URL: | https://www.relive.cc |
Full analysis: | https://app.any.run/tasks/b2b3c46d-611d-4a7a-9211-953d0c9ef8b0 |
Verdict: | Malicious activity |
Analysis date: | July 13, 2020, 05:58:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | F699923460CBA4338890119C22BBE5F8 |
SHA1: | 7B4175422080E6FA665185C386BA338B85BE3BB8 |
SHA256: | 9D3C6F5B12A7DBF3283827CEE9E51C0966D233042AB70D9AC28070B6B28B54B0 |
SSDEEP: | 3:N8DSLQVLR:2OLQVLR |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1248 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.relive.cc | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1296 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1248 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1296 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabBF99.tmp | — | |
MD5:— | SHA256:— | |||
1296 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarBF9A.tmp | — | |
MD5:— | SHA256:— | |||
1296 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | binary | |
MD5:1D731A3CA7A1A21548A2394C326EA91C | SHA256:DF170F188BADAD21DF7906960F3B234BC1E1F99D07043A7EF3AA13D092B1879A | |||
1296 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 | binary | |
MD5:FD282E23FDF57EAD771D987DD386E975 | SHA256:F80C80F51A468ADFBE2B11CF7994BEB7D4D85FEEC91A455567A230137D895732 | |||
1296 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | binary | |
MD5:DDAC0DBB12B0B4610F83A07C482517E9 | SHA256:F930AAC734F2ECBA7ACC2A58B2A2DF384D32B151480753A79822830D55F6036C | |||
1296 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 | der | |
MD5:954B8ADE34D4A9CA300627E639B9E400 | SHA256:ABFC11AFB04E65345930F73A5175E0DC6B11EBC5E8D240A7A62B6F477EE9F414 | |||
1296 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | der | |
MD5:17FB9A80A3710FE5A2C88AC040CCAA09 | SHA256:26D4E719DC863A76E46AD87F2FFCACE30C3481263800AB4C033E6E9667C78584 | |||
1296 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | der | |
MD5:7C0DF34921DBFAAA29B4B84B749CBE43 | SHA256:CFACEE64FDE230B7FDB3E9FC706D3371C375A11BD5CB99DF0722DF6C63F48EC4 | |||
1296 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | der | |
MD5:2D60A05B2F404217FDE5C78188660182 | SHA256:EC684AC47217D97F71C4B509F7B0D41E2CF751802ACFF6E3051B481EF6E422C8 | |||
1296 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\app[1].css | text | |
MD5:0B0F9AC7F909F7A02BDDBAE401711508 | SHA256:005752DE0E4C5D30E6DCF072D1E0685CB9F88FF598166B0CFBD817F7B74DDFDD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1296 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
1296 | iexplore.exe | GET | 200 | 143.204.208.173:80 | http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEA5nElH8Jr6BbPfpS4eUqJs%3D | US | der | 471 b | whitelisted |
1296 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDRWV%2BNyD7WkwIAAAAAbwew | US | der | 472 b | whitelisted |
— | — | GET | 200 | 143.204.208.127:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
— | — | GET | 200 | 13.35.253.185:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
1296 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEAar2mu0dHehCAAAAABH74o%3D | US | der | 471 b | whitelisted |
1296 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEAar2mu0dHehCAAAAABH74o%3D | US | der | 471 b | whitelisted |
1296 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDCBDbuX62tRAgAAAABvB68%3D | US | der | 471 b | whitelisted |
1296 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
1296 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDCBDbuX62tRAgAAAABvB68%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1296 | iexplore.exe | 172.217.18.99:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
1296 | iexplore.exe | 172.217.23.99:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
1296 | iexplore.exe | 209.197.3.15:443 | maxcdn.bootstrapcdn.com | Highwinds Network Group, Inc. | US | whitelisted |
1296 | iexplore.exe | 216.58.210.10:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
1296 | iexplore.exe | 151.139.128.14:80 | ocsp.usertrust.com | Highwinds Network Group, Inc. | US | suspicious |
1296 | iexplore.exe | 99.86.1.26:443 | www.relive.cc | AT&T Services, Inc. | US | unknown |
— | — | 13.35.253.198:80 | ocsp.rootg2.amazontrust.com | — | US | whitelisted |
1296 | iexplore.exe | 216.58.212.163:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
— | — | 143.204.208.127:80 | o.ss2.us | — | US | malicious |
— | — | 13.35.253.185:80 | ocsp.rootg2.amazontrust.com | — | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.relive.cc |
| malicious |
o.ss2.us |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
maxcdn.bootstrapcdn.com |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
player.vimeo.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .cc TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .cc TLD |