URL: | http://growltwin.icu |
Full analysis: | https://app.any.run/tasks/b868a2cf-8ed3-441f-b3e6-dc6d9e4bc56f |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 10:21:09 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 0BFFD67AB50754CB06E44AA7FDA2776D |
SHA1: | 036CD1736E1D869E5D368D67F4FCDD8728F82800 |
SHA256: | BC1D0018E39C8934A9FB74E67C33E61043C93489E529E001FA261D5AD217321C |
SSDEEP: | 3:N1KZXJ6Qw:Cbw |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2720 | "C:\Program Files\Internet Explorer\iexplore.exe" http://growltwin.icu | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3264 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2720 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3264 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab4EC1.tmp | — | |
MD5:— | SHA256:— | |||
3264 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar4EC2.tmp | — | |
MD5:— | SHA256:— | |||
3264 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB | binary | |
MD5:BDF13A59A234DC69CC5054586659CCAD | SHA256:E6C42D99C490A6B4C7F90305FF462659989DBE5F18452E8151AE0D4EAA68E0EF | |||
3264 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\now-cbslocal-com[1].css | text | |
MD5:5C4064CBFF16595D0F94DB26AC1616B3 | SHA256:2AF8AE0605C5969D3EE4FF248AABF09F69346699B6614841CCF3DF37F2FA2026 | |||
3264 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | der | |
MD5:728C425EE21D3445912DDB071597332A | SHA256:B003F1FB627734F8050F724055723A2DC40017DDE9263BEFC7CC1FBE04029FBF | |||
3264 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | binary | |
MD5:12D0D5F9B0C487C324C8F8095BEF467D | SHA256:DC9D943280BE808E0F7672D5B389799E4CCFEDB7E5D5D88741A22AF26FFC8ED2 | |||
3264 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:3723741C1AA80B2A2A7B00DD6B287332 | SHA256:813E1EB25265A8393B42848323A14C17C233E7DCA9C5E6996C95734F2498969C | |||
3264 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\RRHAGLIF.htm | html | |
MD5:7DE1F8C2A5240B1EA9EA8D084EDAE6FF | SHA256:EECD14BE3098550E156FC4F9BE9F71A79968801ADE624E47FC7AA93F7CF5E771 | |||
3264 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB | der | |
MD5:F0A02D6514FA6A61CDB9F91DD2215867 | SHA256:74043ECAA233B3F6D6245FF0D6B03AF8370EE1288D84E8CD33D955AE1B925BB1 | |||
3264 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:E806B77E1FF21C0D610629D6B8E253A6 | SHA256:5DA8C6E5BD30ECFDCDD61D005B760D80BA5DFE2E2E557940F3F57097AF8EA726 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3264 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
3264 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
3264 | iexplore.exe | GET | 200 | 172.217.22.67:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJ13zfQMBhkWtuM%3D | US | der | 468 b | whitelisted |
3264 | iexplore.exe | GET | 200 | 172.217.22.67:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJ13zfQMBhkWtuM%3D | US | der | 468 b | whitelisted |
3264 | iexplore.exe | GET | 200 | 172.93.224.140:80 | http://growltwin.icu/ | US | html | 48.9 Kb | unknown |
3264 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
3264 | iexplore.exe | GET | 200 | 172.217.22.67:80 | http://ocsp.pki.goog/gts1d2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT4YwNSyUnwC88de5a5l4eUO%2BLQewQUsd0yXei3N3LSzlzOJv5HeeIBCOkCED%2FVWW906xGbCgAAAABsgWI%3D | US | der | 471 b | whitelisted |
3264 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3264 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
3264 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3264 | iexplore.exe | 209.197.3.15:443 | maxcdn.bootstrapcdn.com | Highwinds Network Group, Inc. | US | whitelisted |
3264 | iexplore.exe | 172.93.224.140:80 | growltwin.icu | Nexeon Technologies, Inc. | US | unknown |
3264 | iexplore.exe | 104.16.148.64:443 | cdn.cookielaw.org | Cloudflare Inc | US | unknown |
3264 | iexplore.exe | 172.217.18.106:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3264 | iexplore.exe | 192.0.66.136:443 | cbslocal.com | Automattic, Inc | US | suspicious |
3264 | iexplore.exe | 151.101.13.188:443 | production-cmp.isgprivacy.cbsi.com | Fastly | US | malicious |
— | — | 192.0.66.136:443 | cbslocal.com | Automattic, Inc | US | suspicious |
3264 | iexplore.exe | 35.241.40.69:443 | w3.cdn.anvato.net | — | US | unknown |
3264 | iexplore.exe | 192.0.76.3:443 | stats.wp.com | Automattic, Inc | US | suspicious |
3264 | iexplore.exe | 172.217.22.67:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
growltwin.icu |
| unknown |
cdn.cookielaw.org |
| whitelisted |
production-cmp.isgprivacy.cbsi.com |
| whitelisted |
cbslocal.com |
| whitelisted |
maxcdn.bootstrapcdn.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
wayne.cbslocal.com |
| whitelisted |
w3.cdn.anvato.net |
| unknown |
stats.wp.com |
| whitelisted |
api.bing.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO DNS Query for Suspicious .icu Domain |
3264 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3264 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3264 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3264 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3264 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3264 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3264 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3264 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3264 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |