URL: | https://www25.zippyshare.com/d/kVr5u7Is/47360/PaymentList&AccountStatement.zip |
Full analysis: | https://app.any.run/tasks/2f104ff4-11ae-4bcb-8f7c-af47b043127b |
Verdict: | Malicious activity |
Analysis date: | January 25, 2022, 03:09:36 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 6C1DB24834FE02FBBA3B9EA56876F50D |
SHA1: | 4A94199EE41A3E023624AE66B9AA1E3FB4308482 |
SHA256: | 87C447497F5FB6D7A4D355E1602DDAAA41C6465E59198DEDF210D69CA518B9D1 |
SSDEEP: | 3:N8DSXekhGKxKmQQSsWJB1IuJDkGGLltApR4n:2OXekhGNQSsWJPTDPGLQpR4n |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2184 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://www25.zippyshare.com/d/kVr5u7Is/47360/PaymentList&AccountStatement.zip" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3544 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2184 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1524 | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Integrity Level: MEDIUM Description: Adobe� Flash� Player Installer/Uninstaller 32.0 r0 Version: 32,0,0,453 Modules
| |||||||||||||||
2356 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2184 CREDAT:1250569 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2608 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2184 CREDAT:2102574 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3544 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\M0Y5JYLU.txt | text | |
MD5:2B379230E3C539C1EF614DCA2B3A1F5B | SHA256:0E995ECD1F35522F89E42F3F45F8DFC975D34AA259A262BFCB4DFDF8B8F5104A | |||
3544 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001 | der | |
MD5:AA222DF0709B1B370A1879B62C7166F4 | SHA256:D73AACFAF3B2E02C2211DA4CC5B5F5E9B43EC25704C6B60BBF46213B5EEC3832 | |||
3544 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | der | |
MD5:D94C08EB9C2992C5D8CFE12C5E185A6B | SHA256:56B861E5117B8E08800AFD24DB0133D298E11E478ADB1D17DFE7654DBA08D5A5 | |||
3544 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\sw[1].js | text | |
MD5:D2BBDC37A9EFFB0E85D055AE1BFC5A00 | SHA256:4958E1EA3A29551F08C6FFC404AD0DA6EA8B96DE227C30F7211BBA6612EF9166 | |||
3544 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC570EC0DE58335AFAF92FDC8E3AA330_463E2D5ADA488A95CC1A4E75E187CDE3 | der | |
MD5:0D86318E777E2F729E2CDF7D9AC505B6 | SHA256:1B5D4A4B55E1FAEC2C785820B20DD1FCCBD327257CAAE9A00C38C0F3F8E07C4D | |||
3544 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC570EC0DE58335AFAF92FDC8E3AA330_463E2D5ADA488A95CC1A4E75E187CDE3 | binary | |
MD5:3A6D0433485F14FBFC70DE2357C4A1A7 | SHA256:1EBCCC96A21F6E77CF98E03A3A296AF8DA4B03F797F0CE85E3231A0614369249 | |||
3544 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001 | binary | |
MD5:DBE2FD0B04EB98F480FFC97B10188055 | SHA256:45AD7F8ACE7BFBC60EBEB896935F1332052C5C270CC8D83425B8B80691BBBB30 | |||
3544 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | der | |
MD5:0213524244EAF6A7E638BB1910432065 | SHA256:2CCB09AE116851A6DFF4849062A18092D522A05897CECB74DFCA383AA2DEA296 | |||
3544 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:767FC14CB4E8B725FEEDD1FCAB409CA7 | SHA256:D52FFD2FF56159A5EED8F8B90932EF527274DDFF8B8049CBDE50B4EFA0F4C3BE | |||
3544 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\file[1].htm | html | |
MD5:E2255D8B2B405768123D834F6AF17877 | SHA256:3A6953FD2C3427FF39C416C648956ED154B23A7EA67A40E2E168CCB8B4C021DC |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3544 | iexplore.exe | GET | — | 18.66.92.207:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | — | — | whitelisted |
3544 | iexplore.exe | GET | 200 | 104.18.30.182:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
3544 | iexplore.exe | GET | — | 67.27.159.126:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?bb7e75778f46b441 | US | — | — | whitelisted |
3544 | iexplore.exe | GET | — | 178.79.242.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f5f59f6fcde7080a | DE | — | — | whitelisted |
3544 | iexplore.exe | GET | — | 142.250.184.195:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | — | — | whitelisted |
3544 | iexplore.exe | GET | 200 | 2.16.107.115:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSufhU5uwQ41DP7dAU%2FKkpf7w%3D%3D | unknown | der | 503 b | shared |
3544 | iexplore.exe | GET | 200 | 2.16.107.115:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQoKJRLn8igwUrITnpQe8eqUQ%3D%3D | unknown | der | 503 b | shared |
3544 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8DYx | US | der | 1.41 Kb | whitelisted |
3544 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp2.globalsign.com/gsalphasha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSE1Wv4CYvTB7dm2OHrrWWWqmtnYQQU9c3VPAhQ%2BWpPOreX2laD5mnSaPcCDHiZ3cyZU1py0JumCA%3D%3D | US | der | 1.40 Kb | whitelisted |
3544 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDgAde1VeKYIQoAAAABK4GI | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3544 | iexplore.exe | 46.166.139.184:443 | www25.zippyshare.com | NForce Entertainment B.V. | NL | malicious |
3544 | iexplore.exe | 104.18.20.226:80 | ocsp.globalsign.com | Cloudflare Inc | US | shared |
3544 | iexplore.exe | 142.250.186.100:443 | www.google.com | Google Inc. | US | whitelisted |
3544 | iexplore.exe | 67.27.159.126:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3544 | iexplore.exe | 52.222.232.111:443 | d10lumateci472.cloudfront.net | Amazon.com, Inc. | US | unknown |
3544 | iexplore.exe | 104.75.88.126:443 | s7.addthis.com | Akamai Technologies, Inc. | NL | suspicious |
3544 | iexplore.exe | 18.66.107.225:443 | ds88pc0kw6cvc.cloudfront.net | Massachusetts Institute of Technology | US | unknown |
3544 | iexplore.exe | 142.250.184.195:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3544 | iexplore.exe | 104.18.30.182:80 | ocsp.comodoca.com | Cloudflare Inc | US | suspicious |
3544 | iexplore.exe | 139.45.197.236:443 | louchees.net | — | US | malicious |
Domain | IP | Reputation |
---|---|---|
www25.zippyshare.com |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.globalsign.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp2.globalsign.com |
| whitelisted |
d10lumateci472.cloudfront.net |
| whitelisted |
ds88pc0kw6cvc.cloudfront.net |
| whitelisted |
s7.addthis.com |
| whitelisted |
www.maxonclick.com |
| whitelisted |