File name: | Ericsson file 47517.htm |
Full analysis: | https://app.any.run/tasks/26c10394-9731-4ad2-8717-ff8c620cfad3 |
Verdict: | Malicious activity |
Analysis date: | January 25, 2022, 03:16:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | DB2FDB6EE7E1B9C42EB7D1AB170126C3 |
SHA1: | 1E9DB350FFB7B5BD7560F37DD5251524BBD0B74D |
SHA256: | A8178C599A312D9A4866A85B4B9EAE671F600BC2431570536246F32479C99EEE |
SSDEEP: | 384:+w5qQfYTKLcTA5ceXUW6HZpwi4oe6a0C2e1THLQTa1O2Rl:aQfc7TAYNE6aGexLUa1O2Rl |
.html | | | HyperText Markup Language (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3980 | "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\Ericsson file 47517.htm.html" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
4016 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3980 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
4012 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3980 CREDAT:275461 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2256 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3980 CREDAT:398593 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
4016 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:B3875551FF78EA6D3B89FB40E2EA9127 | SHA256:5E91A299203E00A58961B52B242BE367715131EFD077A8E0219B2357B405C317 | |||
4016 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4012 | iexplore.exe | GET | 200 | 8.253.208.121:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?03c71ce1e997afee | US | compressed | 4.70 Kb | whitelisted |
4016 | iexplore.exe | GET | 200 | 8.238.21.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5b810eac8f0d199b | US | compressed | 4.70 Kb | whitelisted |
4016 | iexplore.exe | GET | 200 | 8.238.21.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c11a9e5204e805b1 | US | compressed | 4.70 Kb | whitelisted |
4012 | iexplore.exe | GET | 200 | 8.253.208.121:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1a08b4e3bc81ac79 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4016 | iexplore.exe | 162.159.137.85:443 | api.statvoo.com | Cloudflare Inc | — | malicious |
4012 | iexplore.exe | 162.159.137.85:443 | api.statvoo.com | Cloudflare Inc | — | malicious |
4016 | iexplore.exe | 8.238.21.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | unknown |
4012 | iexplore.exe | 8.238.21.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | unknown |
3980 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
4012 | iexplore.exe | 8.253.208.121:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | unknown |
— | — | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
4012 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3980 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 162.159.137.85:443 | api.statvoo.com | Cloudflare Inc | — | malicious |
Domain | IP | Reputation |
---|---|---|
api.statvoo.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |