URL: | https://h.parrable.com/prebid?data=eyJ0cmFja2VycyI6WyJmYTgwYTc5My03NjJjLTQyYTgtOTkzOC1jYWU1ZjRhMmFlNjgiXSwidXJsIjoiaHR0cHM6Ly9maW52aXouY29tLyIsInByZWJpZFZlcnNpb24iOiI2LjE4LjAiLCJpc0lmcmFtZSI6ZmFsc2UsImZpbHRlckhpdHMiOjE2fQ..&gdpr=0&_rand=0.7751393602174699 |
Full analysis: | https://app.any.run/tasks/ccb16d1e-a631-4102-84ee-d8d90865eb0d |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 21:22:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 0D75586607CABBF6268584EDB3A1B776 |
SHA1: | 73DB08542BE75D817174085FD4656739244EBFF7 |
SHA256: | 76B171AF5FB69787AE26F07A32AFA574A6EBB9CE08E8604B58203C284CFE8D76 |
SSDEEP: | 6:2CoSHKPWwAG/PXVYs4RAT4GGTTwVk0HLG711t:2YURAkPgRAMGGTgk0ru |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
700 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://h.parrable.com/prebid?data=eyJ0cmFja2VycyI6WyJmYTgwYTc5My03NjJjLTQyYTgtOTkzOC1jYWU1ZjRhMmFlNjgiXSwidXJsIjoiaHR0cHM6Ly9maW52aXouY29tLyIsInByZWJpZFZlcnNpb24iOiI2LjE4LjAiLCJpc0lmcmFtZSI6ZmFsc2UsImZpbHRlckhpdHMiOjE2fQ..&gdpr=0&_rand=0.7751393602174699" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3888 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:700 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
672 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\prebid.json | C:\Windows\system32\rundll32.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3396 | "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\prebid.json" | C:\Program Files\Mozilla Firefox\firefox.exe | — | rundll32.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 83.0 Modules
| |||||||||||||||
2516 | "C:\Program Files\Mozilla Firefox\firefox.exe" -url "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\prebid.json" | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | ||||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 83.0 Modules
| |||||||||||||||
2956 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2516.0.1155416681\379102301" -parentBuildID 20201112153044 -prefsHandle 1136 -prefMapHandle 1128 -prefsLen 1 -prefMapSize 238726 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2516 "\\.\pipe\gecko-crash-server-pipe.2516" 1224 gpu | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 1 Version: 83.0 Modules
| |||||||||||||||
3548 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2516.6.45421094\763347814" -childID 1 -isForBrowser -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 181 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2516 "\\.\pipe\gecko-crash-server-pipe.2516" 2348 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 83.0 Modules
| |||||||||||||||
1288 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2516.13.176402449\1991925213" -childID 2 -isForBrowser -prefsHandle 3144 -prefMapHandle 3140 -prefsLen 6644 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2516 "\\.\pipe\gecko-crash-server-pipe.2516" 3156 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 83.0 Modules
| |||||||||||||||
3412 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2516.20.1762477066\1423830993" -childID 3 -isForBrowser -prefsHandle 3524 -prefMapHandle 3188 -prefsLen 7307 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2516 "\\.\pipe\gecko-crash-server-pipe.2516" 1768 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 83.0 Modules
| |||||||||||||||
1860 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2516.27.460745880\161388873" -childID 4 -isForBrowser -prefsHandle 3784 -prefMapHandle 3756 -prefsLen 7470 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2516 "\\.\pipe\gecko-crash-server-pipe.2516" 3796 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 83.0 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
700 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | binary | |
MD5:972759598F69E3F58E717FBA2949E57F | SHA256:6FD29786D410450C778FAA4874F29FB003879638A33F2864034306FB413E04B0 | |||
3888 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\54C62B182F5BF07FA8427C07B0A3AAF8_786EA6C36BF7ABFF201B638497282D19 | der | |
MD5:49154D0AFEC9796668590E3167DA0C93 | SHA256:3FFC847B3068BB9184A13E9B1FE8E2E7CAD3161942CBC69F019046FA1E59E631 | |||
700 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:B8BDA0B382A7D056A4241B388338B778 | SHA256:7BAA967F6686CCE471826B20FFA5CB7FEB4BF3C5C0BF43F51F08E84EB5850DD2 | |||
3888 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D451DDCFFF94F1A6B8406468FA3558_E4A7C6A10F816F002B00DE3B58B7E44E | der | |
MD5:8A7A476E52F27D86C2076A7A9F438475 | SHA256:7988C84589EF0182B7DB0D9742B38B0BB988F5794C2C453DFB96147016919798 | |||
700 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFA5FD5655EBF29B36.TMP | gmc | |
MD5:AE26585048C02AFB4CCE03C2A604D748 | SHA256:45772D1C6AEB26BEB6D44A5EAE55674B7F72669569CC4FAC931AC6B0FCF20C83 | |||
3888 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CE7B026C819922EDB9B7ED78605E20A3_9C4E6918B80696105F6DD4FA5A223E81 | der | |
MD5:5265227AECABA9E474A971B24051586A | SHA256:F91251CD2F737A58D716B740BE71E59035DBCD8D6D17EAD6CCC2F30D71FA8011 | |||
700 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:850DF7A41F3E19E8E5C25A90461335A9 | SHA256:EEA556AC081E5AB92E54C306D4EA61245BC5AB101E04A65FAA063D2D96206124 | |||
3888 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZ7MUZD3.txt | text | |
MD5:3C06FEBB9BD3A14BCB4749AD1BFD6FCD | SHA256:6B7CF9D7AD3FC7EF07A4C5957874C34EE577588B41B6F96E2A25CD51E5600F9B | |||
3888 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CE7B026C819922EDB9B7ED78605E20A3_9C4E6918B80696105F6DD4FA5A223E81 | binary | |
MD5:0ACDAB6B5FBFF686C75051802C8A4276 | SHA256:8A91D3E0C179B6A353DB12B980D400F47665962FE8B830715FB5C9192F8BFF39 | |||
2516 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2516 | firefox.exe | POST | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gts1c3 | US | der | 471 b | whitelisted |
3888 | iexplore.exe | GET | 200 | 52.6.97.148:80 | http://ocsps.ssl.com/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBQMDtATfnJO6JAXDQoHl8pAaJdhTQQU3QQJB6L1en1SUxKSle44gCUNplkCCAmX7RCdHwf8 | US | der | 719 b | whitelisted |
700 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
2516 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3888 | iexplore.exe | GET | 200 | 23.36.162.85:80 | http://sslcom.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDkJwSV9oyR1tDse0lOpN8c | NL | der | 1.54 Kb | whitelisted |
700 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3888 | iexplore.exe | GET | 200 | 52.6.97.148:80 | http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTUkpS%2BK0oZhSMx%2FmmCZ76UqdjUxQQUJhR%2B4NzXpvfi1AQn32HxwuznMsoCEAiPe3Ipmm87iqlBZ9l1zqE%3D | US | der | 1.84 Kb | whitelisted |
1536 | firefox.exe | POST | — | 13.225.84.107:80 | http://ocsp.sca1b.amazontrust.com/ | US | — | — | whitelisted |
2516 | firefox.exe | GET | 200 | 34.107.221.82:80 | http://detectportal.firefox.com/success.txt | US | text | 8 b | whitelisted |
2516 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
700 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
700 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3888 | iexplore.exe | 35.196.86.86:443 | h.parrable.com | GOOGLE-CLOUD-PLATFORM | US | suspicious |
700 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | EDGECAST | US | whitelisted |
3888 | iexplore.exe | 23.36.162.85:80 | sslcom.ocsp-certum.com | Akamai International B.V. | DE | suspicious |
3888 | iexplore.exe | 52.6.97.148:80 | ocsps.ssl.com | AMAZON-AES | US | suspicious |
2516 | firefox.exe | 34.107.221.82:80 | detectportal.firefox.com | GOOGLE | US | whitelisted |
— | — | 35.196.86.86:443 | h.parrable.com | GOOGLE-CLOUD-PLATFORM | US | suspicious |
2516 | firefox.exe | 52.222.214.116:443 | firefox.settings.services.mozilla.com | AMAZON-02 | US | suspicious |
700 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
Domain | IP | Reputation |
---|---|---|
h.parrable.com |
| suspicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
sslcom.ocsp-certum.com |
| whitelisted |
ocsps.ssl.com |
| whitelisted |
detectportal.firefox.com |
| whitelisted |
prod.detectportal.prod.cloudops.mozgcp.net |
| whitelisted |
firefox.settings.services.mozilla.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2516 | firefox.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
1536 | firefox.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
1536 | firefox.exe | Potentially Bad Traffic | ET INFO Terse Request for .txt - Likely Hostile |
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .cloud TLD |
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .cloud TLD |