URL: | https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.getresponse.com%2Fsite2%2F646453255995eb03fd5bb4586452ee27%2F%3Fu%3DQX1hT%26webforms_id%3DhLSX3&data=04%7C01%7CTSlusher%40tennant-risk.com%7C3cf84343e2c24b73916b08d9df41d86a%7C43537b5b887e4f34a77484119940a508%7C0%7C0%7C637786296172203080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0e%2Ffzqo8VFixIZ3DQPEd1xl4m6vuuEViBYSqWFVm3CE%3D&reserved=0 |
Full analysis: | https://app.any.run/tasks/2fe3571b-7bf4-4c7e-a355-819153ce5e07 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 15:31:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 9BC4F16130B279EA426818875FC6ACAE |
SHA1: | E3F9167B4BEE81CD7CA2CB1535637F0D30F204EB |
SHA256: | 99FA5861BA7060E5B76D841C882B205FF99D442FE6BB0B6C0EA8CABAF4067154 |
SSDEEP: | 12:2H5qxWCcm2h8KujH+AVMdHqKP7RDqbJzmM:2H5qom2qzNMdRP7bM |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3204 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.getresponse.com%2Fsite2%2F646453255995eb03fd5bb4586452ee27%2F%3Fu%3DQX1hT%26webforms_id%3DhLSX3&data=04%7C01%7CTSlusher%40tennant-risk.com%7C3cf84343e2c24b73916b08d9df41d86a%7C43537b5b887e4f34a77484119940a508%7C0%7C0%7C637786296172203080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0e%2Ffzqo8VFixIZ3DQPEd1xl4m6vuuEViBYSqWFVm3CE%3D&reserved=0" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2684 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3204 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2F23D0F5E4D72862517E1CB26A329742_F6FACC49395CFA949BCE851E73323C49 | binary | |
MD5:4BEB001EFC3387DDB2ED8CBC4406DAEB | SHA256:F722AFB9942EB3B8DE699E66F2DFCF353F01410C28ABFF8F7F0E4B273F19CD99 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2F23D0F5E4D72862517E1CB26A329742_F6FACC49395CFA949BCE851E73323C49 | der | |
MD5:DAC4619E319FD2C836D2FCEB1542D665 | SHA256:B715BCE5A46505ECF3DF445B5427EBFCD74279271DA1F019C2CAC521D56B8EA3 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | binary | |
MD5:A36BACADDC974EFFBF83C8370653B866 | SHA256:364A3E0F367FF0974CFFB860D318C083E2530A17645A8E372A844F27C82F40BD | |||
2684 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\646453255995eb03fd5bb4586452ee27[1].htm | html | |
MD5:96ECA49808C1BED480737787AFD397D8 | SHA256:E2BE3D72EAA1E7629691DAE1A925C7ADEAA12FEDF4DDF05BB8917A904DD69A9B | |||
2684 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D | binary | |
MD5:F1BF24C0EC80B8B67A431A7ACBDC7DFA | SHA256:93DE8905CC3ACA8806650CEABCDE837B77C0BA7B0827466FB8D233E9B2984CA9 | |||
3204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:BFA5E651D39B44CD06ABCC156D6A69E7 | SHA256:46FBAADA2E9C73D29DA552B4B8664D83C38BF8849F3AFBBA17905E0D2CAF6DA2 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\IK4J2AUE.txt | text | |
MD5:4BB7A821FB731A656312B6E046604215 | SHA256:7A2646E315C04C87B41BB50DFE04299258305DA1930002EA8299AA916CE24990 | |||
3204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:6DCF97C9166DD6428B1573AC2F04A109 | SHA256:FB2A63070880F812D5C75F172F9487F9773BFC5A11697496671A7374635F2307 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D | der | |
MD5:3DBA8BD3D1C5586D7B6C88E9865CC72B | SHA256:BE214107A441DCCC82553116726922B4A19BB0D32DDD965E83FD15FFC90AD9F8 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3204 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2684 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
2684 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAGewca9P1l7sgwzOOVR2Hc%3D | US | der | 471 b | whitelisted |
2684 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
2684 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCB889K641wGP | US | der | 1.74 Kb | whitelisted |
3204 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5ece1ce4496c7b8b | US | compressed | 4.70 Kb | whitelisted |
3204 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?827d66014578e129 | US | compressed | 4.70 Kb | whitelisted |
3204 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3204 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3204 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2684 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3204 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2684 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
3204 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2684 | iexplore.exe | 104.47.46.28:443 | nam04.safelinks.protection.outlook.com | Microsoft Corporation | US | whitelisted |
2684 | iexplore.exe | 104.160.64.9:443 | app.getresponse.com | GETRESPONSE | US | suspicious |
2684 | iexplore.exe | 104.47.45.28:443 | nam04.safelinks.protection.outlook.com | Microsoft Corporation | US | whitelisted |
— | — | 204.79.197.200:443 | ieonline.microsoft.com | Microsoft Corporation | US | whitelisted |
— | — | 205.185.216.42:443 | us-as.gr-cdn.com | Highwinds Network Group, Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
nam04.safelinks.protection.outlook.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
app.getresponse.com |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |
us-as.gr-cdn.com |
| whitelisted |
us-ms.gr-cdn.com |
| suspicious |
iecvlist.microsoft.com |
| whitelisted |