URL: | https://drive.google.com/file/d/1XFpk0L_41SYsdEMyH-wVPWmQXSlpdKwN/ |
Full analysis: | https://app.any.run/tasks/c5730db1-f72c-433e-8eba-b0ca64049bfa |
Verdict: | Malicious activity |
Analysis date: | April 01, 2023, 13:03:59 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | C3E989D464D8A5252EB644193D96F86B |
SHA1: | 9EAB1FF2FA09329841160E41362622984E4F57AF |
SHA256: | B010EBF377336B2B9406903477DB4B0804D45F0278B14719D1BE3EE8B7B8AB93 |
SSDEEP: | 3:N8PMMtZJuloHjVOVUhEt4WYSrKn:2As03YSrK |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2668 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://drive.google.com/file/d/1XFpk0L_41SYsdEMyH-wVPWmQXSlpdKwN/" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3140 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2668 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2960 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\Downloads\phishing9-23c5c7702b9c56a319eb58426fa691c8.eml" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 Modules
| |||||||||||||||
2584 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1700 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\documentation.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
2496 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\documentation.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
1184 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Documents\documentation.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 Modules
| |||||||||||||||
3808 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\Documents\Agenda21.pdf" | C:\Program Files\Adobe\acrobat reader dc\Reader\AcroRd32.exe | explorer.exe | ||||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Version: 20.13.20064.405839 Modules
| |||||||||||||||
4092 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\Documents\Agenda21.pdf" | C:\Program Files\Adobe\acrobat reader dc\Reader\AcroRd32.exe | — | AcroRd32.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Version: 20.13.20064.405839 Modules
| |||||||||||||||
3248 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | AcroRd32.exe | ||||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Version: 20.13.20064.405839 Modules
|
(PID) Process: | (2668) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 0 | |||
(PID) Process: | (2668) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30847387 | |||
(PID) Process: | (2668) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30847437 | |||
(PID) Process: | (2668) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2668) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2668) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2668) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (2668) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (2668) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (2668) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BF | der | |
MD5:02DDC021542AADB090AA31099F7B9267 | SHA256:DCCA0F6C051C27F611B9E51981FB34BD0C82A317C2E3AE3412EC6DE80C596D24 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | der | |
MD5:F38ABED7C0362F77808F7E0C5AEDC8DF | SHA256:8F39EE855DFC4B0A19406C5A3109222CF09FE1ABF3A56577E8D0EB29FECC9C20 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | binary | |
MD5:73CE5A55F4ADCB56B8E0C4799AC83144 | SHA256:A4591C83F552581139035333A567F9394C412580DB1850C2CAFA24770569591C | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:AC489F824715FF2AAA60C9E154E6BA15 | SHA256:9A0F597CEAD01841D085F6566BBE0D15E928B659BB9A7FDF1FFFCD965F7A2352 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TO6VQ3HU.txt | text | |
MD5:56915706753B183C8904A50F1293265F | SHA256:D1AA6B8B17096C7E00CF0B7BC03C82DE01643A972637F6ADB753DE5B1A451588 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358E | der | |
MD5:FF36EC2657D8EE3B0F78D0A8B2BC9C96 | SHA256:7C6A6029F3D8B5C88C0D52CFA1D8A6D79FE57080CBD88951CE40456D1AE214E0 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\edit[1].htm | html | |
MD5:814BCE72BDC75F44ACE61AEB9574AA21 | SHA256:F0A64E412B27397C5B0DDB8086851F2C10C901803CBAC51A5E243A3A3DADAB91 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_AA1ADD4071D073F3048022453A5FE061 | binary | |
MD5:1F335ACACD5E7C8C8BB712D3D8D0BBCE | SHA256:F45A83120E60C4E73FF7D3332351409BE994C7A859BDC67B7E022A1C32639722 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358E | binary | |
MD5:A30F689E918F9D9430C349A3D2475F7F | SHA256:6AC98077A95B25319FC99EE2574E1DAB1C3E59871E73F506A553A70D8AB50228 | |||
3140 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BF | binary | |
MD5:C9F4BBD0AC0C066BBCF161C0C515AE36 | SHA256:6F3CAB2344CCBB2C20B8D59EBF8B4D5B1EB322ACC469B5B083B72796B63E6F01 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3140 | iexplore.exe | GET | 200 | 142.250.185.195:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDP0V3EgcJtXxJEXyOb6vmJ | US | der | 472 b | whitelisted |
2668 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
3140 | iexplore.exe | GET | 200 | 178.79.242.11:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fc4f2c2fe9f59e56 | DE | compressed | 4.70 Kb | whitelisted |
3140 | iexplore.exe | GET | 200 | 178.79.242.11:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?884ff7ffd71a194f | DE | compressed | 4.70 Kb | whitelisted |
3140 | iexplore.exe | GET | 200 | 142.250.185.195:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEX8DsGwm267CjwDOorEaJk%3D | US | der | 471 b | whitelisted |
3140 | iexplore.exe | GET | 200 | 142.250.185.195:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
3140 | iexplore.exe | GET | 200 | 142.250.185.195:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGuOw5S%2FgZeuCs2W38ctSDs%3D | US | der | 471 b | whitelisted |
2960 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
3140 | iexplore.exe | GET | 200 | 142.250.185.195:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEFwMawXF47e0CuAYa1GCMjM%3D | US | der | 471 b | whitelisted |
2056 | iexplore.exe | GET | — | 192.147.130.80:80 | http://supportdownloads.adobe.com/detail.jsp?ftpID=6839 | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3140 | iexplore.exe | 142.250.185.195:80 | ocsp.pki.goog | GOOGLE | US | whitelisted |
3140 | iexplore.exe | 142.250.186.35:443 | www.gstatic.com | GOOGLE | US | whitelisted |
3140 | iexplore.exe | 142.250.185.138:443 | fonts.googleapis.com | GOOGLE | US | whitelisted |
3140 | iexplore.exe | 172.217.18.14:443 | — | GOOGLE | US | whitelisted |
2668 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3140 | iexplore.exe | 142.250.186.131:443 | fonts.gstatic.com | GOOGLE | US | whitelisted |
3140 | iexplore.exe | 178.79.242.11:80 | ctldl.windowsupdate.com | LLNW | DE | suspicious |
2668 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
3140 | iexplore.exe | 172.217.16.206:443 | apis.google.com | GOOGLE | US | whitelisted |
3140 | iexplore.exe | 142.250.186.138:443 | content.googleapis.com | GOOGLE | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
ctldl.windowsupdate.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
860 | svchost.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |