URL: | https://cloud.malwarebytes.com/acceptinvite?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOiIyMDIyLTAyLTA3VDE1OjMwOjQzWiIsInMiOjIsInYiOjEsInQiOiJ1aSIsImtpZCI6ImRlZmF1bHQiLCJkIjp7InVpZCI6ImMwMDdhYzMyLTUyOTQtNDcyNS1hOGJmLWY0ODkxOTRkMGJmNSIsImFpZCI6IjAwNzQ2MDg4LWU3NjItNDM2Yi1iNjY4LTllNjdmYzFlZWZjYyJ9fQ.qfSUbICYn4Y5ItIvwB1C3jQH0ROlED394zwWSkKg309h0Home2mZwm1jbsDYqX7PGGidWAacbb7izCezE6uHFw__;!!KGfBWX4!9La0BKXl9V7bNqH_V3MtdBDoucLO5Vn5DS-0zvpRHQi0k7vyYdTnrVCfLctEo3v9GpT5K6E$ |
Full analysis: | https://app.any.run/tasks/a699634b-0176-4120-9b69-fff44bcd0676 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 15:33:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | C0FCB810B131CF77CDE5753816D17B1D |
SHA1: | 77B81B3D662890060FFCA1A7F467BAE7B26BDBDD |
SHA256: | 7C3B256727439B4155DB50A69E94DDF775EA1F002F89CA8F3644AD926B67ED84 |
SSDEEP: | 12:2U+T4xiA6CnjF8x+Yzkgz2Am8prRwM4We21tV7r:2U+T0iA6Wg+YzzW8ptScZr |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1704 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://cloud.malwarebytes.com/acceptinvite?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOiIyMDIyLTAyLTA3VDE1OjMwOjQzWiIsInMiOjIsInYiOjEsInQiOiJ1aSIsImtpZCI6ImRlZmF1bHQiLCJkIjp7InVpZCI6ImMwMDdhYzMyLTUyOTQtNDcyNS1hOGJmLWY0ODkxOTRkMGJmNSIsImFpZCI6IjAwNzQ2MDg4LWU3NjItNDM2Yi1iNjY4LTllNjdmYzFlZWZjYyJ9fQ.qfSUbICYn4Y5ItIvwB1C3jQH0ROlED394zwWSkKg309h0Home2mZwm1jbsDYqX7PGGidWAacbb7izCezE6uHFw__;!!KGfBWX4!9La0BKXl9V7bNqH_V3MtdBDoucLO5Vn5DS-0zvpRHQi0k7vyYdTnrVCfLctEo3v9GpT5K6Ef7f81a39-5f63-5b42-9efd-1f13b5431005quot; | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3364 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1704 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3364 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\main.a7bb1d2acbd23100a539[1].js | — | |
MD5:— | SHA256:— | |||
1704 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:EA697B3A4E46DA7A87EDEF6C76EF49C8 | SHA256:44E7243FBC443B7EA3381241819CD9602777CD2730BC8E464DAFB1382722E5FF | |||
1704 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
3364 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:494A7483CEAF488A79CB45418E88ECCD | SHA256:9A65904F97742B3D8844EFAFCE7D9E9DA7C1B96A8FDE541E718768AE68293D50 | |||
3364 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\pa-5b632c6e54acd30016000074[1].js | text | |
MD5:98E3E536609D2C9108BAEF4071C9D27B | SHA256:045D043E10AD5E97FD2A1C4FF72FCB9F71CB6D4E1718AC61F202885C6900003B | |||
3364 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | der | |
MD5:0213524244EAF6A7E638BB1910432065 | SHA256:2CCB09AE116851A6DFF4849062A18092D522A05897CECB74DFCA383AA2DEA296 | |||
3364 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB | der | |
MD5:B909D28A0CAA2EF2175531394A2A34D2 | SHA256:962E1A290EA3C149206D07C8F2404A8C09CA29EA766E0C52E06C5AE858A7227A | |||
3364 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:558008A1ACB9C16CEA82D052C9F2F163 | SHA256:116E9F181F29403015CF554793D7B2D4ED05CF4397931BE67C148FFF4D847ED4 | |||
3364 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_080DA4C7E39DA7D2EB5C89E371F23C5B | der | |
MD5:D80C777E8744B7ED7E26A3E30F06BCA4 | SHA256:D9F7A4A5D23858F400E7D36F804A49A3B167FC9D00E3E6E566A962F0DF086B22 | |||
3364 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_979AB563CEB98F2581C14ED89B8957D4 | der | |
MD5:111677F8AB7BF2CD4890348C6B199243 | SHA256:BCB4038717487BBB76E6B81626F99FA6FEE43AFD5F157748306CCEA6A3084688 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3364 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
3364 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3364 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
1704 | iexplore.exe | GET | 200 | 13.107.4.50:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?827d66014578e129 | US | compressed | 4.70 Kb | whitelisted |
3364 | iexplore.exe | GET | 200 | 104.18.31.182:80 | http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D | US | der | 313 b | whitelisted |
3364 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
3364 | iexplore.exe | GET | — | 104.18.31.182:80 | http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDRNXyea8Ikn9qK7ymLa4kY | US | — | — | whitelisted |
3364 | iexplore.exe | GET | 200 | 104.18.30.182:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEBblhnjgcJQ5S9%2FbTvymO98%3D | US | der | 471 b | whitelisted |
3364 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEA40Kkp7i00IoNtSEGCe3UI%3D | US | der | 278 b | whitelisted |
1704 | iexplore.exe | GET | 200 | 13.107.4.50:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d85cd64283bf8617 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1704 | iexplore.exe | 13.107.4.50:80 | ctldl.windowsupdate.com | Microsoft Corporation | US | whitelisted |
3364 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1704 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1704 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3364 | iexplore.exe | 99.86.3.45:443 | cloud.malwarebytes.com | AT&T Services, Inc. | US | malicious |
3364 | iexplore.exe | 104.22.54.104:443 | rum-static.pingdom.net | Cloudflare Inc | US | suspicious |
3364 | iexplore.exe | 178.79.242.128:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | DE | malicious |
3364 | iexplore.exe | 99.86.3.70:443 | cloud.malwarebytes.com | AT&T Services, Inc. | US | unknown |
3364 | iexplore.exe | 142.250.74.200:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
3364 | iexplore.exe | 104.18.70.113:443 | static.zdassets.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
cloud.malwarebytes.com |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
rum-static.pingdom.net |
| whitelisted |
static.zdassets.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |