URL: | https://u13031921.ct.sendgrid.net/ls/click?upn=hnZEJtlOVoCRcvX0yS9ql2S3lEY07S8QIduMTeHG2NygRozO-2BdkXRZjt2SGJ4AO80pHl_Mj-2FciSswvBdfEnfNyoSWC-2BzhoNwB0poIaKgHOAeYbuipAPlIStbHvAMhyEPbDorbPMvsRdAt6H2Ci6RLG5O2XlqhrJw8c4ptDsbHjEWl2U2Vy1jg6BOOa6SOUWJNAeCYy8cZ1BcA12Omq9NRtf5HQlhhM7mNKEh1JyQX4VO3pit7IHOY3zudv8pQq2yn14PWmIPRdYoG8OxL1mvfuSWxbq8mkG-2B2lYFF1tKRVKcofko-3D |
Full analysis: | https://app.any.run/tasks/4c0dd82d-1855-4ebe-bcd6-a6bf4c412a56 |
Verdict: | Malicious activity |
Analysis date: | January 25, 2022, 01:04:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 47A2BFD7781EA5D85F2EA4B9382246DC |
SHA1: | D6865324AEE28104F57C171247FACF9A66E35374 |
SHA256: | A85E090E86B1851F8039135B3B0FFC96E860A13BE753AB570D946155D0E9CE80 |
SSDEEP: | 6:2WW8nwY6xq/5mAGjlw2cOrJtJ6SbWgOrVmIvitqJ9DrJDRhrB2fD+om4NS3NsqHL:2KnHSq/5mAGjlDlJtJT/qMKikH9SC4No |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3820 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://u13031921.ct.sendgrid.net/ls/click?upn=hnZEJtlOVoCRcvX0yS9ql2S3lEY07S8QIduMTeHG2NygRozO-2BdkXRZjt2SGJ4AO80pHl_Mj-2FciSswvBdfEnfNyoSWC-2BzhoNwB0poIaKgHOAeYbuipAPlIStbHvAMhyEPbDorbPMvsRdAt6H2Ci6RLG5O2XlqhrJw8c4ptDsbHjEWl2U2Vy1jg6BOOa6SOUWJNAeCYy8cZ1BcA12Omq9NRtf5HQlhhM7mNKEh1JyQX4VO3pit7IHOY3zudv8pQq2yn14PWmIPRdYoG8OxL1mvfuSWxbq8mkG-2B2lYFF1tKRVKcofko-3D" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2684 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3820 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2684 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D | binary | |
MD5:A49AF11A570757B1E28213D82214D902 | SHA256:F9A9C75D435224635D572DEBF76A31086856C5552F86A2925693FEFD4C35EB6E | |||
2684 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\campaign[1].svg | image | |
MD5:1D2A60A60F40F9E63B63AC52183F9C01 | SHA256:572ACFB80CDCE15FD7239F1B6266FEB4470926FDD5698E95F40B5B41FFABBE06 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\digital_products[1].svg | image | |
MD5:5407A8FE869D2A4B5DEFE4AE08268D45 | SHA256:7B932B72D4C1AB01CD1FB55C4D016156A0AA77CC30CE273854C95CFC2B32073A | |||
2684 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D | der | |
MD5:3DBA8BD3D1C5586D7B6C88E9865CC72B | SHA256:BE214107A441DCCC82553116726922B4A19BB0D32DDD965E83FD15FFC90AD9F8 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\tailwind[1].css | text | |
MD5:DA22A5D152DD467575A99D3A99DAFF8D | SHA256:813B1C3B125DDDB582E472B820BE298B12CC6EE5F74E9B46B56F4D6427F42EC0 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B39C403EE7698F732743C79CB583A818_F94572BF13D20C8A2D58EA30B5AB031E | der | |
MD5:5573411EC5DC6DF320B2C1880FB69AA0 | SHA256:B9E10EE122CE5B5749C50314ADC44337601CD7DE0F4E6A85EA757AD8883BF129 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771 | binary | |
MD5:1F2C44BECB3F6D4A8FDABA6EED0D50EA | SHA256:03A13DBF6928966C5D9A7A2F2568624BFDBE73C749D844005AF12EEBB4BA30B6 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\automation[1].svg | image | |
MD5:A71DC63B19309A29D188551C4A945223 | SHA256:446D7F3C8D927583C065006736151F610EB821A9A55A376804E0CC54AE7F81F5 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\JBRLR9CF.htm | html | |
MD5:CD3646F9215D1DC74DA91DF97E994CED | SHA256:33AEA0377772DA92256401FD9564B3A9C4A08E03BF2293AB26F6DDA8E8A60706 | |||
2684 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\landing-pages[1].svg | image | |
MD5:8F841DD57F9D56C89C58FECF6F65DC30 | SHA256:159B96880979BFC9516F6DBBE907CD184181F132DCCC8AE0B5D9A6377BDF4A32 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2684 | iexplore.exe | GET | 200 | 192.124.249.41:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
2684 | iexplore.exe | GET | 200 | 192.124.249.41:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
2684 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAyxVj9Q6Sv8YTt%2B78cX2W4%3D | US | der | 280 b | whitelisted |
2684 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
2684 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
2684 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
2684 | iexplore.exe | GET | 200 | 13.32.11.229:80 | http://crl.rootca1.amazontrust.com/rootca1.crl | US | der | 493 b | whitelisted |
2684 | iexplore.exe | GET | 200 | 192.124.249.41:80 | http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCAFQWPc8P68%2F | US | der | 1.74 Kb | whitelisted |
2684 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEA0OVaEcb%2BOak3V3OoTdWC4%3D | US | der | 471 b | whitelisted |
2684 | iexplore.exe | GET | 200 | 13.32.11.71:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2684 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2684 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2684 | iexplore.exe | 192.124.249.41:80 | ocsp.godaddy.com | Sucuri | US | suspicious |
2684 | iexplore.exe | 142.250.186.78:443 | www.googleoptimize.com | Google Inc. | US | whitelisted |
2684 | iexplore.exe | 104.16.148.64:443 | cdn.cookielaw.org | Cloudflare Inc | US | unknown |
2684 | iexplore.exe | 104.18.3.159:443 | www.mailerlite.com | Cloudflare Inc | US | unknown |
2684 | iexplore.exe | 167.89.123.16:443 | u13031921.ct.sendgrid.net | SendGrid, Inc. | US | malicious |
2684 | iexplore.exe | 142.250.185.163:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2684 | iexplore.exe | 104.18.2.159:443 | www.mailerlite.com | Cloudflare Inc | US | suspicious |
2684 | iexplore.exe | 104.21.33.201:443 | cdn.remotecompany.com | Cloudflare Inc | US | unknown |
Domain | IP | Reputation |
---|---|---|
u13031921.ct.sendgrid.net |
| suspicious |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |
www.mailerlite.com |
| suspicious |
ocsp.digicert.com |
| whitelisted |
www.googleoptimize.com |
| whitelisted |
cdn.cookielaw.org |
| whitelisted |
track.mailerlite.com |
| suspicious |
static.mailerlite.com |
| whitelisted |
cdn.remotecompany.com |
| malicious |