File name: | EUR_379,090.00.htm |
Full analysis: | https://app.any.run/tasks/34e38e0a-6a38-4482-9a35-0439abb2a6eb |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 08:00:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with CRLF line terminators |
MD5: | 08171415AE158200FC6C6192E0592D6B |
SHA1: | 287A743B7998ABCD08C0C1E074C6338D4A7DFD96 |
SHA256: | ABDF0D2B47F79E65E597B206415254A53705E1F0CFC2F2816AF9C0347AF9D0EC |
SSDEEP: | 96:virZT/o1JhSJp8hGxq9if8aqaTftYzy2a5kYyVErqie:Chb2x6Jfuz3a5GBie |
.htm/html | | | HyperText Markup Language with DOCTYPE (80.6) |
---|---|---|
.html | | | HyperText Markup Language (19.3) |
viewport: | width=device-width, initial-scale=1 |
---|---|
Title: | Microsoft Security |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
700 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\EUR_379,090.00.htm | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1508 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:700 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2844 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:700 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
700 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1508 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\CabC7E4.tmp | — | |
MD5:— | SHA256:— | |||
1508 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\TarC7E5.tmp | — | |
MD5:— | SHA256:— | |||
700 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab2F49.tmp | — | |
MD5:— | SHA256:— | |||
700 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar2F4A.tmp | — | |
MD5:— | SHA256:— | |||
700 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver2F7A.tmp | — | |
MD5:— | SHA256:— | |||
1508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver5B3D.tmp | — | |
MD5:— | SHA256:— | |||
1508 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 | der | |
MD5:F8811AF161EB47E259E6A03FDC0BD40C | SHA256:504D3DF293BAE3FC7303359007CD42B6B36CDC68BBC96407D8E8D396702DB792 | |||
1508 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\onedrive_logo[1].png | image | |
MD5:7F42733B197FA05A2A2A1B5FAEF36AD4 | SHA256:A83A6FDA1B51203E739EE87AA6CE464082947A054F20C83D14685253B096EC42 | |||
1508 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | der | |
MD5:AAB44BF1993AE0C761D8F61F3C99BFCE | SHA256:4BA6C6D29B828887BB77CD75D874B0EF50BE5DD02D16CD15596BC9D78D704376 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1056 | svchost.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
700 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
700 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
1056 | svchost.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAKXB1YM1Knrv%2BJy8eCW2II%3D | US | der | 471 b | whitelisted |
1056 | svchost.exe | GET | 200 | 216.58.208.35:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D | US | der | 492 b | whitelisted |
1056 | svchost.exe | GET | 200 | 104.18.24.243:80 | http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIGkp0%2Fv9GUvNUu1EP06Tu7%2BChyAQUkZ47RGw9V5xCdyo010%2FRzEqXLNoCEyAAASWxwt68EQiA3cUAAAABJbE%3D | US | der | 1.75 Kb | whitelisted |
1056 | svchost.exe | GET | 200 | 216.58.208.35:80 | http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCB1hFTiyruqn | US | binary | 5 b | whitelisted |
1508 | iexplore.exe | GET | 200 | 143.204.101.190:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
1056 | svchost.exe | GET | 200 | 23.55.161.158:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 57.5 Kb | whitelisted |
1508 | iexplore.exe | GET | 200 | 13.225.84.104:80 | http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAPE0wJA9FmBbXMc6gki3E4%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1508 | iexplore.exe | 143.204.101.74:80 | ocsp.rootg2.amazontrust.com | — | US | whitelisted |
700 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
700 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1508 | iexplore.exe | 143.204.94.54:443 | cdn1.cloudpro.co.uk | — | US | unknown |
700 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1508 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
700 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1508 | iexplore.exe | 13.225.84.42:80 | o.ss2.us | — | US | unknown |
1508 | iexplore.exe | 143.204.101.190:80 | ocsp.rootg2.amazontrust.com | — | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
cdn1.cloudpro.co.uk |
| whitelisted |
o.ss2.us |
| whitelisted |
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
ocsp.sca1b.amazontrust.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |