URL: | https://u7367700.ct.sendgrid.net/wf/click?upn=sw-2BpEri5LTJKiGqpmJIs6ZqVtF51SexOhTnZ-2BWu5mI8GQa3sq18IykBiMc7QQNI2nUpgJCyYgWaVLGSanpSd1fLcZCIHCoBbtKMXG0g7g56-2B09iL9MgvldVmqQM-2Fxcgj_NOzmJHCskOif8NCnH-2BVvVRvYJ3c47-2FOFxwXWMU5cx4upLR4qPgTArrqqCNSJZ-2BYfuxhXFzgBH2ZmrrseSPaFYmYYg5E7xXf8zdPEU8sGD4qrTuR9rk-2B5tckrKZNA7AfBcULesv2WFQfmH4JTZAc5cB5sWYrYoRKTl5RAH6HzNmVkkxRwUWdl-2Bdk3-2Fd7u-2BAcQsZzp4ZeeA9jJ3BB5X7F9jRoMgQdRjoLo5b240aR1q2w-3D |
Full analysis: | https://app.any.run/tasks/69f775d5-3441-4eeb-a0c9-a0bf919554d4 |
Verdict: | Malicious activity |
Analysis date: | September 19, 2019, 12:06:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 007C0AAC26103BE0DBC28C2E2CE48648 |
SHA1: | 49F5C8F96EFCAAD48E793385DA6C38EA540C33F0 |
SHA256: | A5F7A4F9841BBAF1ED0C7A00368B209E217E4AAD3EBF01D3C134CECCB4E42674 |
SSDEEP: | 12:2a5DSrSLsfbo/MuMpQ0/odn/0epbAqGgS1:2+Io/Mumo187R5 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3540 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
4016 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3540 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3192 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 | ||||
2500 | -modal 327980 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\admin\AppData\Local\Temp\NDF8CDE.tmp -ep NetworkDiagnosticsWeb | C:\Windows\system32\msdt.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Diagnostics Troubleshooting Wizard Exit code: 2 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2640 | C:\Windows\System32\sdiagnhost.exe -Embedding | C:\Windows\System32\sdiagnhost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Scripted Diagnostics Native Host Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2560 | "C:\Windows\system32\ipconfig.exe" /all | C:\Windows\system32\ipconfig.exe | — | sdiagnhost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: IP Configuration Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3596 | "C:\Windows\system32\ROUTE.EXE" print | C:\Windows\system32\ROUTE.EXE | — | sdiagnhost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Route Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1032 | "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf | C:\Windows\system32\makecab.exe | — | sdiagnhost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft® Cabinet Maker Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3028 | -modal 327980 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\admin\AppData\Local\Temp\NDFD9D6.tmp -ep NetworkDiagnosticsWeb | C:\Windows\system32\msdt.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Diagnostics Troubleshooting Wizard Exit code: 2 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2200 | C:\Windows\System32\sdiagnhost.exe -Embedding | C:\Windows\System32\sdiagnhost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Scripted Diagnostics Native Host Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3540 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
4016 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt | — | |
MD5:— | SHA256:— | |||
4016 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z63LUP8D\style.min[1].css | text | |
MD5:83AB8BB7D08F0CED01CB834F5D518CBD | SHA256:858ECAE68A18E4AABC4A4D528F26EE6695A3EA189358A32505C063217940B6D4 | |||
4016 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\021AYJEH\vendor.min[1].js | text | |
MD5:55B50F7E41CE399C8D16EBD52270E41A | SHA256:74C99B6C3E4D04EF6CC9725D23B70FE5FFEF611D3CF07DC2BD639D5A2E840573 | |||
4016 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWGOAFY1\sendgrid.min[1].js | text | |
MD5:F42D9910F6F3D6E776FBA9A7484B406D | SHA256:2F0D25EB4586D7C5132E96B2CCA3305B77BBE74143C9D6A97398A9CD15CA9ECA | |||
4016 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt | text | |
MD5:ACE37320EBA5D54044193D7F2FBC6694 | SHA256:89F44BF97A90AB5C8D5821B250E0107E0F3783E5E02E8D63B94E7F8C2AFE58E4 | |||
4016 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:49842A1008396AE4E9B901F6453E7CDD | SHA256:E621884189D8CA4FF8E9084C4F484D7DA7D1B333BC7D86733E9028E52FAE855A | |||
4016 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4T3SL64G\forms2.min[1].js | text | |
MD5:F1D23A5951023E4A0282D72A5163950D | SHA256:321BBCC4CC57483B7E329186E5159498B668DDDE87CB64696DDCDC95176CCE82 | |||
4016 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWGOAFY1\72168671[1].js | text | |
MD5:B0AB69C80F170956BD17E6E614903C75 | SHA256:A707B8FDC4D18C022A57DF8A9985F916242C5A87E630046345B100BB42112C8A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4016 | iexplore.exe | GET | 301 | 159.122.219.52:80 | http://sendgrid.com/invalidlink | US | html | 178 b | whitelisted |
4016 | iexplore.exe | GET | 200 | 205.185.216.42:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 57.0 Kb | whitelisted |
4016 | iexplore.exe | GET | 200 | 13.225.84.115:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
3540 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3540 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
4016 | iexplore.exe | 172.217.18.10:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
4016 | iexplore.exe | 104.17.74.206:443 | go.sendgrid.com | Cloudflare Inc | US | shared |
4016 | iexplore.exe | 159.122.219.52:80 | sendgrid.com | SoftLayer Technologies Inc. | US | unknown |
4016 | iexplore.exe | 23.210.249.30:443 | cdn.optimizely.com | Akamai International B.V. | NL | whitelisted |
4016 | iexplore.exe | 159.122.219.52:443 | sendgrid.com | SoftLayer Technologies Inc. | US | unknown |
4016 | iexplore.exe | 172.217.18.104:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
4016 | iexplore.exe | 13.224.193.80:443 | cdn.segment.com | — | US | suspicious |
4016 | iexplore.exe | 167.89.123.16:443 | u7367700.ct.sendgrid.net | SendGrid, Inc. | US | malicious |
4016 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
u7367700.ct.sendgrid.net |
| malicious |
sendgrid.com |
| whitelisted |
cdn.optimizely.com |
| whitelisted |
go.sendgrid.com |
| suspicious |
ajax.googleapis.com |
| whitelisted |
cdn.segment.com |
| shared |
www.googletagmanager.com |
| whitelisted |
api.segment.io |
| whitelisted |
www.google-analytics.com |
| whitelisted |