URL: | https://hello.userzoom.com/api/mailings/click/PMRGSZBCHIZTONRXGAZCYITVOJWCEORCNB2HI4DTHIXS65LTMVZHU33PNUXGK3TBMJWGS6BOMNXW2L3VONUGC4TFF43DIN3FHE3WGNJNGBRWIZJNGRSDSMRNHE2WCOJNG4YTANRTGM2DMOBVGUYD6YLUKNSW4ZDFOJEWIPLENBXWOYLOEU2DA5LTMVZHU33PNUXGG33NEIWCE33SM4RDUIRRGIZTIYZQHBSC2M3BHE4S2NBZGYZS2ODDHBRS2M3CGJSTANDEMJSTGNBWEIWCE5TFOJZWS33OEI5CENBCFQRHG2LHEI5CEM32KJJWMRSRLFJDK42HPIYWGT2KOJ3FINTZONGWKN2NL42VIOKENNYFOMSUNRMU66TOMM6SE7I= |
Full analysis: | https://app.any.run/tasks/c5441607-1543-45bb-8977-cae0e7a9a281 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 09:55:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 3DF62F28C058764F43A3CFCA31A21B17 |
SHA1: | 358F10EA255F6AAA1AFC27AAA3730E7C45997648 |
SHA256: | 8994C2EBBED37CB4661E7E74F4B2379C4E0DE0971B16CE82A37F7139DD78AEC9 |
SSDEEP: | 12:28q2Z3fmnG3HzttEXuKhZ1nKMvanxiuCztgiQSJ5n:2DE+nUBW5D1nKgaUgiQkn |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3540 | "C:\Program Files\Internet Explorer\iexplore.exe" https://hello.userzoom.com/api/mailings/click/PMRGSZBCHIZTONRXGAZCYITVOJWCEORCNB2HI4DTHIXS65LTMVZHU33PNUXGK3TBMJWGS6BOMNXW2L3VONUGC4TFF43DIN3FHE3WGNJNGBRWIZJNGRSDSMRNHE2WCOJNG4YTANRTGM2DMOBVGUYD6YLUKNSW4ZDFOJEWIPLENBXWOYLOEU2DA5LTMVZHU33PNUXGG33NEIWCE33SM4RDUIRRGIZTIYZQHBSC2M3BHE4S2NBZGYZS2ODDHBRS2M3CGJSTANDEMJSTGNBWEIWCE5TFOJZWS33OEI5CENBCFQRHG2LHEI5CEM32KJJWMRSRLFJDK42HPIYWGT2KOJ3FINTZONGWKN2NL42VIOKENNYFOMSUNRMU66TOMM6SE7I= | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3008 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3540 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3008 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab725A.tmp | — | |
MD5:— | SHA256:— | |||
3008 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar725B.tmp | — | |
MD5:— | SHA256:— | |||
3008 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 | der | |
MD5:65BE59C388C0FB8BD8E8FE798B95BE8E | SHA256:E8FC758B893CA0C9B1A4D1DDD14BC830A2455487089B34307EFB9F96B5719A3B | |||
3008 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 | der | |
MD5:8E7D3EFB01313E3007F38BE1219E1751 | SHA256:9E61938AFB6497D6FE9AE1AC66A919A85D92A6DB6C7762E8FB572A49A7B6A6A5 | |||
3008 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 | binary | |
MD5:AB2B79669C13B073366C9A232A9E6415 | SHA256:79DAC25FBB7EA8F318A0774FE543330C06B917ECEDE5A8B480C583CB2CC58F71 | |||
3008 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 | binary | |
MD5:29DAB08F65C18B2CB4860E90356E83DC | SHA256:F405698A3F1337E099169A6E019655566CA6CBBE35822C68D02F558760D3290D | |||
3008 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08 | der | |
MD5:BA4F3F81467A3DC2332CC7BF45A0EAEF | SHA256:B4F18425C72D033A765C4780C426223318B19AFA3699EC7880302E7FD24B4230 | |||
3008 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08 | binary | |
MD5:BC18AA552CA7A847691754CEAF13C553 | SHA256:E426242C55CC12F9818C31D11E5A5BA97F0FAE4F8310A66E659F27184ABB0EBC | |||
3008 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | — | |
MD5:— | SHA256:— | |||
3540 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3008 | iexplore.exe | GET | 200 | 216.58.205.227:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDy4NKedukSQwgAAAAAMgpY | US | der | 472 b | whitelisted |
3008 | iexplore.exe | GET | 200 | 216.58.205.227:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDy4NKedukSQwgAAAAAMgpY | US | der | 472 b | whitelisted |
3008 | iexplore.exe | GET | 200 | 72.247.178.58:80 | http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D | NL | der | 1.37 Kb | whitelisted |
3008 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D | US | der | 471 b | whitelisted |
3008 | iexplore.exe | GET | 200 | 216.58.205.227:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
3008 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D | US | der | 471 b | whitelisted |
3008 | iexplore.exe | GET | 200 | 216.58.205.227:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
3008 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D | US | der | 727 b | whitelisted |
3008 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D | US | der | 727 b | whitelisted |
3008 | iexplore.exe | GET | 200 | 72.247.178.80:80 | http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D | NL | der | 1.37 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3008 | iexplore.exe | 35.166.186.97:443 | hello.userzoom.com | Amazon.com, Inc. | US | unknown |
3008 | iexplore.exe | 72.247.178.80:80 | isrg.trustid.ocsp.identrust.com | Akamai International B.V. | NL | whitelisted |
3008 | iexplore.exe | 151.139.128.14:80 | ocsp.usertrust.com | Highwinds Network Group, Inc. | US | suspicious |
3008 | iexplore.exe | 172.217.22.74:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3008 | iexplore.exe | 54.85.124.148:443 | userzoom.enablix.com | Amazon.com, Inc. | US | unknown |
3008 | iexplore.exe | 72.247.178.58:80 | isrg.trustid.ocsp.identrust.com | Akamai International B.V. | NL | whitelisted |
3008 | iexplore.exe | 216.58.205.227:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3540 | iexplore.exe | 54.85.124.148:443 | userzoom.enablix.com | Amazon.com, Inc. | US | unknown |
3008 | iexplore.exe | 52.222.158.11:443 | asset-cdn.enablix.com | Amazon.com, Inc. | US | suspicious |
3008 | iexplore.exe | 172.217.22.35:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
hello.userzoom.com |
| suspicious |
isrg.trustid.ocsp.identrust.com |
| whitelisted |
userzoom.enablix.com |
| unknown |
ocsp.usertrust.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |