_q122_tr_en%26stage%3Dcurious_pros%26term%3Dbanner_728x90%26content%3Dproduct_usp_v1%26dtpid%3D1640174340449" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3564 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1828 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3864 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2076 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3864 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3864 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{D2880360-7D44-11EC-A20C-12A9866C77DE}.dat | binary | |
MD5:519D2F2A3E261049B3B2216307F2ED1E | SHA256:92BE2E284226050F795F08801D5A62A44E6413E286CCFCF8B93E1F34621A5B0D | |||
1828 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BEC4C55D-7D44-11EC-A20C-12A9866C77DE}.dat | binary | |
MD5:051BFF16B935AFB5A6376006D2E2DA32 | SHA256:2AFC772D25EDDD3A7FCEB580C5494AD27E55DF88FE5789B53639409985CFCC5F | |||
1828 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFF909FCCC137CE11A.TMP | gmc | |
MD5:3ACBF8C61B5A84F60A2C8D5656674CCB | SHA256:39D1F255563D4F9C6C5112C3F5077895C0A295BF33482A747986C7750ECE4F61 | |||
3864 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFB121B6F13AA4C1E1.TMP | gmc | |
MD5:9F8834B921BBA4A02E5F16C0E2DFE59B | SHA256:550499FE22E089346206E862DC38493C790C9838333D874A546448C15CBBDB55 | |||
3564 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
3864 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFD0225F373CFE3DDC.TMP | gmc | |
MD5:204784F7A3344184A301AEDB5F04DD0D | SHA256:CF9A1421A72F89760939178A02210FD0A86BDC587AACA2D3458E3DDEBBBC5BDF | |||
1828 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{BEC4C55F-7D44-11EC-A20C-12A9866C77DE}.dat | binary | |
MD5:6F903607139D21F8DC975BB750743E49 | SHA256:6D4E849B7760363D10F53141E779C75E417D5AE61248E261F11AF8B854BEFA55 | |||
3564 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:17487C78DBCCAF997D246077B71B7E13 | SHA256:D5F10AB970109BDB5C7E04085E2B037D64167AE0646AEC892F883130174FB169 | |||
1828 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF134253C4E3B939C3.TMP | gmc | |
MD5:81966AC6890FDA75F33C253E50644247 | SHA256:DFD1F9654093D5B7B6819D349D9438C6AE66ABA79A389BE0173C498AB6BC8BEE | |||
3864 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{CBD82AF7-7D44-11EC-A20C-12A9866C77DE}.dat | binary | |
MD5:01C13E309387792AA9E947E5046D3778 | SHA256:31005F8A525B02B4413C6AAD1F391BB680A8CDFB1DA6208FB009DFBB0FED9014 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2076 | iexplore.exe | GET | 302 | 142.250.184.201:80 | http://blogspot.it/ | US | html | 219 b | suspicious |
2076 | iexplore.exe | GET | 302 | 142.250.186.100:80 | http://www.google.com/ | US | html | 231 b | whitelisted |
3564 | iexplore.exe | GET | 200 | 67.27.158.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b2261f61964f64d3 | US | compressed | 4.70 Kb | whitelisted |
3564 | iexplore.exe | GET | 200 | 67.27.158.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c11a9e5204e805b1 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3864 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1828 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3564 | iexplore.exe | 184.30.20.207:443 | pixel.mathtag.com | GTT Communications Inc. | US | suspicious |
3564 | iexplore.exe | 67.27.158.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | malicious |
1828 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3864 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2076 | iexplore.exe | 142.250.184.201:80 | blogspot.it | Google Inc. | US | unknown |
2076 | iexplore.exe | 142.250.186.100:80 | www.google.com | Google Inc. | US | whitelisted |
2076 | iexplore.exe | 142.250.186.100:443 | www.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
pixel.mathtag.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
blogspot.it |
| unknown |
www.google.com |
| whitelisted |