URL: | https://datalogyc.com/ |
Full analysis: | https://app.any.run/tasks/efcf9b95-8775-4bf1-8d3a-8fd83c6b9dc2 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 05:53:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 64AD6BB6267400DE79FDFE040BBC6FE7 |
SHA1: | 35E45C51F688D1B5E432C83E837AF3343FB43BB2 |
SHA256: | 71871E87878B003634E3E81EC30DCCFE2CC54357D1034BE7A4E62099CE38B17A |
SSDEEP: | 3:N8ciIGt:2cA |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3056 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://datalogyc.com/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
952 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3056 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3028 | -modal 131374 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\admin\AppData\Local\Temp\NDF7207.tmp -ep NetworkDiagnosticsWeb | C:\Windows\system32\msdt.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Diagnostics Troubleshooting Wizard Exit code: 4294967295 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
860 | C:\Windows\System32\sdiagnhost.exe -Embedding | C:\Windows\System32\sdiagnhost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Scripted Diagnostics Native Host Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
952 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | binary | |
MD5:85C0501CB0AF8424462005D5F6D2B10E | SHA256:9D836705C8EAC1057FF275D643E7B756DAC8EE4C96437A3C2328526B42AE29D8 | |||
952 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | der | |
MD5:AA6C1B3D503B045E9918EAC50C2859E2 | SHA256:73E09C0D82004EDBB527F9767BB02481AD1D2814E0B913229084F6A5DF775B06 | |||
3056 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\NDF7207.tmp | binary | |
MD5:B4593EA350041DA230435E4FE9A6F68A | SHA256:9B39F814FC16F4F7BB3527B17BB43490E67EAD986E82E49D63B62B885E175D35 | |||
3028 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\StartDPSService.ps1 | text | |
MD5:A660422059D953C6D681B53A6977100E | SHA256:D19677234127C38A52AEC23686775A8EB3F4E3A406F4A11804D97602D6C31813 | |||
3028 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\NetworkDiagnosticsResolve.ps1 | text | |
MD5:A7B957F221C643580184665BE57E6AC8 | SHA256:8582EF50174CB74233F196F193E04C0CCBBEE2AED5CE50964CBB95822C218E7F | |||
3028 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\en-US\DiagPackage.dll.mui | executable | |
MD5:5D7936806E6855E2ECC2B095316D45D8 | SHA256:71A4559F9FD122914A95998E8685BE638B8F81E581987708497E8F8A7A2F4DCB | |||
3028 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\UtilitySetConstants.ps1 | text | |
MD5:0C75AE5E75C3E181D13768909C8240BA | SHA256:DE5C231C645D3AE1E13694284997721509F5DE64EE5C96C966CDFDA9E294DB3F | |||
3028 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\DiagPackage.dll | executable | |
MD5:2433E09C08C21455000F7E36D7653759 | SHA256:EA9400E719FB15CD82D5DAB4B7D8E3870BB375BBE11BB95B0D957A84FEE2891C | |||
3028 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\InteractiveRes.ps1 | text | |
MD5:25B8543DBF571F040118423BC3C7A75E | SHA256:D78E6291D6F27AC6FEBDCF0A4D5A34521E7F033AF8875E026DF21BA7513AB64A | |||
3028 | msdt.exe | C:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\UtilityFunctions.ps1 | text | |
MD5:2F7C3DB0C268CF1CF506FE6E8AECB8A0 | SHA256:886A625F71E0C35E5722423ED3AA0F5BFF8D120356578AB81A64DE2AB73D47F3 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3056 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
952 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
952 | iexplore.exe | GET | 200 | 192.124.249.22:80 | http://ocsp.starfieldtech.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D | US | der | 1.74 Kb | whitelisted |
952 | iexplore.exe | GET | 200 | 192.124.249.22:80 | http://ocsp.starfieldtech.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA%3D%3D | US | der | 1.70 Kb | whitelisted |
952 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCFuM9B%2BPxE5X | US | der | 1.74 Kb | whitelisted |
952 | iexplore.exe | GET | 200 | 8.248.145.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3ee1327b1814a2ea | US | compressed | 4.70 Kb | whitelisted |
3056 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3056 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3056 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3056 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
952 | iexplore.exe | 160.153.136.3:443 | datalogyc.com | Host Europe GmbH | NL | malicious |
844 | svchost.exe | 160.153.136.3:443 | datalogyc.com | Host Europe GmbH | NL | malicious |
952 | iexplore.exe | 8.248.145.254:80 | ctldl.windowsupdate.com | LEVEL3 | US | suspicious |
— | — | 160.153.136.3:443 | datalogyc.com | Host Europe GmbH | NL | malicious |
952 | iexplore.exe | 23.36.163.225:443 | img1.wsimg.com | Akamai International B.V. | DE | suspicious |
3056 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
952 | iexplore.exe | 192.124.249.23:80 | ocsp.godaddy.com | SUCURI-SEC | US | suspicious |
3056 | iexplore.exe | 160.153.136.3:443 | datalogyc.com | Host Europe GmbH | NL | malicious |
952 | iexplore.exe | 192.124.249.22:80 | ocsp.godaddy.com | SUCURI-SEC | US | suspicious |
Domain | IP | Reputation |
---|---|---|
datalogyc.com |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
img1.wsimg.com |
| whitelisted |
ocsp.starfieldtech.com |
| whitelisted |
img6.wsimg.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
952 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
844 | svchost.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
844 | svchost.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |