URL: | https://geoinfo.i2w.io/ |
Full analysis: | https://app.any.run/tasks/9b7726c2-247d-40fa-a269-f515ec09c36c |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 21:11:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | DB7A4685F21099C420D93393BC50DC7A |
SHA1: | 7BC90D62D8CC6F3A02FD34AFFE12D3499BBBA15D |
SHA256: | BE827C7755EA740583788B2ADD770D21A288124E36CB41DABE4BC8D54F2A558B |
SSDEEP: | 3:N8hbMMCHKn:2poq |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2184 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://geoinfo.i2w.io/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3784 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2184 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2184 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
3784 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar2BDF.tmp | cat | |
MD5:D99661D0893A52A0700B8AE68457351A | SHA256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003 | |||
3784 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:F083F4978BDEFEC5BFD25A11D41D4F5D | SHA256:CA49399A850585F80BD74E0FCC19E0BF01873EC3E82A713BEB9B36D174EFDEA9 | |||
3784 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | binary | |
MD5:FAF1C48C9BEFF163B2ABC44FAF262EA0 | SHA256:E87736D384E9691FFF1DBEAED9E50AA4141E5D095FE1B8D1EF59CDEA9E6EA1BD | |||
2184 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:A313DD9A7B39439B6B4C3955496FB2D5 | SHA256:8084173B6BF777EACA24B3EB04925E44202EE6D20EA77A5D78808BB619B04B21 | |||
3784 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar2C1F.tmp | cat | |
MD5:D99661D0893A52A0700B8AE68457351A | SHA256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003 | |||
3784 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:488B5502CA2702B5AA85EF1EB376E20F | SHA256:188CD1615E506F22D2B12FA42CDC0645D283CC3275A38CA350F5E722AD12561C | |||
3784 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\947AF310F52BB02DA99B26373F3CE9FD | binary | |
MD5:D89BF00FF4BEC292122C0D1E18623166 | SHA256:9D93AFF404879F5A7A2E1277FEBBBE6C279A0F7F2B790E12BBBD54192B895C7C | |||
3784 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\947AF310F52BB02DA99B26373F3CE9FD | der | |
MD5:CD5A8097558F3BD64E0B98280BE3C99C | SHA256:3608CE1326125ECB1446E26399EC854BBE89A5053323D43493A3B8B6A61722A9 | |||
3784 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DD4634BC6228F802DAD08FA834C43BE8 | binary | |
MD5:56D24C25870E1AA07A8458766D3F5690 | SHA256:A86514F37138E89EDBBBD39A578448D3A477BCE657F41658BF10C93D6BD21FAD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3784 | iexplore.exe | GET | 200 | 2.16.186.11:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgThyIAb64reFo4sSbjmEiXMgQ%3D%3D | unknown | der | 503 b | shared |
2184 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3784 | iexplore.exe | GET | 200 | 2.16.106.171:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?df9d9c1e19e3cf8b | unknown | compressed | 59.9 Kb | whitelisted |
3784 | iexplore.exe | GET | 200 | 2.16.106.171:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?358a1c8cd19c8c82 | unknown | compressed | 4.70 Kb | whitelisted |
3784 | iexplore.exe | GET | 200 | 23.45.105.185:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
2184 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3784 | iexplore.exe | GET | 200 | 2.16.186.11:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQ80Ftf1VSM%2BRzLjZypmPfJ9g%3D%3D | unknown | binary | 5 b | shared |
3784 | iexplore.exe | GET | 200 | 2.16.106.171:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d624580ddca4123c | unknown | compressed | 4.70 Kb | whitelisted |
3784 | iexplore.exe | GET | 200 | 2.16.106.171:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c16cb7ac3155a913 | unknown | compressed | 59.9 Kb | whitelisted |
3784 | iexplore.exe | GET | 200 | 2.16.186.11:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQ80Ftf1VSM%2BRzLjZypmPfJ9g%3D%3D | unknown | binary | 5 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3784 | iexplore.exe | 208.100.26.245:443 | geoinfo.i2w.io | Steadfast | US | malicious |
3784 | iexplore.exe | 2.16.106.171:80 | ctldl.windowsupdate.com | Akamai International B.V. | — | whitelisted |
2184 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3784 | iexplore.exe | 23.45.105.185:80 | x1.c.lencr.org | Akamai International B.V. | NL | unknown |
2184 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2184 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3784 | iexplore.exe | 2.16.186.11:80 | r3.o.lencr.org | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
geoinfo.i2w.io |
| malicious |
ctldl.windowsupdate.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
r3.o.lencr.org |
| shared |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |