URL: | https://niiconsulting.com |
Full analysis: | https://app.any.run/tasks/7728289f-d140-4c11-81b2-7b727aefbb2e |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 07:28:57 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 5D523D834ACD1E4D0197B41BE88A7612 |
SHA1: | 6CCF6B47A6F770880F74B19348DE6E369F731AC2 |
SHA256: | 9983927405EB10DAF0E6540F2AF74D18E93B7E2987A22DAF577BF9DFA11190DE |
SSDEEP: | 3:N8yMJRZLGT:2ytT |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2944 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://niiconsulting.com" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3112 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2944 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3112 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\JRSGT4DX.htm | html | |
MD5:ED2CAA960FC9328A9F72B7971162277E | SHA256:5DEB1D7416D1874D60532836E0DBD6C86D015496E824AD2F96E588A0A4DBAA1A | |||
3112 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:DA759398C2F4D019360D3A64F2D4F585 | SHA256:BD4EAD707936020F1BE3290D9543A9939ECC2CE0A8CF2DEFFA1D302E54FFE699 | |||
2944 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | binary | |
MD5:2FC6861C3C0901AA90871F843EFBF188 | SHA256:C9FFAB3BE3D0B528129BC143711DEC90B8BF73D93E326552434968E8695F4FE3 | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\Picture1[1].png | image | |
MD5:9231ACF909A4124FDCE7E4461C31CBD9 | SHA256:A5A4A076CB5809FE79A23B660F57E477E50629725E275DB896740C16B688CF8B | |||
2944 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
3112 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | binary | |
MD5:321FFE45598CCC05034F3008DE811BC8 | SHA256:39D2C0FB01762137F6D53F9D08CA31DA10A5CF3C1A0144D81FE17A64EA91A2B0 | |||
2944 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:1A787593288F56A96CCCE156191FB209 | SHA256:B4FC41E18BABAE1ACF0AF674E9815146DFB1B12130CF456211CC0FD2FF69F666 | |||
3112 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | der | |
MD5:AA6C1B3D503B045E9918EAC50C2859E2 | SHA256:73E09C0D82004EDBB527F9767BB02481AD1D2814E0B913229084F6A5DF775B06 | |||
2944 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:6A9C9AAAD47A858879A5655B175825C8 | SHA256:556C28AE4E43812B99A48D14E20D647BC6AF0F293429E3613C1ABCFBD249C16F | |||
3112 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\2018-03-01-WordPress-Supply-Chain-Attacks1[1].png | image | |
MD5:C97155E167DD3ED85C7DE5D6DAA5162D | SHA256:1305E41F129737F74D3100F192C85728B1A4BD1FE18B3DDC8BD2B944053A38A8 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3112 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
2944 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
3112 | iexplore.exe | GET | — | 172.217.169.131:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEBJBetlj4ZeUEqggpI8HVMI%3D | US | — | — | whitelisted |
2944 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ec9037d63de0d4ca | US | compressed | 4.70 Kb | whitelisted |
3112 | iexplore.exe | GET | 200 | 172.217.169.131:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
3112 | iexplore.exe | GET | 200 | 216.58.214.131:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDcThR%2BKEYP2BK026EbsM6F | US | der | 472 b | whitelisted |
3112 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3112 | iexplore.exe | GET | 200 | 18.66.137.10:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
3112 | iexplore.exe | GET | 200 | 216.58.214.131:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEB%2Fvu3PmotRDEvKn%2FiRyWpo%3D | US | der | 471 b | whitelisted |
3112 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2944 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
2944 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
3112 | iexplore.exe | 188.114.97.3:443 | www.niiconsulting.com | CLOUDFLARENET | NL | malicious |
2944 | iexplore.exe | 131.253.33.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3112 | iexplore.exe | 166.62.10.188:443 | niiconsulting.com | AS-26496-GO-DADDY-COM-LLC | SG | suspicious |
3112 | iexplore.exe | 142.250.187.106:443 | fonts.googleapis.com | GOOGLE | US | whitelisted |
3112 | iexplore.exe | 192.124.249.36:80 | ocsp.godaddy.com | SUCURI-SEC | US | suspicious |
— | — | 188.114.97.3:443 | www.niiconsulting.com | CLOUDFLARENET | NL | malicious |
3112 | iexplore.exe | 172.217.17.136:443 | www.googletagmanager.com | GOOGLE | US | whitelisted |
— | — | 172.217.17.206:443 | www.googleoptimize.com | GOOGLE | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
niiconsulting.com |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.niiconsulting.com |
| malicious |
www.googletagmanager.com |
| whitelisted |
www.googleoptimize.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3112 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3112 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |