URL: | https://bit.ly/30mruXl |
Full analysis: | https://app.any.run/tasks/fcd7d634-60b8-4cbc-bcae-ee933266d627 |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 12:05:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 10E7D681A7DA4DB03334B702FB74C031 |
SHA1: | EC409991BAFC620594291C388EE0211ADA277221 |
SHA256: | 6C4B0900A1C0F4B9E79BD9EBBC35EDE68E62B7C69F05A542B68831A648EB664F |
SSDEEP: | 3:N8kSiArn:2J |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1336 | "C:\Program Files\Internet Explorer\iexplore.exe" https://bit.ly/30mruXl | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2384 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1336 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
(PID) Process: | (1336) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 305605690 | |||
(PID) Process: | (1336) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30840610 | |||
(PID) Process: | (1336) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (1336) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (1336) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (1336) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (1336) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (1336) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 46000000A5000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
(PID) Process: | (1336) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (1336) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2384 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar7829.tmp | — | |
MD5:— | SHA256:— | |||
2384 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\769UAQKY.txt | — | |
MD5:— | SHA256:— | |||
2384 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2ODGGGB.txt | — | |
MD5:— | SHA256:— | |||
1336 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2384 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3N17UA2Y.txt | text | |
MD5:484E8E4EC6FB906863EC62C25F5850DB | SHA256:6EA62BF9954FF321A0E6381E41B4DDDF29650326C667990A788330A5B0A8AD28 | |||
2384 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\xvideos[1].js | text | |
MD5:90EE8DD194EC00E6E3B7A0A68E264CC5 | SHA256:FB9D974EB4C5CB617BB7AE40FA48AB665C9D4B54925E8B8257655A84CC8C3384 | |||
2384 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\analytics[1].js | text | |
MD5:1E3AD19B0836D257E66DF0E4106AF582 | SHA256:60863E86AA7743D1AC841DA7F473A05CD57FBA81D661CEF658E385437F80D5EF | |||
2384 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\X2KZ81RD.txt | text | |
MD5:388AA0AA3F46EB5C02707C38C18C4746 | SHA256:8DCA529769AD129F3872D71AF12029FD1D07D4CC1B821BE70BAF7808746FAB1C | |||
2384 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\eqis4Z[1].htm | html | |
MD5:F796974490FCBC268C87096281EDBC89 | SHA256:4923F5F4BE71BA43CB80C29C148F1603D58F052FB672ACDBACB8E444EB50EEB9 | |||
2384 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\85B3F147E3624A14E6A20DB4F6C2C5D9 | der | |
MD5:138A196AC15A2BEBCB9FB38AC0120C4D | SHA256:17CE6CCF73A3D80F8303851A7AE95DA746F7AF1C3D058BB22E6FED54293DFE87 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2384 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDM8p7YwCDvUCAAAAABXoPk%3D | US | der | 471 b | whitelisted |
2384 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEAyDrs7o0RpNCAAAAABXoKo%3D | US | der | 471 b | whitelisted |
2384 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAqN7HPiQ2%2F4c3rdXE3uHG8%3D | US | der | 471 b | whitelisted |
2384 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDqXuNQ97mPtAIAAAAAektt | US | der | 472 b | whitelisted |
2384 | iexplore.exe | OPTIONS | 200 | 35.227.234.224:80 | http://analytics.shorte.st/displayed | US | — | — | whitelisted |
2384 | iexplore.exe | GET | 200 | 104.26.6.218:80 | http://static.sh.st/js/packed/interstitial-page.js?2020-02-19.0 | US | text | 24.7 Kb | unknown |
2384 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDM8p7YwCDvUCAAAAABXoPk%3D | US | der | 471 b | whitelisted |
2384 | iexplore.exe | GET | 200 | 104.27.182.150:80 | http://gestyy.com/bundles/smeweb/img/tracking-9370952.gif?t=1601467538 | US | image | 43 b | malicious |
2384 | iexplore.exe | GET | 200 | 172.217.23.131:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEAyDrs7o0RpNCAAAAABXoKo%3D | US | der | 471 b | whitelisted |
2384 | iexplore.exe | GET | 200 | 104.26.6.218:80 | http://static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2020-02-19.0 | US | image | 6.08 Kb | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 67.199.248.11:443 | bit.ly | Bitly Inc | US | shared |
2384 | iexplore.exe | 216.58.205.234:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2384 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2384 | iexplore.exe | 67.199.248.11:443 | bit.ly | Bitly Inc | US | shared |
2384 | iexplore.exe | 172.217.23.131:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2384 | iexplore.exe | 172.67.68.250:80 | static.sh.st | — | US | unknown |
2384 | iexplore.exe | 172.217.23.142:80 | www.google-analytics.com | Google Inc. | US | whitelisted |
2384 | iexplore.exe | 104.27.182.150:80 | gestyy.com | Cloudflare Inc | US | malicious |
2384 | iexplore.exe | 139.45.195.108:80 | go.onclasrv.com | — | US | unknown |
2384 | iexplore.exe | 142.250.74.195:80 | crl.pki.goog | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
bit.ly |
| shared |
ocsp.digicert.com |
| whitelisted |
gestyy.com |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
static.sh.st |
| unknown |
go.onclasrv.com |
| whitelisted |
d3ud741uvs727m.cloudfront.net |
| whitelisted |
www.google-analytics.com |
| whitelisted |