URL: | http://lightsview.net/ |
Full analysis: | https://app.any.run/tasks/3bb63b2d-13ee-4783-b182-ea959e5a01dc |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 13:44:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 8E64E6B55DCE4F3C4EEBFA596EBDA4D4 |
SHA1: | C30CF1F6662DEAF53A090F82BB26FCACE290BC79 |
SHA256: | 6ACB55912386EDC5B88473449EA057992243C38C290A42A3A321C7DE03D91540 |
SSDEEP: | 3:N1KSMpTCLz:CSVLz |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2856 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://lightsview.net/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3328 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2856 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (2856) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2856) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: 352296256 | |||
(PID) Process: | (2856) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30968364 | |||
(PID) Process: | (2856) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 652460006 | |||
(PID) Process: | (2856) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30968364 | |||
(PID) Process: | (2856) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2856) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2856) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2856) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2856) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3328 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | binary | |
MD5:14026B0AC8D2C58223564D9EC4740AB7 | SHA256:1B94E7A3D13E52C50178329D4A7FBEA33B84858E8B681865D0299BCB1A758D1C | |||
3328 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | der | |
MD5:594D802A0CCC428FCDFC397BD6ED09AA | SHA256:E11D57A7187C2B184F45CE8158C0749F632403F5D4EDC2910107A1868951A9A2 | |||
2856 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
3328 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\62E4C2A22E3F3B1FC25FE6F391DDBAD1 | der | |
MD5:EB6306E163100D8D1AE3A94DC5BF10E4 | SHA256:4119AE0B788E0CFC4C1BD663B94E58F88FAEB2E4A1CFAEF7562EA3E06AA141F6 | |||
3328 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 | binary | |
MD5:6D6E04635FF61236B0477AFD304C9BBB | SHA256:4A5505F2BFB9373E31CC1E34CDAFBE9EFC0C568783E7B99A4088DFED9D82664A | |||
3328 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\845A63478788B829575144BFD6673E11_7023B501044D90E500C082C897225DE2 | binary | |
MD5:9575FAC8DCFAEB3738B7B7B3762AFEED | SHA256:A7A52B9154C8A7E25B5AF422AA96C075CF5A36D82FB467DACD4481350429A2F3 | |||
3328 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\5W06L1BU.htm | html | |
MD5:DEEC92EAC23BE5501AC828FAC2585041 | SHA256:3DC71238D02597807A96FB8C41E16C60E11ADF7F802C67024C7D3C14CE078534 | |||
2856 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:AE454D8C967011FADFF0074C843FD548 | SHA256:F81B32B2247F7208FC85FA4A8C9C6BDB467166C90CF56E80170A183B3E33248E | |||
3328 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562 | binary | |
MD5:723681066D600B1964EDD925D613A07D | SHA256:B0DEBFE59F24CD9A8242403B3037646EDD9A89F07FC5A6DD62135EC93ECA9734 | |||
2856 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:94C819BD0A7C92E74191EDF8A1BE9DE2 | SHA256:710C8FA81772A873DB1B69D364558E4F6122CC17DB5FA14766C58A555C0D5075 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3328 | iexplore.exe | GET | 301 | 160.153.136.3:80 | http://lightsview.net/ | US | — | — | malicious |
3328 | iexplore.exe | GET | 200 | 192.124.249.41:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
3328 | iexplore.exe | GET | 200 | 192.124.249.41:80 | http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCCnjIxIVzEJD | US | der | 1.74 Kb | whitelisted |
3328 | iexplore.exe | GET | 200 | 192.124.249.24:80 | http://ocsp.starfieldtech.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA%3D%3D | US | der | 1.70 Kb | whitelisted |
2856 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2856 | iexplore.exe | GET | 200 | 23.216.77.80:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e040e4879af7b01e | US | compressed | 4.70 Kb | whitelisted |
2856 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3328 | iexplore.exe | GET | 200 | 192.124.249.24:80 | http://ocsp.starfieldtech.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D | US | der | 1.74 Kb | whitelisted |
3328 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://crl.godaddy.com/gdig2s1-4204.crl | US | der | 10.0 Kb | whitelisted |
2856 | iexplore.exe | GET | 200 | 23.216.77.80:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9cb9948fc2784e09 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3328 | iexplore.exe | 160.153.136.3:80 | lightsview.net | GoDaddy.com, LLC | US | malicious |
2856 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2856 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3328 | iexplore.exe | 192.124.249.41:80 | ocsp.godaddy.com | Sucuri | US | suspicious |
3328 | iexplore.exe | 160.153.136.3:443 | lightsview.net | GoDaddy.com, LLC | US | malicious |
2856 | iexplore.exe | 23.216.77.80:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
2856 | iexplore.exe | 160.153.136.3:443 | lightsview.net | GoDaddy.com, LLC | US | malicious |
— | — | 192.124.249.24:80 | ocsp.godaddy.com | Sucuri | US | suspicious |
3328 | iexplore.exe | 23.36.163.225:443 | img1.wsimg.com | CW Vodafone Group PLC | NL | suspicious |
2856 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
lightsview.net |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |
crl.godaddy.com |
| whitelisted |
img1.wsimg.com |
| whitelisted |
ocsp.starfieldtech.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |