URL: | https://microsoftsharefile365.myportfolio.com/ |
Full analysis: | https://app.any.run/tasks/dee733c8-d837-4d86-ac61-3cb0dc0b9ccf |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 17:30:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 12269ECB23DF2A2ABC8C75CBA55C7C55 |
SHA1: | 764B72BFF610EB574E73B2CF97BD34995A83C9C0 |
SHA256: | AC375BE5C41315FD8B1F613B62CE2BECFDBF1E283BD2D6ACD93A7CAAB0740D98 |
SSDEEP: | 3:N8aYwNLMCLIcgs/GTK:21wpMCqGGTK |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
952 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://microsoftsharefile365.myportfolio.com/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2900 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:952 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2900 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | binary | |
MD5:2944F609E0C181BF167F24DDEC5E50A2 | SHA256:0AE80428578FFA25D99C18138A83564AA1FF22E036E8BBAA4A4F05C49BA349D3 | |||
2900 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | der | |
MD5:3CBF71B4678EC98888BEA333DF6BDAD7 | SHA256:A16CB040948C7F3883FEA14B83A8BE2FD35994B2F0AEEA6285B59B14B41E6749 | |||
2900 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\6B01GM44.htm | html | |
MD5:0ABD34AAEC37A422164BEF61ECF84697 | SHA256:429A4543A074CD40CA45063C68FF6961FA02265D896B5B9668F58882A7EF4661 | |||
2900 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\WNKJW2AN.js | text | |
MD5:7B4BD52903989B23E62A1C1204F73C03 | SHA256:623949AFAEE6604FF66C58559FE0FE806B2284E774682C1E35B135E2A5F1EFE4 | |||
2900 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_42D518C245FE7F2F9F026AD6DD212548 | der | |
MD5:40406641622C0737C5C7700B5751D6E5 | SHA256:B67CC9464C7A6EB5AF69A416A73E6FD1DDE26094CE2FD3DC9881C644C7222803 | |||
2900 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:871C0FB5D8A03EF8DACD4667333D5CC5 | SHA256:7ED53EFDB90A6495F3E5AFE19FF408E4F98E7AD3BCA9FD17C8AB64E4690F1D93 | |||
2900 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_42D518C245FE7F2F9F026AD6DD212548 | binary | |
MD5:5C9D0762FC47C5378615C5F79C718B24 | SHA256:3A76D563736219B0E15EE3CA2A5E6B81FBE995142C48215859F019995B27141A | |||
2900 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\c24262c6ec204a7182f69a2a6e164e6e1652803051[1].css | text | |
MD5:B13A47C0811DFCCFA7385E42EAEBF982 | SHA256:170B65365CE1E1E6CAD8D3D7C3D1787A85AAFF22CA99174B414074FBFC802ECE | |||
2900 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
2900 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\p[1].gif | image | |
MD5:81144D75B3E69E9AA2FA3E9D83A64D03 | SHA256:9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
952 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2900 | iexplore.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHophRq39F1meVBmQbb%2F1x0%3D | US | der | 1.40 Kb | whitelisted |
2900 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
2900 | iexplore.exe | GET | 200 | 23.216.77.69:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?83f5c6b9093773f4 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2900 | iexplore.exe | 151.101.2.133:443 | cdn.myportfolio.com | Fastly | US | malicious |
2900 | iexplore.exe | 184.24.77.144:443 | use.typekit.net | Time Warner Cable Internet LLC | US | suspicious |
952 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2900 | iexplore.exe | 151.101.0.119:443 | microsoftsharefile365.myportfolio.com | Fastly | US | malicious |
2900 | iexplore.exe | 23.216.77.69:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
2900 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2900 | iexplore.exe | 162.247.243.147:443 | bam-cell.nr-data.net | New Relic | US | unknown |
2900 | iexplore.exe | 104.18.21.226:80 | ocsp2.globalsign.com | Cloudflare Inc | US | shared |
2900 | iexplore.exe | 184.24.77.146:443 | p.typekit.net | Time Warner Cable Internet LLC | US | suspicious |
2900 | iexplore.exe | 151.101.64.119:443 | microsoftsharefile365.myportfolio.com | Fastly | US | malicious |
Domain | IP | Reputation |
---|---|---|
microsoftsharefile365.myportfolio.com |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
cdn.myportfolio.com |
| whitelisted |
use.typekit.net |
| whitelisted |
js-agent.newrelic.com |
| whitelisted |
ocsp2.globalsign.com |
| whitelisted |
p.typekit.net |
| shared |