URL: | https://tinyurl.com/286j95h7 |
Full analysis: | https://app.any.run/tasks/bce25f72-9ce7-49a6-b534-ad4c88f7eb4c |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 01:36:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 6D8214349CDDC383E703CBCF940C2689 |
SHA1: | EE02BC79C4135B55E1F33756AB8CD1EF65067E66 |
SHA256: | AB21F9C822F63A6693C9A89FAA7805D10C6F9D5AEB01E1DA5AC443193CAE9D4F |
SSDEEP: | 3:N8EzLdIshA:2Endp2 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3016 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://tinyurl.com/286j95h7" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2936 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3016 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2936 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\0A448HZL.txt | text | |
MD5:93E639FAD65DBC12C34CED24D0365700 | SHA256:731E9DD879B5F40656479A764D0879CBECB01257584F253C76076682DA627465 | |||
2936 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\cls[1].css | text | |
MD5:2AD42C99ECE77B46E5A42A85207A3750 | SHA256:3D510E16E6E569E573980FD67A55221795D539FD56688ECACA8D284255E86EE6 | |||
2936 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D | der | |
MD5:C592E482A700E972E14C46C59EABD9BB | SHA256:3BD64AE8F25AD4DE3186018F5609D7B474B3F2FAF60C210DB787044055E78CAD | |||
2936 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:DA2BF87D774DAED8BD25573DDCC7A721 | SHA256:3776CDF7D19A1AF8F30A451A5B165E23D537F5F4E55D583EF9D87489A491BECE | |||
2936 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\JR52VUP7.txt | text | |
MD5:2EE74A8683DBB4BC6B5A91CF60D225BB | SHA256:6D341B9902A3FD01A31F68769CE502AF03A2A76076EA099F9C07E9628E35E49B | |||
2936 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:F86983BB8AB0C774668A46B69DD8E212 | SHA256:48108AC86882EE8FFEC539841C71D7F08A529E92F0CED247206641DD2EDA07ED | |||
2936 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\286j95h7[1].htm | html | |
MD5:C94DCEFAC0E42675CD0DC11F7A410220 | SHA256:A35F306B9A07EDE8D007D37D5D7C29034105B4C4A2D7FE199EAFD50D04613EF1 | |||
2936 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | der | |
MD5:F7983D8FD8DDD6DF665E3E5EB736D1C4 | SHA256:173C1E435668AB7C8E2D30A020D2E63D66979911CDF19E0D50F68E697D2CAFC6 | |||
2936 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\pubfig.min[1].js | text | |
MD5:1F07E49DD8ADD3B5FD885EA10DB78385 | SHA256:3D4B69859A01137A99E11FE9DD21290684788CF1A93F5853B7DEFDE56AB0D299 | |||
2936 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\R13GQMNW.txt | text | |
MD5:17B99A2E62E60A4A90687E31818CE6EC | SHA256:382A6811889C8D810046C53D2AC3F3177468124EC6AFC4B2499EFDCEFDDBC3E5 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2936 | iexplore.exe | GET | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
2936 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
2936 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3016 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
2936 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAeReQ3heodN5gA88rOQrYY%3D | US | der | 471 b | whitelisted |
2936 | iexplore.exe | GET | 200 | 192.124.249.22:80 | http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCDGHwgNcZJfa | US | der | 1.74 Kb | whitelisted |
2936 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?13d1c1ffc685b723 | US | compressed | 60.9 Kb | whitelisted |
2936 | iexplore.exe | GET | 200 | 216.58.212.163:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
2936 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f42197540d403b6b | US | compressed | 60.9 Kb | whitelisted |
2936 | iexplore.exe | GET | 200 | 192.124.249.22:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2936 | iexplore.exe | 157.240.20.19:443 | connect.facebook.net | FACEBOOK | DE | whitelisted |
2936 | iexplore.exe | 104.20.139.65:443 | tinyurl.com | CLOUDFLARENET | — | suspicious |
2936 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
2936 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
2936 | iexplore.exe | 104.26.0.139:443 | a.pub.network | CLOUDFLARENET | US | suspicious |
2936 | iexplore.exe | 143.204.215.68:443 | api.pushnami.com | AMAZON-02 | US | malicious |
2936 | iexplore.exe | 35.201.71.192:443 | d.pub.network | GOOGLE | US | unknown |
3016 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
2936 | iexplore.exe | 31.13.92.36:443 | www.facebook.com | FACEBOOK | DE | whitelisted |
2936 | iexplore.exe | 65.9.66.9:443 | cmp.quantcast.com | AMAZON-02 | US | suspicious |
Domain | IP | Reputation |
---|---|---|
tinyurl.com |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
a.pub.network |
| whitelisted |
api.pushnami.com |
| shared |
connect.facebook.net |
| whitelisted |
stats.g.doubleclick.net |
| whitelisted |
d.pub.network |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
ocsp.godaddy.com |
| whitelisted |