File name: | Beatriz.html |
Full analysis: | https://app.any.run/tasks/25ded82c-76d9-4222-b5fc-32903abf689b |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 23:07:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 7E3B46E6BEADF41CD926081F4DCD1F10 |
SHA1: | E365401FA0631C68F651090070637546CE32F254 |
SHA256: | 6BCF585F1874CCBBE798A51209064A12182031B1167CE83C58184ACC53A88C1E |
SSDEEP: | 12:4wkAUnW6JqFlE0N3PVTdMxC4OPxVLFXx0R+dZigz2O4fsnq9t2SBPHYmvGb:pHr6kFRN3NBMxC4eZx0YdZ9o72ofYh |
.html | | | HyperText Markup Language (100) |
---|
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1496 | "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\Beatriz.html" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3680 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1496 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3796 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1496 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2984 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1496 CREDAT:726274 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3796 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\6JA6ECZI.txt | text | |
MD5:C5905B5FFDCF4FEEA1D0FAAF2F33CEE2 | SHA256:356986FA2F7392F5B7612B9A05F8DA940A801D8A7D3CD2C772B8F347229317EC | |||
3796 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\C0IFWXNR.txt | text | |
MD5:24BA11BFC0EEC2576BF6323B9E954157 | SHA256:8E369DE3E679FA3936A26156281B9F319B36247EE12F2A22A3C162274CD7E320 | |||
3796 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB | der | |
MD5:B909D28A0CAA2EF2175531394A2A34D2 | SHA256:962E1A290EA3C149206D07C8F2404A8C09CA29EA766E0C52E06C5AE858A7227A | |||
3796 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | der | |
MD5:D0660E10F6D3ABBBDB2465FACB08AB7B | SHA256:151C8A6770DCB52DF78FB456B693CE30B022B8F8485A1B0BC8C5ECE2B78F267A | |||
1496 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:5B4FC5368A467045CF7B85E54519D331 | SHA256:78E1FBE60EF3A14E81958E8B5824D56C6A38B826AAF254D24C243D7D34CC56C8 | |||
3796 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MJ3O7L0.txt | text | |
MD5:D5F63240FFA30F8DCC0F8B6F4C023F04 | SHA256:F48917EC6E284CB02FFE966E7AED4BB4938E62E146A8887A4188520FFB39C6C1 | |||
3796 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4D1ED785E3365DE6C966A82E99CCE8EA_216A6C169356295AB09C26D4D7D32E06 | der | |
MD5:F2A1D151E9BBE5A73A798736627579E0 | SHA256:A5928BAEB9BD9BE0F2F4E45DF916511BA258AC4B4BB7E91B7471E79BF317D368 | |||
3796 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZWOO3JG5.txt | text | |
MD5:3FFE69E8C37DE1ECBFD512051BE26A4D | SHA256:31AFA26B5E9E3EFB5D377AD7107B7489974C0FDA14048E05E6A47C3B7F04D96B | |||
3796 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4D1ED785E3365DE6C966A82E99CCE8EA_216A6C169356295AB09C26D4D7D32E06 | binary | |
MD5:11BCEC8E00D7DD029019DF8B215B8509 | SHA256:B16E3FF794D426225330A65CE1B0E5A472D6F442353D7E410ABEEBA2EB4847BA | |||
3796 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB | binary | |
MD5:C0577EB9F55500C87ECA8DAEFAB5FED5 | SHA256:D3CDAA2DAA21F931A8191B647ADA88F8F7F43F9A00FD318CC3A14D57F18669F2 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3796 | iexplore.exe | GET | 302 | 47.243.36.148:80 | http://857zj.playertest.link/ttraml | US | — | — | suspicious |
2984 | iexplore.exe | GET | 302 | 47.243.36.148:80 | http://857zj.playertest.link/ttraml | US | — | — | suspicious |
2984 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl | US | der | 592 b | whitelisted |
3796 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEA%2B77gcCzPztNA4DGvLD224%3D | US | der | 471 b | whitelisted |
1496 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3796 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEA8%2ByrdrMrlwMHSyG%2BDNqgo%3D | US | der | 471 b | whitelisted |
3796 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
3796 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
3796 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAtIgyHhzCAgf0Woj6GgeOA%3D | US | der | 471 b | whitelisted |
1496 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3796 | iexplore.exe | 67.199.248.11:443 | bit.ly | Bitly Inc | US | shared |
3796 | iexplore.exe | 2.16.106.233:80 | ctldl.windowsupdate.com | Akamai International B.V. | — | whitelisted |
2984 | iexplore.exe | 2.16.106.233:80 | ctldl.windowsupdate.com | Akamai International B.V. | — | whitelisted |
2984 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3796 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2984 | iexplore.exe | 67.199.248.11:443 | bit.ly | Bitly Inc | US | shared |
3796 | iexplore.exe | 47.243.36.148:80 | 857zj.playertest.link | — | US | suspicious |
3796 | iexplore.exe | 98.137.11.164:443 | yahoo.com | Yahoo | US | malicious |
1496 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1496 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
bit.ly |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
857zj.playertest.link |
| suspicious |
yahoo.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.yahoo.com |
| whitelisted |
guce.yahoo.com |
| whitelisted |
consent.yahoo.com |
| whitelisted |