URL: | http://wufv.pl/h.png |
Full analysis: | https://app.any.run/tasks/64f51230-c791-4920-b16f-fb01650870ca |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 17:32:09 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 5B27FDFA2844B0CF99A0F2B3D63216F3 |
SHA1: | 762C373EC8B445205B19B8A9607042753A0BF91D |
SHA256: | A10EC6813557AEA9989160D6D26348AD3FF1F2992D08C3472A5245BB9FC5FFCE |
SSDEEP: | 3:N1KJQz2NLhC:CeaNA |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2956 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://wufv.pl/h.png" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1176 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2956 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2412 | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 3221225786 Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) Modules
| |||||||||||||||
1856 | "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe" | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell ISE Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) Modules
| |||||||||||||||
3324 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | — | PowerShell_ISE.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Pen and Touch Input Component Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2928 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | PowerShell_ISE.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Pen and Touch Input Component Exit code: 24 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2956 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:5E323CE29429E9CDAB2B966726142456 | SHA256:997176B03720AFF5081BF42F662A2E8DEA620141C6FEED16B0CF2C508E248C0C | |||
2956 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:290A85BD3E7285CDEDA1602A9E12A7DF | SHA256:17AE86541BE373B2DB8A4B77D7E7626966637E5A6052F290A3B598A56F5123C9 | |||
2956 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\6ID7OATZ.txt | text | |
MD5:0AFD5C7D2E16BE7FD097572F51C29AF3 | SHA256:9F05736CB1FB1084C990E8984473A0CC808D51BDD6ABAE4A02E037FB460D4911 | |||
2956 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:159442D64638C1DFB9CD743895327DC7 | SHA256:253BBA8ED0A0A1D5B08E5B3303A22E115B118E8A771AB72EA4D9B90C0B57D504 | |||
2956 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\K11UVEGT.txt | text | |
MD5:5102A641DB0DBEDABB62535DDB08576C | SHA256:BAC542D4037074A98E7768DAC769F2DF2EA31D17D41CB35D0D26F190CFACB603 | |||
2956 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:009CB0B01763AE8BD88198197D55062F | SHA256:5FEF8F3727B565E583F779C7A16A38A205F71FF93E4A6B099E5ECB3DDDD72C65 | |||
2956 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:EE87BB11E233C12009CC11725035DBDC | SHA256:D82930A5B051B3C3F1639C24E83BDDF41D5AA66E467A0944D1AC3D59AE6330C5 | |||
2956 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\16EG8MY1.txt | text | |
MD5:EA21F6D9B9BAABF19B7CF2BE65023118 | SHA256:7793E48B5995749AFDF1835B8D4A1C75BB58AAF863940419AF3B02271D1F76F8 | |||
2956 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\KHOYVL0X.txt | text | |
MD5:C4AFF438A0F1C47DB92E00F1107CCA5F | SHA256:35DA4D7B98AC21DBD28419BC1934846439071EAC6B328F6D3FD47490FAD34370 | |||
2956 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver1B34.tmp | xml | |
MD5:CBD0581678FA40F0EDCBC7C59E0CAD10 | SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1176 | iexplore.exe | GET | — | 198.199.91.178:80 | http://wufv.pl/h.png | US | — | — | unknown |
2956 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2956 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2956 | iexplore.exe | GET | 200 | 41.63.96.128:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9e1261ca3c431a52 | ZA | compressed | 4.70 Kb | whitelisted |
2956 | iexplore.exe | GET | 200 | 41.63.96.128:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2f858e4afebb5e2a | ZA | compressed | 4.70 Kb | whitelisted |
2956 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2956 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2956 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1176 | iexplore.exe | 198.199.91.178:80 | wufv.pl | Digital Ocean, Inc. | US | unknown |
2956 | iexplore.exe | 96.16.143.41:443 | go.microsoft.com | Akamai International B.V. | US | whitelisted |
2956 | iexplore.exe | 41.63.96.128:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | ZA | suspicious |
2956 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2956 | iexplore.exe | 204.79.197.203:443 | www.msn.com | Microsoft Corporation | US | whitelisted |
2956 | iexplore.exe | 20.25.53.147:443 | query.prod.cms.msn.com | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
wufv.pl |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ieonline.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
www.msn.com |
| whitelisted |