URL: | http://www.snice.gob.mx |
Full analysis: | https://app.any.run/tasks/886a3e9a-4278-49d5-b059-ceb68a9725ea |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 16:50:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 21AF8A860FDF9AC3F5834DB32951FAD7 |
SHA1: | 608F08A16E7A490FE6E626AC010BF6254C53E98D |
SHA256: | 864681D5606304BB834072407AD6989C8BA05D51D78836AF0094EA2571A507F4 |
SSDEEP: | 3:N1KJS4NXtrId:Cc4c |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2208 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.snice.gob.mx" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3108 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2208 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2208 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:111DCDB55A88510DB3C1E141A0EA1538 | SHA256:022A2CD07C65A61F3419427C0D278028CC8FD3C40D593279C2035D881013973B | |||
3108 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | binary | |
MD5:95D5CC0F7AA5BC3A75BA0E34F0DF9AC6 | SHA256:82AD6A8AE6D663197E9E3549CA72BE009E6FA3B6C5B26BBCC715A27BECA8616A | |||
2208 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\DAO9CHXE.txt | text | |
MD5:AF7FF8F7772CBC4AA3DBFCD488F16BC1 | SHA256:CA3F069237D452B769DA9C47594A6EDF2EA3F0DA8D8597AE4545B3DDC1F2726F | |||
2208 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:BE0FA06069F58532AD6D2C163000DF22 | SHA256:071CC41001E5F310928CB94875E91F22D50615746ABEA5BC7B3043A336593606 | |||
2208 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
2208 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:4F2F9103B7A532DE72A95BF4087B5CF1 | SHA256:47F38B73D2088A527EA457D4238762658EC5202D1BA0CFCC808CA61E07F72D17 | |||
3108 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7525938C4724F83FC69F40454EF107A4 | binary | |
MD5:05376061B4101F4C605025A8D26E0041 | SHA256:E5E7BBC33C04A2F3B03BBC749DFC09C3F43F5AE06C10A7E1B592EAB6DF1A9859 | |||
2208 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:6388DBC7BD8AE6F803FE355512DAFA22 | SHA256:CA4D9C5F771EA972A319842DCF9FFEABA3048E758335343E65C823C6DFE6377F | |||
2208 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\urlblockindex[1].bin | binary | |
MD5:FA518E3DFAE8CA3A0E495460FD60C791 | SHA256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7 | |||
2208 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\0NS9V69J.txt | text | |
MD5:DDDD8DC0238F3873746FC2F8B5BF48D8 | SHA256:0CDBFD5696395D34C74AA84D7151BAEA5CEF66D697DBB4CF0925376C586F595E |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3108 | iexplore.exe | GET | 200 | 95.101.89.75:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSeh%2Bn1vZNWfqk633j%2F0hmBLA%3D%3D | unknown | binary | 5 b | shared |
3108 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
3108 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
2208 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3108 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCrvyQ4GllugQoAAAABK4Az | US | der | 472 b | whitelisted |
3108 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
2208 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3108 | iexplore.exe | GET | 200 | 95.101.89.24:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQo5QoB8Qmn0MsaWNcStXvKbg%3D%3D | unknown | der | 503 b | shared |
3108 | iexplore.exe | GET | 200 | 104.89.32.83:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
2208 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2208 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
3108 | iexplore.exe | 187.217.44.138:80 | www.snice.gob.mx | — | MX | unknown |
3108 | iexplore.exe | 187.217.44.138:443 | www.snice.gob.mx | — | MX | unknown |
2208 | iexplore.exe | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2208 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2208 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2208 | iexplore.exe | 204.79.197.200:443 | ieonline.microsoft.com | Microsoft Corporation | US | whitelisted |
3108 | iexplore.exe | 104.89.32.83:80 | x1.c.lencr.org | Akamai Technologies, Inc. | NL | suspicious |
3108 | iexplore.exe | 95.101.89.75:80 | r3.o.lencr.org | Akamai International B.V. | — | unknown |
2208 | iexplore.exe | 187.217.44.138:443 | www.snice.gob.mx | — | MX | unknown |
Domain | IP | Reputation |
---|---|---|
www.snice.gob.mx |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |
ieonline.microsoft.com |
| whitelisted |