URL: | https://simplus.sharefile.com/?cmd=rp&id=73a83807413f49fc |
Full analysis: | https://app.any.run/tasks/1958ce6c-5da5-4e10-ad46-173a1125f955 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 09:04:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | B3C59EE7E776A6BCFA9579472DCC0EB5 |
SHA1: | B604F459978DCEC662440E84E0D8F2E9FE4A5DE6 |
SHA256: | BD0B74EDCAFA445506A475E9F591335880E522826DFC33F053D27625E4DA7467 |
SSDEEP: | 3:N8BJMWWLv6p9SDUWOa:2Dyv67SgWn |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3216 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://simplus.sharefile.com/?cmd=rp&id=73a83807413f49fc" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3292 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3216 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3216 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
3292 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | der | |
MD5:8352A68E577A4F7AA01A568BA9110CF9 | SHA256:0F7F8E22508EFC9EAF167F51ED956BC7703C69B0B848A0B94A5D988AEAA369A0 | |||
3292 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\5012GU42.htm | html | |
MD5:454C197693250F347C4DB36D4D6D2D80 | SHA256:400F25825AD40CD2DC13B02D040EB492CA5CDDC7A36634860BE34D0F59AECB41 | |||
3216 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:EC189C7EE418BDE57B1C0E0E1ABD8CB2 | SHA256:E8FDBBA4E4E31ABE1866C3731C2A21A46405E9B2E9F092E6E400B587554D56DF | |||
3292 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 | der | |
MD5:70D95E3307DD1636981EB98F22320529 | SHA256:4292EEE1FA677D4D2137F894A62ED35695C3FB8D66B080DEB5292C0B6B8A4783 | |||
3292 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D6243C18F0F8F9AEC6638DD210F1984_175C3B7C5C85AE06D7F4ACF32DFE8897 | der | |
MD5:935639C5773FAEEC8F139A32416ED79D | SHA256:C7A8093DC9C7C145C00C44002372A7CF5B8A84076738282819F92F8884715FB5 | |||
3292 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | binary | |
MD5:25FC50839944170AD78B0BD33E19A3F3 | SHA256:851543183F1DAB18BB8269D05C9490BDA8799041A6F3186628C5F5257C17CD1F | |||
3292 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9QVDHJ3.txt | text | |
MD5:50A6FEAB11205338628CF50280FFF162 | SHA256:C8C0F46C06C340354EDEAF8E218F1C235F2E418F00C0612667F649A3AD0E819B | |||
3216 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:6A7A4C4CE552070E5946B33155E136E1 | SHA256:52B5FD73E9A77C10BD77FC774E195AFF9AD69F3E68936B041229DEA2528967E3 | |||
3292 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | binary | |
MD5:4A7F430536A178403A8A18FF97608D70 | SHA256:938B2B2621C0542F900B068E492F19FE1D51EA4037B212E6BDB807BACC0A6C42 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3216 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3292 | iexplore.exe | GET | 200 | 172.217.16.131:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDHcc6QGVhwAwqBwrQ6ks05 | US | der | 472 b | whitelisted |
3292 | iexplore.exe | GET | 200 | 172.217.16.131:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
3292 | iexplore.exe | GET | 200 | 18.66.137.71:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
3292 | iexplore.exe | GET | 200 | 13.225.84.68:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
3292 | iexplore.exe | GET | 200 | 108.138.24.169:80 | http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAr6k8AbHFvcYAf2GK4QUwI%3D | US | der | 471 b | whitelisted |
3216 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3216 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
3292 | iexplore.exe | GET | 200 | 18.66.137.10:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
3216 | iexplore.exe | GET | 200 | 8.241.11.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8b525615f1002530 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3216 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3216 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3292 | iexplore.exe | 13.248.193.251:443 | simplus.sharefile.com | — | US | suspicious |
3216 | iexplore.exe | 8.241.11.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3292 | iexplore.exe | 13.225.84.68:80 | o.ss2.us | — | US | unknown |
3216 | iexplore.exe | 8.238.189.126:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3292 | iexplore.exe | 76.223.1.166:443 | simplus.sharefile.com | AT&T Services, Inc. | US | unknown |
— | — | 76.223.1.166:443 | simplus.sharefile.com | AT&T Services, Inc. | US | unknown |
3216 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3292 | iexplore.exe | 18.66.137.71:80 | ocsp.rootg2.amazontrust.com | Massachusetts Institute of Technology | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
simplus.sharefile.com |
| suspicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
o.ss2.us |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
ocsp.sca1b.amazontrust.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3292 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3292 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |