URL: | http://ww1.sx1yuqjh9e.ru |
Full analysis: | https://app.any.run/tasks/bc52c974-1856-4b26-9ba7-0953f4d519c7 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 07:01:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | DE4006F0AF0797C3DA71FA2056252CA6 |
SHA1: | 0991CBF929C31BB9D5CC07C4D7AA41175FABFBC0 |
SHA256: | B3F0B5CCCF49F34CB6E0F604196E86598D50D7326CA24C74590D71DE9430B5EC |
SSDEEP: | 3:N1KJSl9vLA:Cclps |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2644 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://ww1.sx1yuqjh9e.ru" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2576 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2644 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1320 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | Explorer.EXE | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 | ||||
2472 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e2cd988,0x6e2cd998,0x6e2cd9a4 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 | ||||
2660 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1064 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 | ||||
3288 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1320 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 | ||||
2312 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 | ||||
2324 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 | ||||
460 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 | ||||
1024 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2844 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 86.0.4240.198 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:984D0DF575AB94B85922C64D5C5AC5D9 | SHA256:93EDF5B328F120954DD79DE89813B448DC26F6CFAF15154633F906E5BA34E563 | |||
2576 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\YV1TQURJ.txt | text | |
MD5:FD546B3A610706727FB74BB0B6F5BA41 | SHA256:25EBC9AFBC3D5E70097D99959A6A972F8141BA3D835844EDF26470C8D2DDBD4E | |||
2576 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\GXV3ZNEX.htm | html | |
MD5:708A9B60011979964F0B37917AD7BDA1 | SHA256:92F3A809A3892BFB14EB9282F42C647C588370F253E726FE8FF269E7455A97FF | |||
2576 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB | der | |
MD5:67D1611349C0D065E7BB6DC6865BD920 | SHA256:C40D15C84DE3BA17F5B81853BCBE665CCB76484C02991A2B5EEE01AB2C6F0229 | |||
2576 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\search[1].htm | html | |
MD5:802B5FE5621DD11263E46CDCB7837217 | SHA256:B22C136CD5E08592F06D1217A003CE80136661490CCAE9102DD5F1CBEE5D4DB4 | |||
2576 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\0M8GA4LB.txt | text | |
MD5:0AB883CF9817E89CD188CC1059392A21 | SHA256:DDDB2DD82A85FCAFF09451D1B8123FDD8C6DD4045D9E587875857C0ED7783532 | |||
2644 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.dat | binary | |
MD5:98A31B934E4C88B29789D04F755428E8 | SHA256:4F9DBF5AE72383E1AFDB25FC2A3DB5B72F9F8CFDD117139953E98FB73D8D9321 | |||
2576 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\16x16_100_TZmqhNXXKxtX5WpbGGoMZA[1].png | image | |
MD5:D57A54536FF41F2315AB22643A83341C | SHA256:57D88099725884BC85BB3098913659144932068946B8645D9D8749A1CA765FEC | |||
2644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
2576 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\bootstrap.min[1].js | text | |
MD5:ABDA843684D022F3BC22BC83927FE05F | SHA256:24CC29533598F962823C4229BC280487646A27A42A95257C31DE1B9B18F3710F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2644 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
2576 | iexplore.exe | GET | 200 | 23.217.138.108:80 | http://ww1.sx1yuqjh9e.ru/ | US | html | 369 b | malicious |
3288 | chrome.exe | GET | — | 2.22.118.210:80 | http://searchguide.level3.com/s/css/bootstrap.min.css | GB | — | — | whitelisted |
2576 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
2644 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2576 | iexplore.exe | GET | 200 | 2.22.118.232:80 | http://searchguide.level3.com/search/?q=http%3A//ww1.sx1yuqjh9e.ru/&r=&t=0&akaCid=aaaaaaaa&bc= | GB | html | 16.9 Kb | whitelisted |
2644 | iexplore.exe | GET | 200 | 2.22.118.232:80 | http://searchguide.level3.com/s/img/lvl3/favicon.ico | GB | image | 1.12 Kb | whitelisted |
2576 | iexplore.exe | GET | 200 | 2.22.118.232:80 | http://searchguide.level3.com/s/img/lvl3/logo.png | GB | image | 9.26 Kb | whitelisted |
3288 | chrome.exe | GET | 200 | 2.22.118.210:80 | http://searchguide.level3.com/search/?q=http%3A//ww1.sx1yuqjh9e.ru/&r=&t=0&akaCid=aaaaaaaa&bc= | GB | html | 15.9 Kb | whitelisted |
2576 | iexplore.exe | GET | 200 | 2.22.118.232:80 | http://searchguide.level3.com/s/js/jquery.cookie.js | GB | text | 3.54 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2644 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
2644 | iexplore.exe | 13.107.21.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
2576 | iexplore.exe | 23.217.138.108:80 | ww1.sx1yuqjh9e.ru | Akamai International B.V. | US | whitelisted |
2576 | iexplore.exe | 87.248.119.252:443 | s.yimg.com | Yahoo! UK Services Limited | GB | malicious |
2644 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
2576 | iexplore.exe | 2.22.118.232:80 | searchguide.level3.com | Akamai International B.V. | DE | suspicious |
2576 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
3288 | chrome.exe | 172.217.17.110:443 | clients2.google.com | GOOGLE | US | whitelisted |
2576 | iexplore.exe | 23.202.231.167:80 | ww1.sx1yuqjh9e.ru | Akamai International B.V. | US | malicious |
2644 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | EDGECAST | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
ww1.sx1yuqjh9e.ru |
| malicious |
searchguide.level3.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
s.yimg.com |
| shared |
crl3.digicert.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2644 | iexplore.exe | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |
2576 | iexplore.exe | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |
2576 | iexplore.exe | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |