URL: | http://tcslandg.net |
Full analysis: | https://app.any.run/tasks/98a2851a-d5a1-43bb-91a8-cc4f8c63a9bd |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 06:44:16 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 4B30515E6C37F60343015FA767165D3D |
SHA1: | DBC0E940447EDFA3978D3F653A283CB3506AD231 |
SHA256: | ACECBC81D2B788634755F23C2F6B22C3DC382C839FA6820D6825DAF3E3988823 |
SSDEEP: | 3:N1KKGrLyL0:CKM2L0 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3144 | "C:\Program Files\Internet Explorer\iexplore.exe" http://tcslandg.net | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2496 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3144 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2496 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab90BF.tmp | — | |
MD5:— | SHA256:— | |||
2496 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar90C0.tmp | — | |
MD5:— | SHA256:— | |||
2496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT | smt | |
MD5:B74C5DE82FD8DA6195CB29EE9B1C2221 | SHA256:1283E0B8845DA1EE9C9A2467E7B5556D72FC0E103DC0D637F69EFD4FFDB299DB | |||
2496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\arrows-bg-ext[1].png | image | |
MD5:53AC1468AB5FC617AB2CBEDE13630CC4 | SHA256:302A65DF1B4E2640529D2B98D0F5B21AAA56424EA946B943FC01E1B7D625B87B | |||
2496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\PGXAICWX.htm | html | |
MD5:6759C93E4B2549890C898B1AE5BEF1F9 | SHA256:AD79FF084C3273F7998DBDF1BEB7A98FD517264B75B7346480E6DED225611C41 | |||
2496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\caf[1].js | text | |
MD5:3E2BE9E9EF478E3A7C4496CCFDEB5FEA | SHA256:C9E11FC61EC253623305C423B75F3BDA725DC55E4C22B13A1720C87AD0FD35AC | |||
2496 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ER989HF8.txt | — | |
MD5:— | SHA256:— | |||
2496 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\M7T7GBAN.txt | — | |
MD5:— | SHA256:— | |||
2496 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:E550DA03AEE5B546B436CD553D3233B9 | SHA256:9ABFD4E29B96CCA442502B1DE6071FE0293455DF22B4EFF19FA3E6DF060947E7 | |||
2496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\arrows-bg[1].jpg | image | |
MD5:DDF56A1F7A8379423DB7CC036A758EF6 | SHA256:2BBE8A349310C215A00ABC02E3244CB77C82F6B3AC64A17C72E28C9F88299C3C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2496 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2496 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDy4NKedukSQwgAAAAAMgpY | US | der | 472 b | whitelisted |
2496 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDy4NKedukSQwgAAAAAMgpY | US | der | 472 b | whitelisted |
2496 | iexplore.exe | GET | 200 | 199.59.242.153:80 | http://ww1.tcslandg.net/ | US | html | 3.93 Kb | malicious |
2496 | iexplore.exe | GET | 200 | 199.59.242.153:80 | http://ww1.tcslandg.net/public/legacy/10352/resources/arrows-bg-ext.png | US | image | 1.12 Kb | malicious |
2496 | iexplore.exe | GET | 200 | 199.59.242.153:80 | http://ww1.tcslandg.net/glp?r=&u=http%3A%2F%2Fww1.tcslandg.net%2F&rw=1280&rh=720&ww=1280&wh=644 | US | text | 8.99 Kb | malicious |
2496 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2496 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2496 | iexplore.exe | GET | 200 | 199.59.242.153:80 | http://ww1.tcslandg.net/public/legacy/10352/resources/arrows-bg.jpg | US | image | 93.6 Kb | malicious |
2496 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDL%2FQslYWVuogIAAAAAXGdc | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2496 | iexplore.exe | 216.58.207.36:443 | www.google.com | Google Inc. | US | whitelisted |
2496 | iexplore.exe | 216.58.207.36:80 | www.google.com | Google Inc. | US | whitelisted |
2496 | iexplore.exe | 172.217.21.234:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3144 | iexplore.exe | 199.59.242.153:80 | ww1.tcslandg.net | Bodis, LLC | US | malicious |
2496 | iexplore.exe | 199.59.242.153:80 | ww1.tcslandg.net | Bodis, LLC | US | malicious |
2496 | iexplore.exe | 108.59.12.98:80 | tcslandg.net | Leaseweb USA, Inc. | US | malicious |
2496 | iexplore.exe | 172.217.18.99:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
2496 | iexplore.exe | 172.217.21.234:80 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2496 | iexplore.exe | 172.217.22.42:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
3144 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
tcslandg.net |
| whitelisted |
ww1.tcslandg.net |
| malicious |
www.google.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
tracking.bodis.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2496 | iexplore.exe | Misc activity | SUSPICIOUS [PTsecurity] Drive-by Evil Redirector |
2496 | iexplore.exe | Misc activity | SUSPICIOUS [PTsecurity] Drive-by Evil Redirector |