| URL: | senego.com |
| Full analysis: | https://app.any.run/tasks/fcdd5e21-0f99-4b06-a89b-14f151eca127 |
| Verdict: | Malicious activity |
| Analysis date: | May 26, 2024, 14:50:42 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 2A576B109C03FCAEF7463F095F6BD97D |
| SHA1: | B55C5F8984E003FD7530BAB0133B95A5C6535947 |
| SHA256: | A5E77B73F60D317840ECFE7963E36B765E0BB06171F3D36A823D63C221420DFB |
| SSDEEP: | 3:Usn:7n |
MALICIOUS
No malicious indicators.SUSPICIOUS
Reads the Internet Settings
- cmd.exe (PID: 2764)
- cmd.exe (PID: 4212)
- cmd.exe (PID: 4860)
The process executes JS scripts
- iexplore.exe (PID: 5456)
INFO
Application launched itself
- msedge.exe (PID: 3992)
- iexplore.exe (PID: 1288)
- iexplore.exe (PID: 2636)
- iexplore.exe (PID: 2808)
- iexplore.exe (PID: 1996)
- iexplore.exe (PID: 2384)
- iexplore.exe (PID: 2380)
- iexplore.exe (PID: 2436)
- iexplore.exe (PID: 2540)
- iexplore.exe (PID: 2852)
- iexplore.exe (PID: 2916)
- iexplore.exe (PID: 2748)
- iexplore.exe (PID: 2848)
- iexplore.exe (PID: 2880)
- iexplore.exe (PID: 3016)
- iexplore.exe (PID: 2960)
- iexplore.exe (PID: 3292)
- chrome.exe (PID: 4888)
- iexplore.exe (PID: 2972)
- iexplore.exe (PID: 1248)
- iexplore.exe (PID: 3552)
- iexplore.exe (PID: 3388)
- iexplore.exe (PID: 5552)
- iexplore.exe (PID: 5456)
- iexplore.exe (PID: 3576)
- iexplore.exe (PID: 5052)
- iexplore.exe (PID: 2412)
- iexplore.exe (PID: 2388)
- iexplore.exe (PID: 4544)
- iexplore.exe (PID: 5940)
- iexplore.exe (PID: 960)
- iexplore.exe (PID: 2480)
- iexplore.exe (PID: 5888)
- iexplore.exe (PID: 2324)
- iexplore.exe (PID: 4180)
- chrome.exe (PID: 4192)
- chrome.exe (PID: 5008)
- chrome.exe (PID: 4792)
- chrome.exe (PID: 3680)
- chrome.exe (PID: 7920)
- chrome.exe (PID: 2300)
- chrome.exe (PID: 7684)
- chrome.exe (PID: 5940)
- chrome.exe (PID: 4024)
- chrome.exe (PID: 3784)
- chrome.exe (PID: 7872)
- chrome.exe (PID: 2992)
- chrome.exe (PID: 5656)
- chrome.exe (PID: 6684)
- chrome.exe (PID: 5192)
- chrome.exe (PID: 8012)
- chrome.exe (PID: 4948)
- chrome.exe (PID: 3856)
- chrome.exe (PID: 3440)
- chrome.exe (PID: 3304)
- chrome.exe (PID: 3400)
- chrome.exe (PID: 8124)
- chrome.exe (PID: 7136)
- chrome.exe (PID: 3436)
- chrome.exe (PID: 6472)
- chrome.exe (PID: 5744)
- chrome.exe (PID: 3432)
- chrome.exe (PID: 5732)
- chrome.exe (PID: 6352)
- chrome.exe (PID: 6220)
- chrome.exe (PID: 3376)
- chrome.exe (PID: 2180)
- chrome.exe (PID: 4588)
Manual execution by a user
- wmpnscfg.exe (PID: 2276)
- notepad++.exe (PID: 2408)
- cmd.exe (PID: 2764)
- chrome.exe (PID: 4888)
- cmd.exe (PID: 4212)
- notepad++.exe (PID: 4244)
- notepad++.exe (PID: 7700)
- notepad.exe (PID: 7932)
- cmd.exe (PID: 4860)
Checks supported languages
- wmpnscfg.exe (PID: 2276)
Reads the computer name
- wmpnscfg.exe (PID: 2276)
Change Internet Settings
- iexplore.exe (PID: 1288)
Modifies the phishing filter of IE
- iexplore.exe (PID: 1288)
- iexplore.exe (PID: 5456)
The process uses the downloaded file
- iexplore.exe (PID: 5456)
- chrome.exe (PID: 4188)
- chrome.exe (PID: 5432)
- chrome.exe (PID: 3644)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
297
Monitored processes
247
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 284 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://senego.com/wp-content/uploads/2024/05/Video-La-Cote-dIvoire-rend-hommage-a-lancien-president-Henri-Konan-Bedie_thumbnail.jpg" | C:\Program Files\Internet Explorer\iexplore.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
| 368 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2436 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
| 444 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2880 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
| 568 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x6c168b38,0x6c168b48,0x6c168b54 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 109.0.5414.120 Modules
| |||||||||||||||
| 588 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1208,i,16613773228852489245,2670198909850785326,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 109.0.5414.120 Modules
| |||||||||||||||
| 728 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://senego.com/wp-content/uploads/2024/05/441539118_421718713994927_7463172580769864775_n.jpg" | C:\Program Files\Internet Explorer\iexplore.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
| 752 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd0,0x6c168b38,0x6c168b48,0x6c168b54 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 109.0.5414.120 Modules
| |||||||||||||||
| 904 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://senego.com/wp-content/uploads/2024/03/seydou-gueye.png" | C:\Program Files\Internet Explorer\iexplore.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
| 960 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://senego.com/wp-content/themes/news/assets/fonts/GraphikBold.otf" | C:\Program Files\Internet Explorer\iexplore.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
| 1056 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1300,i,14398564731448967480,7313321591557018123,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
Total events
335 785
Read events
327 356
Write events
6 231
Delete events
2 198
Modification events
| (PID) Process: | (3992) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | failed_count |
Value: 0 | |||
| (PID) Process: | (3992) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | state |
Value: 2 | |||
| (PID) Process: | (3992) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: | |||
| (PID) Process: | (3992) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: 01000000 | |||
| (PID) Process: | (3992) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | state |
Value: 1 | |||
| (PID) Process: | (3992) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} |
| Operation: | write | Name: | dr |
Value: 1 | |||
| (PID) Process: | (3992) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics |
| Operation: | write | Name: | user_experience_metrics.stability.exited_cleanly |
Value: 0 | |||
| (PID) Process: | (3992) msedge.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault |
| Operation: | write | Name: | S-1-5-21-1302019708-1500728564-335382590-1000 |
Value: 05767ACFF2772F00 | |||
| (PID) Process: | (3992) msedge.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\FirstNotDefault |
| Operation: | delete value | Name: | S-1-5-21-1302019708-1500728564-335382590-1000 |
Value: | |||
| (PID) Process: | (3992) msedge.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Edge |
| Operation: | write | Name: | UsageStatsInSample |
Value: 1 | |||
Executable files
2
Suspicious files
598
Text files
239
Unknown types
10
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3992 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1037fa.TMP | — | |
MD5:— | SHA256:— | |||
| 3992 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 3992 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF103858.TMP | — | |
MD5:— | SHA256:— | |||
| 3992 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old | — | |
MD5:— | SHA256:— | |||
| 3992 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF103923.TMP | — | |
MD5:— | SHA256:— | |||
| 3992 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old | — | |
MD5:— | SHA256:— | |||
| 4016 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pma~RF102d9a.TMP | binary | |
MD5:886E82F2CA62ECCCE64601B30592078A | SHA256:E5E13D53601100FF3D6BB71514CBCCC4C73FE9B7EF5E930100E644187B42948E | |||
| 4016 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pma | binary | |
MD5:C612E96CBFAC63232FC2062E15600FB1 | SHA256:DB3C05D5EC0B6719A73E7F0BE84BCE9342772DA70567E7CE08CF6573480B38FF | |||
| 3992 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\b27cec99-1e69-4dc2-8397-3972c90f00f9.tmp | binary | |
MD5:2B46F99595835813653B1343E1ED7DED | SHA256:EB724F48A3D8AA069E02A1894FEE134DD06D03CCAB881E48D6AC4DCD3E1274D9 | |||
| 3992 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old | text | |
MD5:2B5B565981E1565368EC9935843BD794 | SHA256:E98D615C43993262B2C3058F9E445BA09A496ED4CEE663371CABD0600CBBF122 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
476
DNS requests
164
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2040 | msedge.exe | GET | 301 | 137.74.206.21:80 | http://senego.com/ | unknown | — | — | unknown |
3104 | iexplore.exe | GET | 304 | 199.232.214.172:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?763502f04087de8c | unknown | — | — | unknown |
3104 | iexplore.exe | GET | 304 | 199.232.210.172:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7249b9b56ae9dc1f | unknown | — | — | unknown |
3104 | iexplore.exe | GET | 200 | 104.18.38.233:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | unknown | — | — | unknown |
1996 | iexplore.exe | GET | 304 | 199.232.214.172:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6be87ee03a50525d | unknown | — | — | unknown |
1996 | iexplore.exe | GET | 304 | 199.232.214.172:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0e9b980c0b89d37b | unknown | — | — | unknown |
1996 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D | unknown | — | — | unknown |
2380 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D | unknown | — | — | unknown |
2384 | iexplore.exe | GET | 304 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D | unknown | — | — | unknown |
2436 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D | unknown | — | — | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1088 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
3992 | msedge.exe | 239.255.255.250:1900 | — | — | — | unknown |
2040 | msedge.exe | 13.107.42.16:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
2040 | msedge.exe | 137.74.206.21:80 | senego.com | OVH SAS | FR | unknown |
2040 | msedge.exe | 204.79.197.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
2040 | msedge.exe | 137.74.206.21:443 | senego.com | OVH SAS | FR | unknown |
2040 | msedge.exe | 2.23.209.187:443 | www.bing.com | Akamai International B.V. | GB | unknown |
2040 | msedge.exe | 142.250.185.98:443 | pagead2.googlesyndication.com | GOOGLE | US | shared |
DNS requests
Domain | IP | Reputation |
|---|---|---|
senego.com |
| unknown |
config.edge.skype.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
kawtef.com |
| unknown |
www.bing.com |
| whitelisted |
www.facebook.com |
| whitelisted |
www.instagram.com |
| whitelisted |
www.linkedin.com |
| whitelisted |
x.com |
| unknown |
pagead2.googlesyndication.com |
| whitelisted |
Threats
Process | Message |
|---|---|
notepad++.exe | VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
|
notepad++.exe | VerifyLibrary: certificate revocation checking is disabled
|
notepad++.exe | ED255D9151912E40DF048A56288E969A8D0DAFA3
|
notepad++.exe | ED255D9151912E40DF048A56288E969A8D0DAFA3
|
notepad++.exe | VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
|
notepad++.exe | VerifyLibrary: certificate revocation checking is disabled
|
notepad++.exe | VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
|
notepad++.exe | VerifyLibrary: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll
|
notepad++.exe | ED255D9151912E40DF048A56288E969A8D0DAFA3
|
notepad++.exe | ED255D9151912E40DF048A56288E969A8D0DAFA3
|