File name: | Expo2020 Expenses ___fdp.htm |
Full analysis: | https://app.any.run/tasks/c3e4f6f7-d674-466c-aecd-4d7950db3eb7 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 07:16:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines, with no line terminators |
MD5: | 41BE2E62D59A5F3F4342EFB244EEE264 |
SHA1: | 01C41DC6287AA1B0E1F9A114CC038C2BCD2FF906 |
SHA256: | 7EDA18007A4E0C4D1BEECDA691F04A33A226EAD94EBF61A1EC3430F0F0AF79BE |
SSDEEP: | 6:QBYKFEu/5kQJ48iJEtpkcUcgITlGBXE9l9XJ0mpozQwNisEpzp3XlLa7xM+YRYb:mEwmXVcgIRoXaNJ1papEpN3XdtrYb |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
904 | "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\Downloads\Expo2020 Expenses ___fdp.htm" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3380 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:904 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1864 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:904 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1864 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | binary | |
MD5:B538CB9B5CA0D9FBD23F942330B86B96 | SHA256:468341105F36231BBC88CBA2EF067B452A7031DD315AF8906AD38D0C244224D9 | |||
1864 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 | binary | |
MD5:BF96A0A95A4562E9508CA6D55C206377 | SHA256:EE1A4F58D062AE3A0AA626DB388B3857ED99A52DE2D7B721A0BC1F8FFD5750F5 | |||
1864 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab1FC8.tmp | compressed | |
MD5:D15AAA7C9BE910A9898260767E2490E1 | SHA256:F8EBAAF487CBA0C81A17C8CD680BDD2DD8E90D2114ECC54844CFFC0CC647848E | |||
1864 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\D1W5GGXP.txt | text | |
MD5:BF234E52C4D641CD376E22F18A35A36D | SHA256:E3C337819D51226850EDA1BE285C5E5141582D859D4560DC7F6D4F1085FC6C67 | |||
1864 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | binary | |
MD5:EA3885B7A802C1B3CE5EAF9C89B27DFF | SHA256:F6B49DD16E183C83F6B8089C219D489E50974F964B2A2159C5D4B7D3E291D366 | |||
1864 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab1FCA.tmp | compressed | |
MD5:D15AAA7C9BE910A9898260767E2490E1 | SHA256:F8EBAAF487CBA0C81A17C8CD680BDD2DD8E90D2114ECC54844CFFC0CC647848E | |||
1864 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:C2075BB2E02AE25987997CF9402D0C25 | SHA256:6DCDD78F3DF5A4C619114891123184BFAAB87FD445B5D37D5D096558D28238A0 | |||
1864 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:D15AAA7C9BE910A9898260767E2490E1 | SHA256:F8EBAAF487CBA0C81A17C8CD680BDD2DD8E90D2114ECC54844CFFC0CC647848E | |||
904 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:6A9C9AAAD47A858879A5655B175825C8 | SHA256:556C28AE4E43812B99A48D14E20D647BC6AF0F293429E3613C1ABCFBD249C16F | |||
904 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:3FBDBCB0AA1DD35F82EAC5E1A27EAA35 | SHA256:5034A885373CDF24225954C572174BA7CABD0836BA6BE6E39F4D18EF111BE6B3 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1864 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
904 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
904 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
904 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
1864 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?cedaaf2531d4f4b6 | US | compressed | 60.9 Kb | whitelisted |
1864 | iexplore.exe | GET | 200 | 65.9.58.194:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
1864 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0265054a56ee80d4 | US | compressed | 60.9 Kb | whitelisted |
1864 | iexplore.exe | GET | 200 | 99.86.1.226:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
904 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2f858e4afebb5e2a | US | compressed | 4.70 Kb | whitelisted |
904 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
904 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
1864 | iexplore.exe | 99.86.1.91:80 | ocsp.rootg2.amazontrust.com | AMAZON-02 | US | whitelisted |
1864 | iexplore.exe | 143.204.215.104:443 | www.navitime.co.jp | AMAZON-02 | US | suspicious |
904 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
1864 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
1864 | iexplore.exe | 209.94.90.1:443 | ipfs.io | PROTOCOL | US | suspicious |
904 | iexplore.exe | 143.204.215.104:443 | www.navitime.co.jp | AMAZON-02 | US | suspicious |
1864 | iexplore.exe | 99.86.1.226:80 | ocsp.rootg2.amazontrust.com | AMAZON-02 | US | whitelisted |
1864 | iexplore.exe | 65.9.58.194:80 | o.ss2.us | AMAZON-02 | US | suspicious |
904 | iexplore.exe | 131.253.33.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.navitime.co.jp |
| suspicious |
o.ss2.us |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
ipfs.io |
| malicious |
ocsp.sca1b.amazontrust.com |
| whitelisted |