URL: | https://apm-server.djiops.com:443 |
Full analysis: | https://app.any.run/tasks/6e2cbba6-6f29-446f-ad08-054949b21d2d |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 10:02:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 6406517995ED8818ABB5C711837DB00A |
SHA1: | 8AA5760686F59CA88FF3C5D8714C63524F77F14D |
SHA256: | 7EF1B02EA0E483C6AB248B1033E222E70B4737446DA709E07C1B914BE1580679 |
SSDEEP: | 3:N8HIWAXpcwn:2L/w |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2600 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://apm-server.djiops.com:443" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2908 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2600 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2600 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
2600 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:A562BAAEA28143780AB9C947FBD5F30E | SHA256:732A3BB95642B0837DFEC8F3A877255139BB940B60DE1315063B91A866C50E66 | |||
2908 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D | binary | |
MD5:4A0200148B90DB650F6CAF8D887A9295 | SHA256:CCE65BBC7AA723245CF4A2AEC40B5E1E1C777214CA1C6DA1062217E145BF2ACE | |||
2600 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:D67A2910AA63EBED9F817161BE1C488E | SHA256:61FF7EFBC0854D5CA69B9395222014B4EF30B8AEC3D0DDE23D2CDE1B72011700 | |||
2908 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | der | |
MD5:594D802A0CCC428FCDFC397BD6ED09AA | SHA256:E11D57A7187C2B184F45CE8158C0749F632403F5D4EDC2910107A1868951A9A2 | |||
2908 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103700625405272748FDFCB5A85AB88C_89EACE1DC59A5488A593D0B06CF882FC | der | |
MD5:69AD828579A12F67E46E6AFC242574BE | SHA256:828044C231D474195245E501763A9BA6855651D323375B793FB0DB9B40FB3BAB | |||
2908 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D | der | |
MD5:D278C51CA06FEC5E74F92F14125912F7 | SHA256:50AF64F26654608296A49CA6A07A7AFD3DFD5FFEFF5603433985EC879D3DEF35 | |||
2600 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:CC88567CEA06C63840E55D95AAF6A63A | SHA256:609140FCE713144D693481AE27B76E836E48356C55D518891839D64C45EDFEA2 | |||
2908 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103700625405272748FDFCB5A85AB88C_89EACE1DC59A5488A593D0B06CF882FC | binary | |
MD5:F405B8CC67C6793ADCC11772FCEC8CCE | SHA256:BCB36DCEEE42EAB329B00776B9A637D899732F8BAB3CD93D72B2E31D929F580C | |||
2600 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2908 | iexplore.exe | GET | 200 | 192.124.249.41:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
2908 | iexplore.exe | GET | 200 | 192.124.249.41:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
2600 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2600 | iexplore.exe | GET | 200 | 8.241.9.126:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?700daeddb9be713e | US | compressed | 4.70 Kb | whitelisted |
2600 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2908 | iexplore.exe | GET | 200 | 192.124.249.41:80 | http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCD3jBj4JrH12 | US | der | 1.74 Kb | whitelisted |
2908 | iexplore.exe | GET | 200 | 8.248.137.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f443ad68667e6b58 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2908 | iexplore.exe | 163.181.56.170:443 | apm-server.djiops.com | — | US | malicious |
2600 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2600 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2908 | iexplore.exe | 8.241.9.126:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
2600 | iexplore.exe | 8.241.9.126:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
2908 | iexplore.exe | 192.124.249.41:80 | ocsp.godaddy.com | Sucuri | US | suspicious |
— | — | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2908 | iexplore.exe | 8.248.137.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
2600 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2908 | iexplore.exe | 163.181.56.175:443 | apm-server.djiops.com | — | US | suspicious |
Domain | IP | Reputation |
---|---|---|
apm-server.djiops.com |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |