URL: | https://www.surveymonkey.com/r/TYWQRPQ |
Full analysis: | https://app.any.run/tasks/1e46b024-28cb-48b6-b15c-20939efa3988 |
Verdict: | Malicious activity |
Analysis date: | February 21, 2020, 21:17:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 1DD816922E111FA5A5666A9609FE06E2 |
SHA1: | D4E3BC783422A0D815F83ECB2740BC6596D949CA |
SHA256: | 86632EDC8B01A8967B6FD18442939A595DCA0B542227C9770C89D3669376110E |
SSDEEP: | 3:N8DSLzZv6dKZO+:2OLAMs+ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3924 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.surveymonkey.com/r/TYWQRPQ | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1832 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3924 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1832 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab80F0.tmp | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar80F1.tmp | — | |
MD5:— | SHA256:— | |||
3924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQ37RWQU.txt | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\17KZOABL.txt | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JMY1J0X.txt | — | |
MD5:— | SHA256:— | |||
1832 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E11E75149C17A93653DA7DC0B8CF53F_836C036B0FA623799E8B8A784007E0B3 | binary | |
MD5:A3A5B65E5601B89E40C451360CECFFE1 | SHA256:5E7D656C5C1424877BF410D4A88FF3FC4C2B871C8AE46A041A3761AC91A479A6 | |||
1832 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | binary | |
MD5:9F254C56BBFEC2A8E61031639E6004C9 | SHA256:CFA91E79D19BE483DF3D6235C6884F9464919781EC7AB6622FDD0D9D51C2AD9F | |||
1832 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874 | der | |
MD5:2D2A2FF91E1EF4581D40423A1BCCD1AD | SHA256:A2A49490F4FF597D4DDE1B5611F88834D3A177E08EBE702B16189E159951C584 | |||
1832 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\smlib.surveytemplates-survey_page-bundle-min.39be3900[1].css | text | |
MD5:39BE39009E606800D98B36DE0C38CB1D | SHA256:AA6C38B37024A0EBABE0F0DE82215A5071C629D178857087057A1A0BD7565C47 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1832 | iexplore.exe | GET | 200 | 72.21.91.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAGC%2BAmOouYmuRo7J4Qfua8%3D | US | der | 1.47 Kb | whitelisted |
1832 | iexplore.exe | GET | 200 | 216.58.205.227:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDu3mVgzTXArwIAAAAAWXG3 | US | der | 472 b | whitelisted |
1832 | iexplore.exe | GET | 200 | 72.21.91.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
1832 | iexplore.exe | GET | 200 | 72.21.91.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuqL92L3tjkN67RNFF%2FEdvT6NEzAQUwBKyKHRoRmfpcCV0GgBFWwZ9XEQCEAgt9o7pxpMVvr9yB5s4EP0%3D | US | der | 471 b | whitelisted |
3924 | iexplore.exe | GET | 200 | 72.21.91.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
1832 | iexplore.exe | GET | 200 | 216.58.205.227:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCSaJP2bCz9oAgAAAAALnFI | US | der | 472 b | whitelisted |
1832 | iexplore.exe | GET | 200 | 216.58.205.227:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
1832 | iexplore.exe | GET | 200 | 72.21.91.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEA8Z1S1D5wokxRW9RfQJQUE%3D | US | der | 471 b | whitelisted |
3924 | iexplore.exe | GET | 200 | 72.21.91.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
1832 | iexplore.exe | GET | 200 | 216.58.205.227:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDu3mVgzTXArwIAAAAAWXG3 | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3924 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1832 | iexplore.exe | 72.21.91.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1832 | iexplore.exe | 64.191.16.50:443 | www.surveymonkey.com | SurveyMonkey Inc. | US | suspicious |
1832 | iexplore.exe | 172.217.23.106:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
1832 | iexplore.exe | 216.58.205.227:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
1832 | iexplore.exe | 2.16.186.122:443 | secure.surveymonkey.com | Akamai International B.V. | — | whitelisted |
1832 | iexplore.exe | 172.217.23.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
1832 | iexplore.exe | 151.101.2.133:80 | ocsp.globalsign.com | Fastly | US | malicious |
1832 | iexplore.exe | 151.101.2.110:443 | js-agent.newrelic.com | Fastly | US | suspicious |
1832 | iexplore.exe | 172.217.23.99:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.surveymonkey.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
secure.surveymonkey.com |
| shared |
ajax.googleapis.com |
| whitelisted |
surveymonkey-assets.s3.amazonaws.com |
| shared |
ocsp.pki.goog |
| whitelisted |
fonts.gstatic.com |
| whitelisted |