URL: | https://burtrans.slab.com/posts/bur-trans-incorporated-shared-document-6weg3v4n |
Full analysis: | https://app.any.run/tasks/293829b1-ae12-481c-953c-f5bc0b26f27c |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 19:22:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 1676A501729B75709DBF70DD9E81D640 |
SHA1: | EF3C57667AB3FBCA21D1FE915E9CC826DFC31BFB |
SHA256: | 9D5611E811555399196EDD305A1289D64014CA62423324CB6DE5530AB70CD9E4 |
SSDEEP: | 3:N8DiiJvGVKRKHCsXCK/Y8A+7uRd2n:2DiiJvGgRKFSKA8ia |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2824 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://burtrans.slab.com/posts/bur-trans-incorporated-shared-document-6weg3v4n" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
532 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2824 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2824 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
2824 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:D0FB92834A9E3475A0B21EBA24709ADA | SHA256:9757D77D7589C62C3F87F006CBD12CD01A8EE7FB2E34DFBFD98830352325096B | |||
2824 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:71A1946D3A0457CF827DE000FC08EBFB | SHA256:54856C69C9098D4B412BE02A22FE58F927C16FD9550CFD7FB8E411736B0A470B | |||
532 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\LogRocket.min[1].js | text | |
MD5:413A0B28A5999B2FF85C7DFFBD26BFB4 | SHA256:A0CFB30D3EBED993F1691ED460BA280414F75FF4939F20E43B33B822BF5340BE | |||
532 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F | der | |
MD5:E1EAE72E3715286294FAE5B772B54D91 | SHA256:CDF348AD50D67BDDAA3E15E75B24A792DBCF8A8C72519F12C357A96FAF381C03 | |||
532 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar4E10.tmp | cat | |
MD5:D99661D0893A52A0700B8AE68457351A | SHA256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003 | |||
532 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\sentry-44d710c8e6a61b09933445270893364b[1].js | text | |
MD5:1B70287C8BE04EC2D402B71E4BE746B5 | SHA256:E505DA4EC1D49EF3FB16408B759A4A62AFFF8DFC68E49B277E6C234C0F46B8D1 | |||
532 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:2C4F20F6239EAF9F0A9DC71D9E6035B8 | SHA256:1F83604EE471CDF71EF5FF5BAD11B25CEBF5128849898C1FB648567AF7BAB99F | |||
532 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\internal-8ffec3d1e97efbf31b69934aaaf2b4a9[1].css | text | |
MD5:8FFEC3D1E97EFBF31B69934AAAF2B4A9 | SHA256:51EBCFF9E77FA27472938F34E49A1403C6478082AB04F409EB6DD4BF95E6E887 | |||
532 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:6632A1BE79D389627FC9B119D6D2752F | SHA256:52465AA48CD2B3764852343B012AB55554878755353FB6879B6EF62D869C3AE2 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
532 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.68 Kb | whitelisted |
532 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
2824 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D | US | der | 471 b | whitelisted |
2824 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
532 | iexplore.exe | GET | 200 | 23.45.105.185:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
2824 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2824 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?aca855439deafb4e | US | compressed | 4.70 Kb | whitelisted |
532 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0e48d37b6d95226d | US | compressed | 59.9 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
532 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
532 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2824 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2824 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
532 | iexplore.exe | 104.17.234.61:443 | burtrans.slab.com | Cloudflare Inc | US | unknown |
532 | iexplore.exe | 185.59.220.18:443 | cdn.headwayapp.co | Datacamp Limited | DE | suspicious |
532 | iexplore.exe | 104.17.235.61:443 | burtrans.slab.com | Cloudflare Inc | US | unknown |
2824 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 172.67.163.57:443 | cdn.lr-ingest.io | — | US | malicious |
532 | iexplore.exe | 172.67.163.57:443 | cdn.lr-ingest.io | — | US | malicious |
Domain | IP | Reputation |
---|---|---|
burtrans.slab.com |
| suspicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
cdn.slab.com |
| whitelisted |
cdn.headwayapp.co |
| whitelisted |
cdn.vitally.io |
| whitelisted |
cdn.lr-ingest.io |
| whitelisted |