URL: | Https://download.mapfinderz.com/index.jhtml |
Full analysis: | https://app.any.run/tasks/a85cf232-a2a2-4f70-b325-d0adeb8e1ef3 |
Verdict: | Malicious activity |
Analysis date: | October 19, 2020, 23:14:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | 0118D05E40AECFECD6901DB778BD5442 |
SHA1: | 2E06609EAE27FCE98899BEAA768E94CCF013D0FE |
SHA256: | A38CCCFD17411FD1C6F193BFD5CA68FBFA3845E9C29AE6C4B32E390948C33F9A |
SSDEEP: | 3:nnBElbPtMKBUJ:nBKztMKBUJ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2728 | "C:\Program Files\Internet Explorer\iexplore.exe" Https://download.mapfinderz.com/index.jhtml | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
464 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2728 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1712 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe | iexplore.exe | |
User: admin Company: Mindspark Interactive Network, Inc. Integrity Level: MEDIUM Description: MapFinderz Setup Exit code: 0 Version: 2.8.1.1000 | ||||
3712 | "Rundll32.exe" "C:\Users\admin\AppData\Local\MapFinderzTooltab\TooltabExtension.dll",A -hp=https://hp.myway.com/mapfinderz/ttab02/index.html -ua="(Windows NT 6.1; Win32; MSIE 11.0; Build 7601; SP 1)" -ul=http://anx.mindspark.com/anx.gif?anxa=%251&anxe=%252&anxt=A9E71789-B23B-4662-985D-F40D575D6750&anxtv=2.8.1.1000&anxp=^CNG^yyyyyy^TTAB02^nl&anxsi=&anxv=%253&anxd=2020-10-20&anxr=%254 -hu=SHOW | C:\Windows\system32\Rundll32.exe | — | MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2872 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2728 CREDAT:1316132 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3452 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2728 CREDAT:3478797 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
544 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2728 CREDAT:988432 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
464 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab423E.tmp | — | |
MD5:— | SHA256:— | |||
464 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar423F.tmp | — | |
MD5:— | SHA256:— | |||
464 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B844EFFFE16D17B3AA37AA9520BA7C44 | der | |
MD5:7BDA7AAAB3831CD8D911FD007427A442 | SHA256:F6D9F6218E804AFD9D17DE4A8675B7B176AB58929D53CC5399CC45B009517905 | |||
464 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\index[1].htm | html | |
MD5:B4884E0927C2E24BB22C725310538B20 | SHA256:788CBFB41CA1150E8F41B53DD68C84B15EACEAF40771379169C5B438E73DA0D1 | |||
464 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B844EFFFE16D17B3AA37AA9520BA7C44 | binary | |
MD5:3E3C55C6827BA9BC02EC4D6B92B2DAFB | SHA256:6284E95FA114A797EE0A077E7E70A293215A9CD3655EB2BB94E465BFF810F8CC | |||
464 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08 | der | |
MD5:AF315FA1A389D30310D95403D7DC486E | SHA256:E080E402317DE429DC4A761928298D49107D3D7CDCEDBB0BA06AA90CC214C501 | |||
464 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ASN6T45Z.txt | — | |
MD5:— | SHA256:— | |||
464 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GE5EE42T.txt | text | |
MD5:829518D387BD202594912DC227B06F10 | SHA256:55E4D55D051498E36B33D925C64D0EBFBF7905510BEE4FEA3DE3983F5B45548F | |||
464 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08 | binary | |
MD5:DA1414A40E49DA1ACCB21E8A97824F4A | SHA256:1DF7EF8B3967F8143F95527DD205730EAEEFEF662880D3F7DE0BFEA69361F9A1 | |||
464 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C | binary | |
MD5:B21362D5A5267F08D318CFF08DB3FE7E | SHA256:963401E570BE4F36C1997130463203C59AC942C2B0DD9E860943DE03D9A2F981 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
464 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | der | 471 b | whitelisted |
464 | iexplore.exe | GET | 200 | 2.16.186.35:80 | http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D | unknown | der | 1.37 Kb | whitelisted |
464 | iexplore.exe | GET | 200 | 2.16.186.35:80 | http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D | unknown | der | 1.37 Kb | whitelisted |
464 | iexplore.exe | GET | 304 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | — | — | whitelisted |
464 | iexplore.exe | GET | 304 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | — | — | whitelisted |
464 | iexplore.exe | GET | 304 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | — | — | whitelisted |
464 | iexplore.exe | GET | 200 | 2.16.186.27:80 | http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgNuLkd4xwZBlZHjBXjBubOocw%3D%3D | unknown | der | 527 b | whitelisted |
464 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCOUTy4wn8XWggAAAAAWy8I | US | der | 472 b | whitelisted |
464 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | der | 471 b | whitelisted |
464 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 2.16.186.35:80 | isrg.trustid.ocsp.identrust.com | Akamai International B.V. | — | whitelisted |
464 | iexplore.exe | 2.16.186.27:80 | ocsp.int-x3.letsencrypt.org | Akamai International B.V. | — | whitelisted |
464 | iexplore.exe | 216.58.212.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
464 | iexplore.exe | 35.244.218.203:443 | download.mapfinderz.com | — | US | whitelisted |
464 | iexplore.exe | 23.43.121.26:443 | ak.imgfarm.com | Akamai International B.V. | NL | unknown |
464 | iexplore.exe | 104.111.214.175:443 | akz.imgfarm.com | Akamai International B.V. | NL | whitelisted |
464 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
464 | iexplore.exe | 2.16.186.11:80 | isrg.trustid.ocsp.identrust.com | Akamai International B.V. | — | whitelisted |
464 | iexplore.exe | 172.217.23.99:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
464 | iexplore.exe | 172.217.22.67:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
download.mapfinderz.com |
| malicious |
isrg.trustid.ocsp.identrust.com |
| whitelisted |
ocsp.int-x3.letsencrypt.org |
| whitelisted |
ak.imgfarm.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
ak.staticimgfarm.com |
| whitelisted |
akz.imgfarm.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
mapfinderz.dl.myway.com |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
1712 | MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe | Misc activity | ADWARE [PTsecurity] Mindspark CAPDownloadProcess |
1712 | MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe | Misc activity | ADWARE [PTsecurity] Mindspark User-Agent |
1712 | MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe | Misc activity | ADWARE [PTsecurity] Mindspark CAPDownloadProcess |
1712 | MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe | Misc activity | ADWARE [PTsecurity] Mindspark User-Agent |
1712 | MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe | Misc activity | ADWARE [PTsecurity] Mindspark CAPDownloadProcess |
1712 | MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe | Misc activity | ADWARE [PTsecurity] Mindspark User-Agent |
1712 | MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe | Misc activity | ADWARE [PTsecurity] Mindspark CAPDownloadProcess |
1712 | MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe | Misc activity | ADWARE [PTsecurity] Mindspark User-Agent |
1712 | MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe | Misc activity | ADWARE [PTsecurity] Mindspark CAPDownloadProcess |
1712 | MapFinderz.1e897ecfc75a475ca558c707c82f3d89.exe | Misc activity | ADWARE [PTsecurity] Mindspark User-Agent |