URL: | https://protect2.fireeye.com/v1/url?k=1df77e58-4357d095-1df01316-866132fe445e-1ad782485af73671&q=1&e=d76b0738-d642-4d72-9b9f-021a856cbc85&u=http%3A%2F%2Ffs.com%2F |
Full analysis: | https://app.any.run/tasks/4192d6e9-78bc-480a-8d56-aee2db9aa0db |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 12:32:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | A8DE2D92F771F4F236A27D71C3A67C74 |
SHA1: | B83BF5206C09F6C628779EB9594463991B1FC939 |
SHA256: | 911091842A714DD0566C06DBF697D9E402CC026063A2B05F25B31D57054A2933 |
SSDEEP: | 3:N8TKRtbClcA2IUKQXpvwW143DxJSUDU5cYkT1itXoK4T29RVAWJsXjKLGMz:2WbClEpLXp4WQxcUI5KwldzV9szKyk |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2520 | "C:\Program Files\Internet Explorer\iexplore.exe" https://protect2.fireeye.com/v1/url?k=1df77e58-4357d095-1df01316-866132fe445e-1ad782485af73671&q=1&e=d76b0738-d642-4d72-9b9f-021a856cbc85&u=http%3A%2F%2Ffs.com%2F | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1860 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2520 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1860 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab8789.tmp | — | |
MD5:— | SHA256:— | |||
1860 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar878A.tmp | — | |
MD5:— | SHA256:— | |||
2520 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1860 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2ODGGGB.txt | — | |
MD5:— | SHA256:— | |||
1860 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | der | |
MD5:8376CAEE9EABB8F82F26769CFA00735D | SHA256:0C4E0B87F84B1665D15754DDF1A31CFDC1DD8B2E3DF7922D1E55B0F2AE2928F5 | |||
1860 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_886B4C951F156443F8434328CB32DEBC | binary | |
MD5:C78422D1FDBBAA8B943D66820CB5000B | SHA256:4B04F150041D81C63C9E616E3993EC2ED192635787A22655129C23F22D74BC01 | |||
1860 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\swiper-sweetalert2[1].css | text | |
MD5:FBCD764D2C794A3A6404B770D042E1F1 | SHA256:7EDC4299017070AE4317A81D74F6B49A5E442FEF007416AF81AA1AAFA2A73121 | |||
1860 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\new_index[1].css | text | |
MD5:3918FD23FF9F57E3671DCF193415D398 | SHA256:CCFEE21CDB6334DC60448AB7597213B94B0DA4FF8D219CB42CD85993CD17C7A3 | |||
1860 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5887976EDAA817EEF5159B09F6FCD000_07B843FEFB517FE07CD42016BB64A769 | binary | |
MD5:1401EEE5BE42A7E7E802639BF0945DCB | SHA256:49E9940FC1A4491B4E8CE163D579EF755565E09440207C9424BA7DE89FEE774B | |||
1860 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\0N5KY8HW.txt | text | |
MD5:5EB2C129E0E4597EC73E1F45D197E7EA | SHA256:AE23D1B540A47D05915EB549D5312CB913928D8CAA33C7D2C099847F6758F665 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1860 | iexplore.exe | GET | 200 | 143.204.208.127:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
1860 | iexplore.exe | GET | 200 | 143.204.208.127:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
1860 | iexplore.exe | GET | 200 | 143.204.208.127:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
1860 | iexplore.exe | GET | 200 | 142.250.74.195:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDqXuNQ97mPtAIAAAAAektt | US | der | 472 b | whitelisted |
1860 | iexplore.exe | GET | 200 | 142.250.74.195:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDqXuNQ97mPtAIAAAAAektt | US | der | 472 b | whitelisted |
1860 | iexplore.exe | GET | 200 | 142.250.74.195:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDM8p7YwCDvUCAAAAABXoPk%3D | US | der | 471 b | whitelisted |
1860 | iexplore.exe | GET | 200 | 143.204.208.108:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
1860 | iexplore.exe | GET | 200 | 143.204.208.48:80 | http://s.ss2.us/r.crl | US | der | 434 b | whitelisted |
2520 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
1860 | iexplore.exe | GET | 200 | 142.250.74.195:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2520 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1860 | iexplore.exe | 143.204.206.106:443 | img-en.fs.com | — | US | unknown |
1860 | iexplore.exe | 47.246.43.226:443 | www.fs.com | — | US | malicious |
1860 | iexplore.exe | 52.88.166.186:80 | fs.com | Amazon.com, Inc. | US | unknown |
1860 | iexplore.exe | 162.159.246.125:443 | protect2.fireeye.com | Cloudflare Inc | — | suspicious |
1860 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1860 | iexplore.exe | 216.58.212.136:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
1860 | iexplore.exe | 142.250.74.195:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
1860 | iexplore.exe | 95.100.181.51:443 | secure.livechatinc.com | Akamai Technologies, Inc. | — | unknown |
1860 | iexplore.exe | 143.204.208.127:80 | o.ss2.us | — | US | malicious |
Domain | IP | Reputation |
---|---|---|
protect2.fireeye.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
fs.com |
| unknown |
www.fs.com |
| malicious |
img-en.fs.com |
| unknown |
www.googletagmanager.com |
| whitelisted |
o.ss2.us |
| whitelisted |
ocsp.pki.goog |
| whitelisted |