URL: | http://Files.bajaelping.online |
Full analysis: | https://app.any.run/tasks/d33e03d2-71b5-4156-afa7-b90e099d691c |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 07:32:01 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | D6D20B5B3F9A5914CE08CE05831EA36A |
SHA1: | 031937FD18E54584DDC49F3C59F2ADED21113DAE |
SHA256: | A8D3FAB65CDDC1C0BDBBA143F9944844C4798CB8415C930DA4CD466A2C389438 |
SSDEEP: | 3:N1KBJkPEAJmaLAn:CEJdLA |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3740 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://Files.bajaelping.online" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2816 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3740 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3740 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab9080.tmp | — | |
MD5:— | SHA256:— | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar9081.tmp | — | |
MD5:— | SHA256:— | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\6BY0FCTI.txt | text | |
MD5:A1E630544AB10BF200E6359E40C39B84 | SHA256:5F88987E71123BC23173B2F5241200C041BE55B729D9A382B41AD9CE646EC546 | |||
2816 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | der | |
MD5:DE258D014D52CEE566B7A030B495EAFF | SHA256:25CC9F040653782203C0E3497C56CA3AD41479BA9C6C18F459C2C915B9D973C4 | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\nav_static[1].css | text | |
MD5:2E13FF7C9CD68E397A09ECB7D6AC33BA | SHA256:C10D520918C9BD1734A35E4E6C4EFF525282A7257EC7AD9F3B7257BAAE102AF4 | |||
2816 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5887976EDAA817EEF5159B09F6FCD000_73A9FB39DACAF3BE0955961906FEFEA6 | der | |
MD5:0209933F898DB2302BE08BAEB6ECACE1 | SHA256:C5AF92416041FFE9D55188553C19421A1E040D76C0022492D6FECB1B3D56E652 | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\b2_overview[1].css | text | |
MD5:6ED043BF4CD560DF4B2D49DCD52858D9 | SHA256:B7A6A6E266AF6F5BC5AD0045E32267EBD6E277AD952B28D0276E68C372B10BD9 | |||
2816 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\stickynav[1].css | text | |
MD5:4EFF5D774024A96E6019E630EFEB4900 | SHA256:A3F067F4488BE800CE749C59A17023495A0BD1335D597316A42FAC30711DB96D | |||
2816 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1 | der | |
MD5:FB1DCFAD78F9693BB3A1A362365BDFD6 | SHA256:C9733E8718FE8213E3E71412B290E4DE1B8F859D2D994C8BBBC829A37E43951A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2816 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
2816 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D | US | der | 1.47 Kb | whitelisted |
2816 | iexplore.exe | GET | 200 | 216.58.207.35:80 | http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEFeh1L3VO0beCAAAAAAyCgc%3D | US | der | 471 b | whitelisted |
2816 | iexplore.exe | GET | 200 | 2.16.186.11:80 | http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D | unknown | der | 1.37 Kb | whitelisted |
2816 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
2816 | iexplore.exe | GET | 200 | 216.58.207.35:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2816 | iexplore.exe | GET | 200 | 143.204.98.120:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
2816 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAtAJMM%2BNVf2Cs%2BwXiFKCho%3D | US | der | 471 b | whitelisted |
2816 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
2816 | iexplore.exe | GET | 200 | 216.58.207.35:80 | http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEFeh1L3VO0beCAAAAAAyCgc%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 216.58.207.42:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2816 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2816 | iexplore.exe | 104.20.56.48:80 | www.backblaze.com | Cloudflare Inc | US | unknown |
2816 | iexplore.exe | 216.58.207.42:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
— | — | 2.21.36.226:443 | cdn.optimizely.com | GTT Communications Inc. | FR | unknown |
3740 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2816 | iexplore.exe | 104.24.110.148:443 | files.bajaelping.online | Cloudflare Inc | US | suspicious |
2816 | iexplore.exe | 2.21.36.226:443 | cdn.optimizely.com | GTT Communications Inc. | FR | unknown |
2816 | iexplore.exe | 104.24.110.148:80 | files.bajaelping.online | Cloudflare Inc | US | suspicious |
2816 | iexplore.exe | 104.20.56.48:443 | www.backblaze.com | Cloudflare Inc | US | unknown |
Domain | IP | Reputation |
---|---|---|
files.bajaelping.online |
| suspicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.backblaze.com |
| suspicious |
fonts.googleapis.com |
| whitelisted |
cdn.optimizely.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
static.hotjar.com |
| whitelisted |