URL: | https://na1.documents.adobe.com/public/esign?tsid=CBFCIBAA3AAABLblqZhBiqMIaI0od3znaFDqzdiOn968PapECYTDpWr5cGUhB8F85g6PH_upsqtBP-wHaeSjuSLzfKW2tx-JQ47WjKsdM& |
Full analysis: | https://app.any.run/tasks/141ce90b-4166-4796-a616-1fce9f80ce54 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 07:33:25 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | F2C87EE7BBA7341AAA5F2648031725E6 |
SHA1: | 8DF66BDA754310205FE63964A77C0011928341A7 |
SHA256: | 9ED985D1D5E7C70C7D82C792DC774861BB86E3344B5D81C4442CE6C9F77210E7 |
SSDEEP: | 3:N81ALR7xtVQHJ/wAvmIjkup01vFEY9fcojcETSgt8ULn2owhrIs0cZc:21ALTQHJ3RYum1vyY9dPSgtFLn2/rH0T |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1752 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://na1.documents.adobe.com/public/esign?tsid=CBFCIBAA3AAABLblqZhBiqMIaI0od3znaFDqzdiOn968PapECYTDpWr5cGUhB8F85g6PH_upsqtBP-wHaeSjuSLzfKW2tx-JQ47WjKsdM&" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3624 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1752 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (1752) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (1752) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (1752) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30988428 | |||
(PID) Process: | (1752) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (1752) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30988428 | |||
(PID) Process: | (1752) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (1752) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (1752) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (1752) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (1752) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3624 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | der | |
MD5:E1817D34D647D15C961327938AA58C4A | SHA256:CA2D2DB19D9A688484F592397EBC22270DC2B6F653C583B8DFDF27CFF24E0E07 | |||
3624 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | binary | |
MD5:37DF02FC13F2A80EC61217F3D183110A | SHA256:B31F9366814E070FC184E2E375DDCBED6212F27F55020B2F54F26878F4727169 | |||
3624 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\esign[1].htm | html | |
MD5:835107A9F33F2F1AC7A7D48403F9C8FD | SHA256:31A945544208B06C1184FBE36943A000673CA36D8BEF4199F46048AD16B6B0DB | |||
1752 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:6A9C9AAAD47A858879A5655B175825C8 | SHA256:556C28AE4E43812B99A48D14E20D647BC6AF0F293429E3613C1ABCFBD249C16F | |||
1752 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:3FD04A4DB42E9CC2E18C6A4726BDB64B | SHA256:E231D0A5E5671AEFE1512D062C528B99567FA12CD88AF34D2E0943C5968B81FC | |||
3624 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_FE3F4CB4186976D2A2B2C46C64698C03 | der | |
MD5:5C7089FDF13D01271BB0F2D0A50155CF | SHA256:59975B3EE3DD08058C69C40D977DA7345878C8172D1A29C68A2523D83AF944C0 | |||
3624 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_251B287C0C8BD79E597872CE90D96BD2 | binary | |
MD5:BE0ACAD4B8DFCFE282863CD040D5F3FD | SHA256:260AB3D267983188BAB8C2EA4EE1958BD006296F440ABC3326382A8D7FE3E1E1 | |||
1752 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | binary | |
MD5:2753248A471E4A9648EB6EE51875432C | SHA256:D01F5F667DDD356258ED116B743F8F442BCF54D224325B2A604DE22BB194F2E4 | |||
3624 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\esignJS[1].css | text | |
MD5:B67CE8ADF724558414D70D567E7DF89D | SHA256:80765AE9168605765FA1DEC60E06865FDF15F370458B170759269B930BDE36BB | |||
3624 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\privacy.min[1].js | text | |
MD5:45E16BC82359B52687F5B5D097D5AA12 | SHA256:21C11E318B281A53414E41AB0C58230465456CC05D24B515C87DB4FDD8A6BA6A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3624 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAFcCNwiqqzGr0S25a2iTDw%3D | US | der | 471 b | whitelisted |
3624 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
3624 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
3624 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEA5HvuzM8tYPO45X%2FiSGj20%3D | US | der | 471 b | whitelisted |
1752 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
3624 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3624 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEA8SS204AU0V7RwfjlLyRTc%3D | US | der | 471 b | whitelisted |
1752 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3624 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D | US | der | 471 b | whitelisted |
3624 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAluWvAdxhD7DNM77mH2T5w%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1752 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
1752 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
1752 | iexplore.exe | 8.248.115.254:80 | ctldl.windowsupdate.com | LEVEL3 | US | suspicious |
3624 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
3624 | iexplore.exe | 52.71.63.230:443 | na1.documents.adobe.com | AMAZON-AES | US | unknown |
3624 | iexplore.exe | 184.24.77.156:443 | use.typekit.net | Akamai International B.V. | DE | suspicious |
3624 | iexplore.exe | 2.21.20.204:443 | www.adobe.com | Akamai International B.V. | DE | malicious |
3624 | iexplore.exe | 104.16.149.64:443 | cdn.cookielaw.org | CLOUDFLARENET | — | unknown |
— | — | 184.24.77.154:443 | p.typekit.net | Akamai International B.V. | DE | unknown |
3624 | iexplore.exe | 162.125.66.18:443 | www.dropbox.com | DROPBOX | DE | suspicious |
Domain | IP | Reputation |
---|---|---|
na1.documents.adobe.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
secure.na1.echocdn.com |
| whitelisted |
www.adobe.com |
| whitelisted |
use.typekit.net |
| whitelisted |
cdn.cookielaw.org |
| whitelisted |
geolocation.onetrust.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3624 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY Dropbox.com Offsite File Backup in Use |