URL: | https://is-tracking-link-api-prod.appspot.com/api/v1/click/6053775803154432/5048424344059904 |
Full analysis: | https://app.any.run/tasks/fd7fda0e-230d-4cf7-b755-ec2da8ab13b0 |
Verdict: | Malicious activity |
Analysis date: | March 30, 2020, 22:52:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | D4312D966F8D19A2FA8978D86B54763C |
SHA1: | 1B49B288AD186029590BD908D05C6DD327346A43 |
SHA256: | 6F36E9D8F090A66ED51BB967EA254F059987B635FD2B67B0F7F6C99BCECBD0D2 |
SSDEEP: | 3:N8SXEywEdXKBwRkFYdCGlufVW5QKkxRSQnR:2SUyI6dSf85Mx4QR |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2872 | "C:\Program Files\Internet Explorer\iexplore.exe" https://is-tracking-link-api-prod.appspot.com/api/v1/click/6053775803154432/5048424344059904 | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2656 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2872 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3224 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2656 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab6EDF.tmp | — | |
MD5:— | SHA256:— | |||
2656 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar6EE0.tmp | — | |
MD5:— | SHA256:— | |||
2872 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2656 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_11501B3EA1C646D8375BF24188265B84 | binary | |
MD5:37622ABA992AF94EC883A16DC5B78F08 | SHA256:E5897C9555208E38AC9EF2BCDE5840F291BF2F9C1845AAEA6BE4333BF0129432 | |||
2656 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_11501B3EA1C646D8375BF24188265B84 | der | |
MD5:B710442F69A96AFF1494031970B5AA73 | SHA256:460382974BA6439D67D41A079BC9E7C22EACC8AF6EBF82E611C60A823B9EC9B2 | |||
2656 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | binary | |
MD5:D29B7B21BC3E259BE7F17BCF3084C350 | SHA256:4AB5A1C339A8ED830B011E1F84B830E2E8AD0B01B66D64EAB5A7426D2D811BF6 | |||
2656 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 | der | |
MD5:8E7D3EFB01313E3007F38BE1219E1751 | SHA256:9E61938AFB6497D6FE9AE1AC66A919A85D92A6DB6C7762E8FB572A49A7B6A6A5 | |||
2656 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 | binary | |
MD5:83126B05C08B7F85DE8015C449609809 | SHA256:CA1E9A3FFC0CEBDE40B5FAF8A0E6DA4613B14D2FBDAD9DFA1BED76D6C422B569 | |||
2656 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:E550DA03AEE5B546B436CD553D3233B9 | SHA256:9ABFD4E29B96CCA442502B1DE6071FE0293455DF22B4EFF19FA3E6DF060947E7 | |||
2656 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\quantum-growth[1].htm | html | |
MD5:9664F92CAA9B640F63A570D0BD4D0E13 | SHA256:52475B2E14376DD799EC4106C86E7450AE3659029CE9DF527BF3557A45163752 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2656 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkbwjNvPLFRm7zMB3V80 | US | der | 1.49 Kb | whitelisted |
2656 | iexplore.exe | GET | 200 | 172.217.16.131:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2656 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY | US | der | 728 b | whitelisted |
2656 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D | US | der | 471 b | whitelisted |
2656 | iexplore.exe | GET | 200 | 72.21.91.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA0HeCoTP8b5pXKW4TH%2F0Xk%3D | US | der | 471 b | whitelisted |
2656 | iexplore.exe | GET | 200 | 172.217.16.131:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQD7VCstMYOoPggAAAAAMgnk | US | der | 472 b | whitelisted |
2656 | iexplore.exe | GET | 200 | 72.21.91.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA0HeCoTP8b5pXKW4TH%2F0Xk%3D | US | der | 471 b | whitelisted |
2656 | iexplore.exe | GET | 200 | 13.35.254.41:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
2656 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkbwjNvPLFRm7zMB3V80 | US | der | 1.49 Kb | whitelisted |
2656 | iexplore.exe | GET | 200 | 72.21.91.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2872 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2656 | iexplore.exe | 104.26.2.14:443 | cdn.useproof.com | Cloudflare Inc | US | malicious |
2656 | iexplore.exe | 202.130.47.198:443 | kingkong.com.au | Digital Pacific Pty Ltd Australia | AU | unknown |
2656 | iexplore.exe | 216.58.207.84:443 | is-tracking-link-api-prod.appspot.com | Google Inc. | US | whitelisted |
2656 | iexplore.exe | 172.217.16.131:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2656 | iexplore.exe | 151.139.128.14:80 | ocsp.usertrust.com | Highwinds Network Group, Inc. | US | suspicious |
2656 | iexplore.exe | 151.101.2.110:443 | fast.wistia.com | Fastly | US | suspicious |
2656 | iexplore.exe | 143.204.208.79:80 | o.ss2.us | — | US | whitelisted |
2656 | iexplore.exe | 72.21.91.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2656 | iexplore.exe | 99.86.7.124:443 | widget.wickedreports.com | AT&T Services, Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
is-tracking-link-api-prod.appspot.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
kingkong.com.au |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
cdn.useproof.com |
| whitelisted |
fast.wistia.com |
| whitelisted |
wg216.infusionsoft.app |
| unknown |