URL: | https://urldefense.com/v3/__https://www.medaxiom.com__;!!NoSwA-eRAg!XdN-1vEYaiRMmHCRlsXCsR7RA5d2LdQ-pE47OZFOuS-UNla3kcyCbb2EKfHu-DD3pw$ |
Full analysis: | https://app.any.run/tasks/810d4999-72b3-4394-a50c-6ba34ab067d3 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 18:33:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 2791BC683CBC00DDCC1FFA1E6E878BB7 |
SHA1: | 7A6E7E21D28DCEA206C90AEF042E693A3253D84A |
SHA256: | A8F15432D7D63855EE0DC8EEDC190940CB53B4C3663AE5DE66A47A84A9CEB326 |
SSDEEP: | 3:N8U2DAL5IKTWK66NR0rSL4lhKHreu93L8TaDFBzrDrxB:2UJtIrhVGL4PyoTavvDrH |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
300 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://urldefense.com/v3/__https://www.medaxiom.com__;!!NoSwA-eRAg!XdN-1vEYaiRMmHCRlsXCsR7RA5d2LdQ-pE47OZFOuS-UNla3kcyCbb2EKfHu-DD3pwf7f81a39-5f63-5b42-9efd-1f13b5431005quot; | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3576 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:300 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (300) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (300) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (300) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30977657 | |||
(PID) Process: | (300) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 261318482 | |||
(PID) Process: | (300) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30977658 | |||
(PID) Process: | (300) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (300) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (300) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (300) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (300) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3576 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B | der | |
MD5:614F7B75F8BA6B85B0D3B6988FDAC98B | SHA256:06F72B87CF5655F9C09E1A4ED84BC5FDBABD6DF87A613FD64FE70606ED9C7AEF | |||
3576 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_F0B960C3B1E522BB9772662759982F90 | der | |
MD5:6501F5D9F84ABE583FCC1A8B9A646EB2 | SHA256:896EF10AB15CE171B4639F4E5F860D052AD746D1EAFF97CA62C50E70DD92ADA6 | |||
3576 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | der | |
MD5:6AAC8582893304B7B678B7E864946238 | SHA256:8986A95049C4208CB8D384C59720ADA1E8CF2795CB9AEAE70317D88789049590 | |||
300 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:7E8D28634058423E8EAFD7102D6A09E9 | SHA256:88C4292F23C3B02EDC5A1EED0A837BA71437C58B71A5B34989FED92EFDC89216 | |||
300 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:9F3AF5F31D3D47481A9A9E42C9125BC7 | SHA256:AAE73336ACA45F1CB5B043FAD5D2D473381EDEE7997482EBE28C0C34CC0823B1 | |||
3576 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B | binary | |
MD5:AE2D7839CFE5C28835494919BEF1CC28 | SHA256:69085D2DD1F85BC86C4B7748EB9D8F87A91F01827F338BF26072BFBA40D58895 | |||
3576 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | binary | |
MD5:D335F3F4CE9873A06DB70F6EBD06F811 | SHA256:DB891008D42A8F305CBF3CE31EF255CBADAA5933896D0F8C81FBC413A78773DD | |||
3576 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562 | binary | |
MD5:CCBB5155EC7879D016926A74BA0594E2 | SHA256:39FC858948F82A95BF95C1222F857F29BF3B5725A69028491ADD53B52D488356 | |||
3576 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 | binary | |
MD5:027DA23A436CABC139F7F0258A5AC956 | SHA256:D9A4A8190EB078AD2BD6B81D5C689BDA2D58AE5229E7FD330F9C0C9C3E7B1729 | |||
300 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3576 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEA2KFitLH9n0LY9WTWFSpcE%3D | US | der | 471 b | whitelisted |
3576 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 1.42 Kb | whitelisted |
3576 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.starfieldtech.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT1ZqtwV0O1KcYi0gdzcFkHM%2BuArAQUJUWBaFAmOD07LSy%2BzWrZtj2zZmMCCHqTPa%2FWlr93 | US | der | 1.80 Kb | whitelisted |
3576 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCQEWZx1Os9sgr9kRTyYy5g | US | der | 472 b | whitelisted |
3576 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.starfieldtech.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA%3D%3D | US | der | 1.70 Kb | whitelisted |
3576 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
300 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3576 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D | US | der | 2.18 Kb | whitelisted |
3576 | iexplore.exe | GET | 200 | 192.124.249.36:80 | http://ocsp.starfieldtech.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D | US | der | 1.74 Kb | whitelisted |
3576 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDGaM9nfILxSxIGz%2Bm2TRwQ | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3576 | iexplore.exe | 52.6.56.188:443 | urldefense.com | Amazon.com, Inc. | US | suspicious |
300 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
300 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3576 | iexplore.exe | 8.249.61.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3576 | iexplore.exe | 216.150.17.244:443 | www.medaxiom.com | Peer 1 Network (USA) Inc. | US | unknown |
3576 | iexplore.exe | 172.64.155.188:80 | ocsp.comodoca.com | — | US | suspicious |
3576 | iexplore.exe | 192.124.249.36:80 | ocsp.starfieldtech.com | Sucuri | US | suspicious |
3576 | iexplore.exe | 142.250.185.104:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
3576 | iexplore.exe | 142.250.185.170:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
3576 | iexplore.exe | 104.16.124.175:443 | unpkg.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
urldefense.com |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
ocsp.sectigo.com |
| whitelisted |
www.medaxiom.com |
| unknown |
ocsp.starfieldtech.com |
| whitelisted |