URL: | https://dood.so/e/6mq9aya4luvp1ntnkstitsbcbyzutun5 |
Full analysis: | https://app.any.run/tasks/2f85fcee-43c3-4c3d-ac74-5586d0e747ce |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 08:48:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 00F829543D1BEC117D09193059EF90FF |
SHA1: | 0D86F61401F569A0D29D250E014CA4202A2B8118 |
SHA256: | 9B8A4DEF2FD6AFC3DBF123032D2B29D5B6C1D33C275A94A42EF4B746414CB624 |
SSDEEP: | 3:N8SAWmDj+LtOMHGZP:2SiDgtOGGZP |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2812 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://dood.so/e/6mq9aya4luvp1ntnkstitsbcbyzutun5" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2132 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2812 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2812 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:B8502B0648293322B766BDE119435ADD | SHA256:2F9CB4863A86CDA67E2C02EF7C60C419D9436B1AE64A1AFE584D2A5F915E8A55 | |||
2812 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
2132 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:308336E7F515478969B24C13DED11EDE | SHA256:889B832323726A9F10AD03F85562048FDCFE20C9FF6F9D37412CF477B4E92FF9 | |||
2812 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:2232627DB4A5E856F3BC0D3E5B8D9D9E | SHA256:040579DA7AD446E376B233B9AC1E558476FA9842623D4EF73C8498C4B451A0C6 | |||
2132 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabFE28.tmp | compressed | |
MD5:308336E7F515478969B24C13DED11EDE | SHA256:889B832323726A9F10AD03F85562048FDCFE20C9FF6F9D37412CF477B4E92FF9 | |||
2132 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:E2FEDD731D1C89AD08B4F9A00F5637B6 | SHA256:0895694878581FC770CE554063D579E0781B8D184C01A6A7F815BA5B3B839F9E | |||
2132 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | der | |
MD5:EC8FF3B1DED0246437B1472C69DD1811 | SHA256:E634C2D1ED20E0638C95597ADF4C9D392EBAB932D3353F18AF1E4421F4BB9CAB | |||
2132 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A31D548E330552A22CB7580175373AC1 | binary | |
MD5:3D76CB9346F618A5CC277BE14A46EB4B | SHA256:4C2A6D200E4F0E01895C990EE025081933CA981BDB536F7DCABF112DF9BB5D9B | |||
2132 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | binary | |
MD5:0946215B940A561BDFA407AC573EF788 | SHA256:6F1710F49DC73C3BC492DD448030D6E52BEA3A39FB93EBED0D2854EC49904C7A | |||
2812 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:8006B7B7672AA3589CE7000870D159E5 | SHA256:760761016FD3F89ACB3DC8727D6B43B10D15581A24DA6C020A5FD4253C0821B3 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2132 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a78cd4bf8ebd678b | US | compressed | 60.0 Kb | whitelisted |
2812 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2132 | iexplore.exe | GET | 200 | 23.45.105.185:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
2812 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33b11c7597997c36 | US | compressed | 4.70 Kb | whitelisted |
2812 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2132 | iexplore.exe | GET | 200 | 184.24.77.65:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSc%2BPzvp%2FF8JXvRmHGrg4%2FBLw%3D%3D | US | der | 503 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2812 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2132 | iexplore.exe | 190.115.31.133:443 | dood.so | DANCOM LTD | BZ | unknown |
2132 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2812 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2812 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2812 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2132 | iexplore.exe | 23.45.105.185:80 | x1.c.lencr.org | Akamai International B.V. | NL | unknown |
2132 | iexplore.exe | 184.24.77.65:80 | r3.o.lencr.org | Time Warner Cable Internet LLC | US | unknown |
Domain | IP | Reputation |
---|---|---|
dood.so |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
dns.msftncsi.com |
| shared |