URL: | https://protect-us.mimecast.com/s/UfXwCOY0mkh5EynGCv30EQ?domain=kvgo.com |
Full analysis: | https://app.any.run/tasks/c4e48800-5306-4942-a9c0-5004d760ef7d |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 13:23:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | E448D0C50EC73F82138A4248CA7541BE |
SHA1: | 63A4A3CA0789180DC02F79B8E4621B23D965E717 |
SHA256: | 926A07B08A204BAEA1BF0264AED56669D3E8C901FC42A2EE0AD8806A20B65E18 |
SSDEEP: | 3:N8TKRt2MdSD9VH/WLimTTVltZIn:2WpwTHOLfZIn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1416 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://protect-us.mimecast.com/s/UfXwCOY0mkh5EynGCv30EQ?domain=kvgo.com" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3000 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1416 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3000 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | der | |
MD5:5AA235614E07491B546686882C44846B | SHA256:8DE48B0F91139A9E0863256D72E7D5F19D99ADAAF206E7E04F7887377F6C797B | |||
1416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F | der | |
MD5:DF6DEECBA36F8D0AF53EAFA9C51AB1F7 | SHA256:60D1053BDE5FBCA23ED8976F1EABAEE9C4BB459D9C997E5A76BB2182EE916D98 | |||
1416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:877D0C1AF9CA8B6E596878CEBF114D29 | SHA256:6CB5DFD9A6281591CEABDA81613554611A79081288C56C5E1B9EFB9C5FAF254D | |||
3000 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | binary | |
MD5:5FA977E0AA59D44DC16B918C623430A5 | SHA256:694DB76916C034F6BFC079B483180DC6ED7ABF2D59F883728BCFD00A3A1D9826 | |||
1416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:790E40386A5478B54787C28956E029D7 | SHA256:2A14CA44FA89C53F53111C7CAAE9155A460FA162BD822CCEAF7B7F74B8390557 | |||
1416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:DCA01E6BF2E727FEB619E4A0C70C20A4 | SHA256:3272C216718A34FC950A9E4B469F687E1E988C92E6156C0CE1B2C1E42CE89B0C | |||
3000 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_35937E6267690664AABA0E7DC7439D5A | binary | |
MD5:79B8DD79A6988E95528007C6BD142F2B | SHA256:7A47DDC5331850FCF7EB613BB0C53CEBD19E8254DD54F666DC16E0A344C40C82 | |||
3000 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 | der | |
MD5:70D95E3307DD1636981EB98F22320529 | SHA256:4292EEE1FA677D4D2137F894A62ED35695C3FB8D66B080DEB5292C0B6B8A4783 | |||
3000 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | binary | |
MD5:64FC6835C205C5D6820F6E13DE16BC2A | SHA256:480D74ACBE388A85B004340E2A37DD59BA85CE57277E47603E71AA1D70FA01D8 | |||
3000 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_35937E6267690664AABA0E7DC7439D5A | der | |
MD5:A78FD1E4DA781568DD8D5F1BA08A04C2 | SHA256:DC7939453650FA3C860BF5DE50A604A7781956F9AFF664D36D9C4D84D68D797B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1416 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
3000 | iexplore.exe | GET | 200 | 108.156.0.115:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
3000 | iexplore.exe | GET | 200 | 23.216.77.69:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?572c7d76fd7c2d54 | US | compressed | 4.70 Kb | whitelisted |
3000 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAVSWvgmZgq3vcwzMS0%2BPKk%3D | US | der | 471 b | whitelisted |
3000 | iexplore.exe | GET | 200 | 108.156.0.231:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
1416 | iexplore.exe | GET | 200 | 23.216.77.69:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2e50a28c016993cb | US | compressed | 4.70 Kb | whitelisted |
1416 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3000 | iexplore.exe | GET | 200 | 108.156.0.14:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
3000 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
3000 | iexplore.exe | GET | 200 | 18.66.200.16:80 | http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEASEVgM%2BzfJA22%2FZw3jZ%2Fn8%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3000 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1416 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3000 | iexplore.exe | 205.139.111.12:443 | protect-us.mimecast.com | -Reserved AS-, ZZ | US | suspicious |
1416 | iexplore.exe | 23.216.77.69:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
3000 | iexplore.exe | 23.216.77.69:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
— | — | 192.168.100.2:53 | — | — | — | whitelisted |
1416 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3000 | iexplore.exe | 52.5.81.146:443 | kvgo.com | Amazon.com, Inc. | US | unknown |
— | — | 108.156.0.14:80 | ocsp.rootg2.amazontrust.com | — | US | whitelisted |
3000 | iexplore.exe | 3.229.225.75:443 | kvgo.com | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
protect-us.mimecast.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
kvgo.com |
| unknown |
crl3.digicert.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |