URL: | https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.keyence.co.in%2Fm%2F111342_1%3Fmc%3D2%26msid%3D1%26mcid%3D15076878%26alc%3D13740990%26alv%3Dc58e77ab7bfc2fc46d032106f68be446&data=05%7C01%7Cshankara.narayan%40lamresearch.com%7C6ad155bd208d49fa68a208da57e36406%7C918079dbc9024e29b22c9764410d0375%7C0%7C0%7C637918931406643400%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hiWZlTDNLadKHH0J27ubbl3JTnFxsIn47GL%2FShBtyOc%3D&reserved=0 |
Full analysis: | https://app.any.run/tasks/5541ef21-8133-4279-bf65-c1f764984af5 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 09:47:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 04DC6EF238EA134A0BD240889FCFB05A |
SHA1: | 3F46F6B568873F0CA555C0F82B76B539A6C54155 |
SHA256: | BFDACE87581FDE9E59041C6C655863BB127366275065E1F9124B6F23861CD04C |
SSDEEP: | 12:2bqxDrPccEXxuxgL/ixnUODlkvqKP7Rxzu:2bqVNEX0yL/sfy5P7bzu |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2544 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.keyence.co.in%2Fm%2F111342_1%3Fmc%3D2%26msid%3D1%26mcid%3D15076878%26alc%3D13740990%26alv%3Dc58e77ab7bfc2fc46d032106f68be446&data=05%7C01%7Cshankara.narayan%40lamresearch.com%7C6ad155bd208d49fa68a208da57e36406%7C918079dbc9024e29b22c9764410d0375%7C0%7C0%7C637918931406643400%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hiWZlTDNLadKHH0J27ubbl3JTnFxsIn47GL%2FShBtyOc%3D&reserved=0" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2736 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2544 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
888 | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 32.0 r0 Version: 32,0,0,453 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2544 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
2736 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\26CA94K0.txt | text | |
MD5:94A37B4883270A4DCB16AC44057CFDBC | SHA256:44A8214D9C1AB3D8F32491808EAA257343D7E54697210857BAFF24F5028E57E7 | |||
2544 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:4E6D5B1811A51FFCC61007B935515B35 | SHA256:3FEF11225E75B4FF79C331CBE5526DB743B59378DA2F5B6384111F34AFCC1F15 | |||
2736 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C | binary | |
MD5:947DD482BA4E27BB7C48293D031078FE | SHA256:FFF3D50C053BDE0606102AFDC08BBA502C3FAEB57096C63EB4A26D5E1F9C710F | |||
2736 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2F23D0F5E4D72862517E1CB26A329742_F6FACC49395CFA949BCE851E73323C49 | binary | |
MD5:800C7AC63109A14DC7C737B5B30B6A30 | SHA256:7D8938087FBBF1C28883DA1E5C4B147C23843F4A17773CE3867D2D0BB8777EA6 | |||
2736 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\111342_1[1].htm | html | |
MD5:91824F01007F9027B88770FA2B622316 | SHA256:BF118A746224181B60686125C6023402E1E007102BF4E2C1AC45EE13C491D7CB | |||
2736 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\2W80U3TF.txt | text | |
MD5:ABF665846B5FE59BAD0C9016C6A35D58 | SHA256:0AA07186C17B8CBB4296D4BE15D2004B65A367A8FCB2B262305365552CA37337 | |||
2736 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
2736 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\C9ON31AF.txt | text | |
MD5:B34ED0582A9D366F05F82FA516A54C4B | SHA256:F2E93972E490334A9B4BAECF8179F544EA18B4EC0B7E38302F64AE93975F7D3F | |||
2736 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\I8Y709HM.txt | text | |
MD5:5FF17B5B392B8031EDDDCD11AC2DA6DB | SHA256:B752F7EB03898DB08A147C13E1E0F269FBD74D70B4452969EE3F09612D0E729A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2736 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.starfieldtech.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D | US | der | 1.74 Kb | whitelisted |
2736 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | der | 471 b | whitelisted |
2736 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEFAii%2BAtkZ6eCtJ%2BjqHhrL4%3D | US | der | 471 b | whitelisted |
2736 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
2736 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
2736 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
2736 | iexplore.exe | GET | 200 | 113.52.156.18:80 | http://ov.g4.ocsp.pubcert.jprs.jp/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSBalxzR4cT1azFjvz4iM6u0d6oEwQU1TWuxNQyboApFSrUABy07SO5KzgCEAcAad1aH51PZerw6yABlOg%3D | JP | der | 1.54 Kb | unknown |
2736 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDNqcm0ttxULAoGqTwy8PoU | US | der | 472 b | whitelisted |
2736 | iexplore.exe | GET | 200 | 192.124.249.23:80 | http://ocsp.starfieldtech.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT1ZqtwV0O1KcYi0gdzcFkHM%2BuArAQUJUWBaFAmOD07LSy%2BzWrZtj2zZmMCCAoLbQoKgi1X | US | der | 1.80 Kb | whitelisted |
2544 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2544 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2736 | iexplore.exe | 23.205.226.121:443 | www.keyence.co.in | GTT Communications Inc. | NL | suspicious |
— | — | 23.205.226.121:443 | www.keyence.co.in | GTT Communications Inc. | NL | suspicious |
2544 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2736 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2736 | iexplore.exe | 8.252.42.126:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
2736 | iexplore.exe | 104.47.56.28:443 | nam02.safelinks.protection.outlook.com | Microsoft Corporation | US | suspicious |
2736 | iexplore.exe | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | — | US | suspicious |
2736 | iexplore.exe | 192.124.249.23:80 | ocsp.starfieldtech.com | Sucuri | US | suspicious |
2736 | iexplore.exe | 184.24.77.156:443 | use.typekit.net | Time Warner Cable Internet LLC | US | suspicious |
Domain | IP | Reputation |
---|---|---|
nam02.safelinks.protection.outlook.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.keyence.co.in |
| suspicious |
use.typekit.net |
| whitelisted |
dev.visualwebsiteoptimizer.com |
| whitelisted |
ocsp.starfieldtech.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .cloud TLD |
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .cloud TLD |
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .cloud TLD |