URL: | https://dakreffargo-my.sharepoint.com/:o:/g/personal/t_zahn_dakref_com/EvlqaTXnZTBPlGSd9nbWQ9IBkBZ5lXxgbeTa3vs2SRljtw?e=5:RdP75P&at=9 |
Full analysis: | https://app.any.run/tasks/8a94e713-bed3-4edd-9b5a-61ca547a7e5d |
Verdict: | Malicious activity |
Analysis date: | March 31, 2023, 22:51:12 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 58C71E74EF5BCEB3E1C5005F7FA56F5C |
SHA1: | 145DAE99B43DC8F0069C800868289AA2ADF6EAB1 |
SHA256: | BE99F98D9845AA754EABC37819BBF3C0862ECB5242266AE5CB654493AAE3CAA8 |
SSDEEP: | 3:N8c4As519QArL5+KVFSRT6qJ7FdRD1GI0dJpSxfB1SGERx:2cNs5XQAfN82qBRJZ0dAbN2 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
616 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://dakreffargo-my.sharepoint.com/:o:/g/personal/t_zahn_dakref_com/EvlqaTXnZTBPlGSd9nbWQ9IBkBZ5lXxgbeTa3vs2SRljtw?e=5:RdP75P&at=9" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2564 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:616 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3180 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:616 CREDAT:529679 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2760 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MicrosoftEdgeSetup.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MicrosoftEdgeSetup.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Setup Version: 1.3.173.51 Modules
| |||||||||||||||
2668 | C:\Users\admin\AppData\Local\Temp\EUA729.tmp\MicrosoftEdgeUpdate.exe /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0" | C:\Users\admin\AppData\Local\Temp\EUA729.tmp\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeSetup.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Version: 1.3.173.51 Modules
| |||||||||||||||
3656 | "C:\Users\admin\AppData\Local\Temp\EUA729.tmp\MicrosoftEdgeUpdateSetup.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0" /installelevated /nomitag | C:\Users\admin\AppData\Local\Temp\EUA729.tmp\MicrosoftEdgeUpdateSetup.exe | MicrosoftEdgeUpdate.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Setup Version: 1.3.173.51 Modules
| |||||||||||||||
3956 | "C:\Program Files\Microsoft\Temp\EUAB6E.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0" /installelevated | C:\Program Files\Microsoft\Temp\EUAB6E.tmp\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdateSetup.exe | |||||||||||
User: admin Integrity Level: HIGH Modules
| |||||||||||||||
556 | "C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc | C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Exit code: 0 Version: 1.3.173.51 Modules
| |||||||||||||||
2772 | "C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver | C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Exit code: 0 Version: 1.3.173.51 Modules
| |||||||||||||||
1048 | "C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzMuNTEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzMuNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjI2MEYyNDItRTc3QS00MjFBLTlFQTYtNTI5NzBDQTFDQTE3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezI2RTMwQkYzLTc0QkQtNDE5OS04OTNBLUE3Qzk4MzQ0MkNBRX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSIzIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjI0NTQ2IiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing4NiIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoaTQ0MEZYICsgUElJWCwgMTk5NikiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTczLjUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyNDY5Nzc2MzY3MSIgaW5zdGFsbF90aW1lX21zPSIxMjgyIi8-PC9hcHA-PC9yZXF1ZXN0Pg | C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | MicrosoftEdgeUpdate.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Version: 1.3.173.51 Modules
|
(PID) Process: | (616) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 0 | |||
(PID) Process: | (616) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30847387 | |||
(PID) Process: | (616) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30847437 | |||
(PID) Process: | (616) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (616) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (616) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (616) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (616) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (616) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (616) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
616 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:8461A037B38246996C5F98A64B5FD918 | SHA256:C85675B72791F932EBE52B51BC13DCB761A469B1FBDE881C6C4EF6BA93A1B36F | |||
2564 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C | binary | |
MD5:1DC6FECB1EB371E9F0AF74D957167E98 | SHA256:BA7894B342FF4B7ECB20DF32DD40771E3CC4DB86468B68B7D8FC43A488B8E259 | |||
616 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | binary | |
MD5:ED7C772EFCD68208FFE8F4550B956737 | SHA256:D7C550F6DA0A31AE50C15A833D293067A2057F6776731CAE5432A9CCC64F393D | |||
2564 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:9CEA6A22946FB2D595EA9427BD5ED2BD | SHA256:954475A0DEA0427B4FDEDDA3F9042727BBAAB682192CFEFF49FF59FAEDBDE718 | |||
2564 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C | der | |
MD5:9384AB7F52E0E78D1D16A44577F4A394 | SHA256:805A55C4AA3A02174C5C96E8A7AD2C47F45B151CB87A3A6F89DA7CC17B4A4FC8 | |||
616 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.dat | binary | |
MD5:71CF5394B4479D9F6F99345E82E100DB | SHA256:87A8A022ADA273FD9B14F6562CEDD2A95DCDF5209F4DDD7FF4895D849AAA3180 | |||
616 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
2564 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
616 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
3180 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE | der | |
MD5:CB514F3F0A20ADDD6D570F11B5C9B369 | SHA256:5D7D3EBCE8B3CEF4D9EA209E408B062F645E83E6AE1DB828EF37905F6D8F9DEE |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
616 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
3180 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
3180 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D | US | der | 471 b | whitelisted |
2564 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://crl3.digicert.com/DigiCertGlobalRootCA.crl | US | der | 779 b | whitelisted |
2564 | iexplore.exe | GET | 200 | 8.238.191.126:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?884ff7ffd71a194f | US | compressed | 4.70 Kb | whitelisted |
2564 | iexplore.exe | GET | 200 | 8.238.191.126:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fc4f2c2fe9f59e56 | US | compressed | 4.70 Kb | whitelisted |
— | — | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
616 | iexplore.exe | 13.107.136.8:443 | dakreffargo-my.sharepoint.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | suspicious |
2564 | iexplore.exe | 13.107.136.8:443 | dakreffargo-my.sharepoint.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | suspicious |
616 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
616 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
2564 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
— | — | 13.107.21.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
2564 | iexplore.exe | 8.238.191.126:80 | ctldl.windowsupdate.com | LEVEL3 | US | suspicious |
616 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | EDGECAST | US | whitelisted |
1048 | MicrosoftEdgeUpdate.exe | 13.107.42.16:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3180 | iexplore.exe | 95.100.53.90:443 | go.microsoft.com | AKAMAI-AS | CH | suspicious |
Domain | IP | Reputation |
---|---|---|
dakreffargo-my.sharepoint.com |
| suspicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
edgestatic-ehf9gbe6gfdfdec4.z01.azurefd.net |
| whitelisted |