URL: | http://funny-nine-toy.glitch.me |
Full analysis: | https://app.any.run/tasks/c6eb6768-6f6d-4478-a9b5-1f7cd452ac7e |
Verdict: | Malicious activity |
Analysis date: | January 25, 2022, 03:56:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 56D74976671CEC577056BBC42FA39BE8 |
SHA1: | F08992107D43B1456603B18CAF8E3AC736FC683A |
SHA256: | 91E15109AAF9F8E6A80071B21052F29E722A3E0CE2372896CCFA990102340679 |
SSDEEP: | 3:N1KYUu3A9:CYUGy |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2824 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://funny-nine-toy.glitch.me" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3176 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2824 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30937503 | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30937503 | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2824) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3176 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\HJ0G948S.htm | text | |
MD5:971F28DD59E592B03CF80F7C772FDC11 | SHA256:71D1EBDCF54FC82DE25DB7B20D78DB1BB84043E7965A7AB4C91A0DA57EE05CDA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2824 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2824 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d85cd64283bf8617 | US | compressed | 4.70 Kb | whitelisted |
3176 | iexplore.exe | GET | 200 | 3.234.98.145:80 | http://funny-nine-toy.glitch.me/ | US | text | 12 b | shared |
2824 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?827d66014578e129 | US | compressed | 4.70 Kb | whitelisted |
2824 | iexplore.exe | GET | 404 | 3.234.98.145:80 | http://funny-nine-toy.glitch.me/favicon.ico | US | html | 150 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2824 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2824 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2824 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3176 | iexplore.exe | 3.234.98.145:80 | funny-nine-toy.glitch.me | — | US | suspicious |
2824 | iexplore.exe | 3.234.98.145:80 | funny-nine-toy.glitch.me | — | US | suspicious |
Domain | IP | Reputation |
---|---|---|
funny-nine-toy.glitch.me |
| shared |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Misc activity | ET INFO Suspicious Glitch Hosted DNS Request - Possible Phishing Landing |
3176 | iexplore.exe | Misc activity | ET INFO Suspicious Glitch Hosted GET Request - Possible Phishing Landing |