URL: | https://stats.norton.com/n/p?module=9151&product=SymCCIS&version=2.1.3.25&language=09.01&os=10.0.19041.0.0&y=1033&b=adobeebook&a=SetProductOfferStatus&f=ns&o=0&error=0&i=1 |
Full analysis: | https://app.any.run/tasks/3f12fde9-b435-4fc7-ab1e-73624360138b |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 21:37:42 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | F5832F38A027FF88AE29FD055A261CF9 |
SHA1: | 533DF982C5DE6BB7411A3F268709EE541814B619 |
SHA256: | 787E59D1AA1AA88ADE0524B66F9244FA06D01D8A530003F6B66715CA9FBC5891 |
SSDEEP: | 3:N8cvLMsLycKcc+dY258KsXLUiqTC92AN5X+yLRD4teM6DDy2ImEKSIVQ5:2cvoqUccOY2KFLU5pANJ+yee/fyiU5 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3148 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://stats.norton.com/n/p?module=9151&product=SymCCIS&version=2.1.3.25&language=09.01&os=10.0.19041.0.0&y=1033&b=adobeebook&a=SetProductOfferStatus&f=ns&o=0&error=0&i=1" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
120 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3148 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3148 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:3373322FA730078CADD97424A026007A | SHA256:B6893BF3AB75C3CB9B675B825E9454DB1AAB090E847DD965B932E7E0806A4762 | |||
120 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27 | der | |
MD5:9839A043052095E8F22D3FD89D44151F | SHA256:E6139623A492D2D9064331913C9E6118E58E99989DE22882C5BADA3092971447 | |||
120 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\p[1].txt | text | |
MD5:D1EC51792AA0D45C6BA278933E7C558D | SHA256:4A18C8969D303BE0E9FB1F5E8BB48675B0847B2B7D60FD9522275171FABF4E81 | |||
3148 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:290A85BD3E7285CDEDA1602A9E12A7DF | SHA256:17AE86541BE373B2DB8A4B77D7E7626966637E5A6052F290A3B598A56F5123C9 | |||
120 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:642C2F2AD66B7112E289C445645F6461 | SHA256:48C262A757C0DFADEEC8067D380866FE2475B7187854044B119BDFECF0001D82 | |||
120 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_A0F0375F66C2B8D63D4A5364CE413411 | binary | |
MD5:B1A2BCE286137AE1E7918102EF657A1D | SHA256:BACAD12529B72197CD3F7CBE16627C70F2102BEBA8C09BF9CF9CD807F729DE9E | |||
3148 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml | xml | |
MD5:CBD0581678FA40F0EDCBC7C59E0CAD10 | SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9 | |||
3148 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verD0B.tmp | xml | |
MD5:CBD0581678FA40F0EDCBC7C59E0CAD10 | SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9 | |||
120 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27 | binary | |
MD5:ADCADDD3C83C5784F36F8FBC431E51E5 | SHA256:A0F123AAC33CA99C9777F2BFE0C03EA4D52A90B1B4CC0353FF501F405D8BA593 | |||
120 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_A0F0375F66C2B8D63D4A5364CE413411 | der | |
MD5:AF9DE9645404650D0D8AF95585A69021 | SHA256:E20C3A285A30B35E1FEF98DE3CF404416A8723E17A0A8B33C1C3BA8507944A2B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3148 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
120 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAUMqnvU5BQ5bcnMpxjh93A%3D | US | der | 471 b | whitelisted |
120 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D | US | der | 471 b | whitelisted |
3148 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
120 | iexplore.exe | GET | 200 | 67.27.234.126:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?324763103124cedb | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
120 | iexplore.exe | 13.64.142.149:443 | stats.norton.com | Microsoft Corporation | US | suspicious |
120 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3148 | iexplore.exe | 13.64.142.149:443 | stats.norton.com | Microsoft Corporation | US | suspicious |
120 | iexplore.exe | 67.27.234.126:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3148 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3148 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3148 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
stats.norton.com |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |