URL: | https://indd.adobe.com/view/c6f9cfd2-a3b9-4496-8039-673365859914 |
Full analysis: | https://app.any.run/tasks/84e85bfa-d1db-4152-b870-65868c48a259 |
Verdict: | Malicious activity |
Analysis date: | January 25, 2022, 01:33:49 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | E51A83A35BE7F6973A6EC4C5A3AA40C3 |
SHA1: | 44CCA6942E77F0A327E9BB8DE4CF22D9D0B10C21 |
SHA256: | AB2CFC5C4F2E2BDC6531DC24A671E0A08B27A594397AF53C1CB498699FC2667D |
SSDEEP: | 3:N8cBLMTucY4HPRcEG5TSRcdJLn:2c9+YV5YsR |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
612 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://indd.adobe.com/view/c6f9cfd2-a3b9-4496-8039-673365859914" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2720 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:612 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3488 | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Integrity Level: MEDIUM Description: Adobe� Flash� Player Installer/Uninstaller 32.0 r0 Version: 32,0,0,453 |
PID | Process | Filename | Type | |
---|---|---|---|---|
612 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
612 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:6BA82CD949377199F8702AD7340DC222 | SHA256:3C2FA5FD1B6AAF67731EC1FFB64786211A91AB69487B67E7F36739227961ACC1 | |||
2720 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E11E75149C17A93653DA7DC0B8CF53F_3E57912013BE29440FBF538304BA19A0 | der | |
MD5:BCA658D161F70DA44BD830B0ADB0EDA7 | SHA256:B0DADA02EB933C6D0BAAE7BE2550CA5E8CC31E6B51269C9B1068114F13158D72 | |||
2720 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\in.min[1].css | text | |
MD5:ECA876798CA8B053484948AB09EF37DE | SHA256:5FC8E0E444D2BC030996E56104AE82406FF84AEC763F121E0C6E2F579914DF0B | |||
2720 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\prod-eu-west-1-newrelic[1].js | text | |
MD5:956C839FF8918EE0FAA5B64AF0F466CF | SHA256:7919EA5143223176D8EECAB11A09859B283D03CFCF0CD253238F8365A073407D | |||
2720 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | binary | |
MD5:362104149671124039B6B4CF84112781 | SHA256:43C3708D606418D2CDA8D862E2FD0D33767EA8DF4319C6243C86204C53CD72F8 | |||
2720 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E11E75149C17A93653DA7DC0B8CF53F_3E57912013BE29440FBF538304BA19A0 | binary | |
MD5:2A2858A29D554D245009BA18E0EFA9EF | SHA256:C49E41891D7A053FD3EF431D3B4374F6202600FEA8C215A763DA7B8CDFFDEC2B | |||
612 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:5425CEF3AEE84033B214F0002BFE69A1 | SHA256:A3695745DC59CDDCA9F1DF753CD63C84A55E21072DE31D9D22C342645AF1ACFC | |||
2720 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | der | |
MD5:D94C08EB9C2992C5D8CFE12C5E185A6B | SHA256:56B861E5117B8E08800AFD24DB0133D298E11E478ADB1D17DFE7654DBA08D5A5 | |||
2720 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\localeChange[1].js | text | |
MD5:9BC9B8EFCCEA319404C924438C23D3F1 | SHA256:F2F2C3CC593716654F0068E5F2B81F5B8C2EE0A75B9CD75CFA8CA1A50C5935F8 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2720 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHophRq39F1meVBmQbb%2F1x0%3D | US | der | 1.40 Kb | whitelisted |
612 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2720 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
2720 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
612 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2720 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAR01OSeHJor2P8HiOg6iA4%3D | US | der | 471 b | whitelisted |
2720 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
2720 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/ssca-sha2-g7.crl | US | binary | 80.6 Kb | whitelisted |
2720 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAR01OSeHJor2P8HiOg6iA4%3D | US | der | 471 b | whitelisted |
2720 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAVv%2Fv551b8Lj%2BoaHAGyxSU%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
612 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
612 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2720 | iexplore.exe | 99.86.241.99:443 | indd.adobe.com | AT&T Services, Inc. | US | unknown |
612 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2720 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2720 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2720 | iexplore.exe | 18.66.248.111:443 | adobeindd.com | Massachusetts Institute of Technology | US | unknown |
— | — | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
612 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
indd.adobe.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
assets.adobedtm.com |
| whitelisted |
use.typekit.net |
| whitelisted |
connect.facebook.net |
| whitelisted |
adobeindd.com |
| whitelisted |
sstats.adobe.com |
| whitelisted |