URL: | https://www.storyfull.net |
Full analysis: | https://app.any.run/tasks/cd049381-a713-4d52-9185-cace32a0e6ea |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 17:35:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | ECFFE6D9BB84949CE564C33CE98F7A02 |
SHA1: | 2CAB9931DF9CF181F454D751A16407B40F3F40C6 |
SHA256: | B513DD079CED5CC1A1D1331051976CE5182A29DE9A1F0685CCA8570BAABCB605 |
SSDEEP: | 3:N8DSLF4:2OLF4 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1520 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://www.storyfull.net" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2572 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1520 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2572 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:F7523E3838AF7E9581F598EC20486343 | SHA256:56627BCA301983A075E56A8ED11E04264100EA9EA77F21383C027F9A24E9B690 | |||
2572 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:589C442FC7A0C70DCA927115A700D41E | SHA256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A | |||
2572 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabE724.tmp | compressed | |
MD5:589C442FC7A0C70DCA927115A700D41E | SHA256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A | |||
2572 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabE726.tmp | compressed | |
MD5:589C442FC7A0C70DCA927115A700D41E | SHA256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A | |||
2572 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarE727.tmp | cat | |
MD5:7EE994C83F2744D702CBA18693ED1758 | SHA256:5DB917AB6DC8A42A43617850DFBE2C7F26A7F810B229B349E9DD2A2D615671D2 | |||
2572 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | binary | |
MD5:AD01D548F7D637259ADCF274F8D35305 | SHA256:C751D54AC6F9FF004C0A44C2167C22A16E7E34BD538DBECBACF2A64D1494F9B0 | |||
2572 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarE725.tmp | cat | |
MD5:7EE994C83F2744D702CBA18693ED1758 | SHA256:5DB917AB6DC8A42A43617850DFBE2C7F26A7F810B229B349E9DD2A2D615671D2 | |||
2572 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\6DLW9JGQ.htm | html | |
MD5:8984F535B2066F124456D0BA1C9B5E5D | SHA256:5FAA6F33D7E2D11FF387593A30E88BB5DD8B2A0B9A0871018EBE62379AFDC371 | |||
2572 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61 | binary | |
MD5:41CA5D149D4FE6846266BC5A556ED88C | SHA256:2858B431331413E1D908EE515EB76980DE268BA0C3A44124B9B30D1003B691CF | |||
1520 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:D20F84A7D4A3AA84F8839323AB29B97E | SHA256:5BF395D4A111A92DA335A51F24D10B5AC9FCF47D25E6E74A4DD40546DB7F140D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1520 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1520 | iexplore.exe | GET | 200 | 2.16.186.19:80 | http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgO%2FyeV%2FPMlQp0N4AivwqLdgdA%3D%3D | unknown | der | 345 b | whitelisted |
2572 | iexplore.exe | GET | 200 | 23.216.77.80:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?236de2d4bc860e7c | US | compressed | 60.2 Kb | whitelisted |
2572 | iexplore.exe | GET | 200 | 23.216.77.80:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8cc4d465f42daea0 | US | compressed | 60.2 Kb | whitelisted |
1520 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
1520 | iexplore.exe | GET | 200 | 23.216.77.80:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8b148d1b17163ddd | US | compressed | 4.70 Kb | whitelisted |
2572 | iexplore.exe | GET | 200 | 2.16.186.9:80 | http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgO%2FyeV%2FPMlQp0N4AivwqLdgdA%3D%3D | unknown | der | 345 b | whitelisted |
2572 | iexplore.exe | GET | 200 | 96.16.145.230:80 | http://x1.c.lencr.org/ | US | der | 717 b | whitelisted |
1520 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
2572 | iexplore.exe | GET | 200 | 23.216.77.80:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9eae438d1ab9dc75 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1520 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2572 | iexplore.exe | 23.216.77.69:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
2572 | iexplore.exe | 23.216.77.80:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
2572 | iexplore.exe | 96.16.145.230:80 | x1.c.lencr.org | Akamai Technologies, Inc. | US | suspicious |
1520 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1520 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1520 | iexplore.exe | 23.216.77.80:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
2572 | iexplore.exe | 2.16.186.19:80 | e1.o.lencr.org | Akamai International B.V. | — | whitelisted |
2572 | iexplore.exe | 172.67.69.54:443 | www.storyfull.net | — | US | unknown |
1520 | iexplore.exe | 104.26.8.6:443 | www.storyfull.net | Cloudflare Inc | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.storyfull.net |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
x2.c.lencr.org |
| whitelisted |
e1.o.lencr.org |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |