URL: | https://analyticalconsumables-my.sharepoint.com/:o:/g/personal/peter_hermans_analyticalconsumables_onmicrosoft_com/Egk1kCphkgZOiXYoCB4jBEEBsw0j9bNWn9D0No3yIEp6-A?e=e8Tf39 |
Full analysis: | https://app.any.run/tasks/bb5acb5e-5a7d-4fd4-a5dc-dea38c62fb17 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 01:22:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | DEA8FA3146AFF84049A3740C312051BC |
SHA1: | D560541B1D3DD7AF15E5A4F149A950EE8A297D2D |
SHA256: | 6AD6DA4815A58D7BA06D9D1076E6ED2EF7102EB30C72A7F073F5FFD2E9E93153 |
SSDEEP: | 3:N8Pcq8QWQ3AW19N+ArL5+KVFSV0y6BE6LU8QWQ3AWdyKRcGK3gYOCiM9CnemkHrG:2PJOQwW19N+AfN40y6BxLUOQwWQucGKK |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3936 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://analyticalconsumables-my.sharepoint.com/:o:/g/personal/peter_hermans_analyticalconsumables_onmicrosoft_com/Egk1kCphkgZOiXYoCB4jBEEBsw0j9bNWn9D0No3yIEp6-A?e=e8Tf39" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2068 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3936 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1288 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3936 CREDAT:3151112 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1608 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\MicrosoftEdgeSetup.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\MicrosoftEdgeSetup.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Setup Version: 1.3.167.21 Modules
| |||||||||||||||
3604 | C:\Users\admin\AppData\Local\Temp\EU6BD5.tmp\MicrosoftEdgeUpdate.exe /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=1&lang=en" | C:\Users\admin\AppData\Local\Temp\EU6BD5.tmp\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeSetup.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Version: 1.3.167.21 Modules
| |||||||||||||||
3032 | "C:\Users\admin\AppData\Local\Temp\EU6BD5.tmp\MicrosoftEdgeUpdateSetup.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=1&lang=en" /installelevated /nomitag | C:\Users\admin\AppData\Local\Temp\EU6BD5.tmp\MicrosoftEdgeUpdateSetup.exe | MicrosoftEdgeUpdate.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Setup Version: 1.3.167.21 Modules
| |||||||||||||||
3732 | "C:\Program Files\Microsoft\Temp\EU729B.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=1&lang=en" /installelevated | C:\Program Files\Microsoft\Temp\EU729B.tmp\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdateSetup.exe | |||||||||||
User: admin Integrity Level: HIGH Modules
| |||||||||||||||
328 | "C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc | C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Exit code: 0 Version: 1.3.167.21 Modules
| |||||||||||||||
3472 | "C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver | C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Exit code: 0 Version: 1.3.167.21 Modules
| |||||||||||||||
1988 | "C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjcuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjcuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDU1NDZFQzgtQUVDNS00ODAzLUE3OEQtRDg0RTNGOTQxNzE2fSIgdXNlcmlkPSJ7QjJCRjY2MEUtQUIyNy00QjRFLUI1RjYtOTE3RDRFRENEODJDfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezcwMTFEMkU0LUJFNUMtNEEwRi1CNENBLUVDQTk2M0ZCNkVFQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSIzIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjI0NTQ2IiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing4NiIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE2Ny4yMSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NDg2MTUyMzQzIiBpbnN0YWxsX3RpbWVfbXM9IjExNTEiLz48L2FwcD48L3JlcXVlc3Q- | C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | MicrosoftEdgeUpdate.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Version: 1.3.167.21 Modules
|
(PID) Process: | (3936) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (3936) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: 18541408 | |||
(PID) Process: | (3936) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30988377 | |||
(PID) Process: | (3936) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 318703908 | |||
(PID) Process: | (3936) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30988377 | |||
(PID) Process: | (3936) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3936) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3936) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3936) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (3936) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2068 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_1941775A515122A167E3FBACF08992E1 | der | |
MD5:C0A57499508C8694529FBBF82C138683 | SHA256:83E1B5FF3DAED9B451909F0EA9D160E4B322D591CB047985ABEBEE6A945ABFF6 | |||
2068 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:303FA22260D57F600783E86495FF3D33 | SHA256:361AFE68F2A73144CDB4C83CE9199AA42641F5B030B080555CA0CA900B8419E9 | |||
1288 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:1F918240C2DAE058820B111607441AAD | SHA256:E890316DB11C8EB7ECC25C407E9272DE097CA6E9098005B4DF15788E69F6B475 | |||
2068 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_1941775A515122A167E3FBACF08992E1 | binary | |
MD5:942C93084EE00E93B02DEAD8CBFDF447 | SHA256:EF63402FB069BF0EB8B0CEC5229EF0B25954754D0A4001EF6F49959CCD61C252 | |||
3936 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:B8BDA0B382A7D056A4241B388338B778 | SHA256:7BAA967F6686CCE471826B20FFA5CB7FEB4BF3C5C0BF43F51F08E84EB5850DD2 | |||
3936 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | binary | |
MD5:AB2AC736B33EB57ACDA6467FC1117FDF | SHA256:BD7F338DBA63801B07AADCC31C07DE134F0849DC10E2868C69BE3115C5F6E746 | |||
3936 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.dat | binary | |
MD5:714A597C650F8A61AF4106271129A685 | SHA256:BE26E2DA89F483BC66BCA8CFB47C9CA6E07E0BF82D03CC1FEDAF12815FB62A04 | |||
1288 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\ef-a24652[1].css | text | |
MD5:73B87F83EAA331CEFEF061C81A05B200 | SHA256:2EB8BF79BD243BB9B7A18683E32A220A6A078FEED519FF75D63C4681BCB31D4D | |||
3936 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
2068 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\BrowserSupport[1].htm | html | |
MD5:1AFA5B3398CE958D5CEBF05C8A016E69 | SHA256:EC39D20EAB3998A09F05C2833456089C96B57CB7E72BA140016A64C89F35D507 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1288 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA9bw6F2y3ieICDHiTyBZ7Q%3D | US | der | 1.47 Kb | whitelisted |
3936 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
1288 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
1288 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
— | — | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
1288 | iexplore.exe | GET | — | 104.18.20.226:80 | http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHr7M35ZTSPHb9t8TGKb2tY%3D | US | — | — | whitelisted |
1288 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1288 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
2068 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3b23d5856c057568 | US | compressed | 4.70 Kb | whitelisted |
2068 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEA8XGkjG8iOAkhjNLtbdwOg%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3936 | iexplore.exe | 13.107.138.9:443 | analyticalconsumables-my.sharepoint.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | suspicious |
2068 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
3936 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3936 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
1288 | iexplore.exe | 2.18.233.62:443 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
2068 | iexplore.exe | 13.107.138.9:443 | analyticalconsumables-my.sharepoint.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | suspicious |
2068 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
1288 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
1288 | iexplore.exe | 151.101.65.26:443 | polyfill.io | FASTLY | US | suspicious |
1288 | iexplore.exe | 152.199.19.160:443 | ajax.aspnetcdn.com | EDGECAST | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
analyticalconsumables-my.sharepoint.com |
| suspicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
assets.adobedtm.com |
| whitelisted |
polyfill.io |
| whitelisted |
ajax.aspnetcdn.com |
| whitelisted |
statics-marketingsites-neu-ms-com.akamaized.net |
| whitelisted |