URL: | http://www.cvaccordinddg.cam/candor-Storeyed/7ec4R2395f86my12q1cecdC3abaN19WFDFDGa4fgsvxIwEGsi8yR0nQnKK6M1wGR06lzyWHt |
Full analysis: | https://app.any.run/tasks/334210b4-fed1-4a5e-8b70-b6c5cb7837d2 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 16:50:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | A46A39381107EB7EB9BFAA2E0C4F242A |
SHA1: | 8D15E1D830C4977DE26568FC0E10E5C6CAD83C0B |
SHA256: | A41CD0F4BBDE0F1CF2224B42CD9D87416049763AF3C38E2A80A27611AB194ABE |
SSDEEP: | 3:N1KJS4Ya0LEKGELGI2xBJk3Ec7UXWmgCri4JRMKGoh1TJv:Cc4D0GieH+1hmrrRJRMKGC3v |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2824 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.cvaccordinddg.cam/candor-Storeyed/7ec4R2395f86my12q1cecdC3abaN19WFDFDGa4fgsvxIwEGsi8yR0nQnKK6M1wGR06lzyWHt" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2504 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2824 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2504 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\YIYEAKCX.txt | text | |
MD5:C8FBFA2CF07C2110AA175DF67096B389 | SHA256:A1A1344D159C2558AAAAA8795C7D4DA40A44C8E221655C3AB3276D21B37FB6AD | |||
2824 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
2504 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\UM60XW7Q.txt | text | |
MD5:E7B4D9BEB261ECF70F225F3A66CBFC30 | SHA256:ED16D6AA5ADEAF9872433D93FC18112B14B74287907789DA24BC521E74042D42 | |||
2504 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\90X4G0AH.txt | text | |
MD5:830ADBC7AC9D9DDD4220D856AF516636 | SHA256:0A17E752EF6DD3477AFE4E22378EA12B9925A4D446DA4A69B9E78EFBD4AFA667 | |||
2504 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\cf.errors[1].css | text | |
MD5:B404C45EA3C3996B2EEADA6C5EA6B2C7 | SHA256:16FD28061D42CF29268600418D5AA26B585435027CA599A42141CBC820F2547C | |||
2824 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:C466B3829EE774563FB904BEFE6FDBA2 | SHA256:D8E7870AA12B96DC0AACCFF82317ACF32E95031989DF067D389A04D699A5B41B | |||
2824 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:54226BD6D019D54ECEF77E5482A06D64 | SHA256:4F813C5A7310F15B511C132AD4390064AEC5AB31636822FDDA923250BE23FCAB | |||
2824 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:111DCDB55A88510DB3C1E141A0EA1538 | SHA256:022A2CD07C65A61F3419427C0D278028CC8FD3C40D593279C2035D881013973B | |||
2504 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\NMX8XONJ.txt | text | |
MD5:4FA13BA89EF8108D273F0636D296A7F9 | SHA256:6683B571F29E454D9A6083A3BC228DCACD8B2A339959138A9521C5D695B83630 | |||
2504 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZH8L029.txt | text | |
MD5:E2DCFAB89B386076B5913588CC27CE7C | SHA256:98597C2217C8B418E6C0D389FEA96BF50DCDAA12AF8D524A1CEE6145C05704D1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2824 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2504 | iexplore.exe | GET | 200 | 104.21.66.105:80 | http://www.cvaccordinddg.cam/cdn-cgi/styles/cf.errors.css | US | text | 4.32 Kb | suspicious |
2504 | iexplore.exe | GET | 200 | 104.21.66.105:80 | http://www.cvaccordinddg.cam/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=6d2ac364eb123b61 | US | text | 13.8 Kb | suspicious |
2504 | iexplore.exe | GET | 403 | 104.21.66.105:80 | http://www.cvaccordinddg.cam/candor-Storeyed/7ec4R2395f86my12q1cecdC3abaN19WFDFDGa4fgsvxIwEGsi8yR0nQnKK6M1wGR06lzyWHt | US | html | 5.76 Kb | suspicious |
2504 | iexplore.exe | POST | 200 | 104.21.66.105:80 | http://www.cvaccordinddg.cam/cdn-cgi/challenge-platform/h/b/flow/ov1/0.03821260931306355:1643040211:3eb4378c9a9f3f4b52bf93037c81e2ed9af3c46bba39aab8094100fcd2aefe13/6d2ac364eb123b61/63b053ad137ed9b | US | text | 84.0 Kb | suspicious |
2504 | iexplore.exe | POST | — | 104.21.66.105:80 | http://www.cvaccordinddg.cam/cdn-cgi/challenge-platform/h/b/flow/ov1/0.03821260931306355:1643040211:3eb4378c9a9f3f4b52bf93037c81e2ed9af3c46bba39aab8094100fcd2aefe13/6d2ac364eb123b61/63b053ad137ed9b | US | — | — | suspicious |
2504 | iexplore.exe | GET | 200 | 104.21.66.105:80 | http://www.cvaccordinddg.cam/cdn-cgi/challenge-platform/h/b/img/6d2ac364eb123b61/2fab545c/b836b69d9c5476c-1643043057978 | US | image | 396 b | suspicious |
2504 | iexplore.exe | GET | 403 | 104.21.66.105:80 | http://www.cvaccordinddg.cam/candor-Storeyed/7ec4R2395f86my12q1cecdC3abaN19WFDFDGa4fgsvxIwEGsi8yR0nQnKK6M1wGR06lzyWHt | US | html | 5.78 Kb | suspicious |
2504 | iexplore.exe | GET | 200 | 104.21.66.105:80 | http://www.cvaccordinddg.cam/cdn-cgi/images/browser-bar.png?1376755637 | US | image | 715 b | suspicious |
2504 | iexplore.exe | GET | 200 | 104.21.66.105:80 | http://www.cvaccordinddg.cam/cdn-cgi/images/trace/captcha/nojs/h/transparent.gif?ray=6d2ac364eb123b61 | US | image | 42 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2824 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2824 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2824 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2824 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2504 | iexplore.exe | 104.21.66.105:80 | www.cvaccordinddg.cam | Cloudflare Inc | US | suspicious |
2504 | iexplore.exe | 172.67.203.159:80 | www.cvaccordinddg.cam | — | US | unknown |
2824 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2504 | iexplore.exe | 104.16.169.131:443 | hcaptcha.com | Cloudflare Inc | US | unknown |
2824 | iexplore.exe | 131.253.33.203:443 | www.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.cvaccordinddg.cam |
| suspicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
hcaptcha.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
newassets.hcaptcha.com |
| whitelisted |
imgs.hcaptcha.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2504 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.cam domain |
2504 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.cam domain |
2504 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.cam domain |
2504 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.cam domain |
2504 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.cam domain |
2504 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.cam domain |
2504 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.cam domain |
2504 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.cam domain |
2504 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.cam domain |
2504 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.cam domain |