download: | it-security |
Full analysis: | https://app.any.run/tasks/28cefcad-d923-4b08-ad43-9e543cb8b539 |
Verdict: | Malicious activity |
Analysis date: | November 29, 2020, 23:41:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines |
MD5: | CAB4E4E1042C1C5DCFC0932FC9644B14 |
SHA1: | 0745C855DB89B13C795610344EDD23D9C8AB4D9B |
SHA256: | C4E750694AAAC3D77123DEDC5BD4055B58340FEA0E37320C8EE6CB5876E9E72E |
SSDEEP: | 768:MwgjmQqrmwTfjmQxrmCFkPrZTFeeeooeeefmIeBdT/pvew:MwkCQDZFeeeooeeefdeBdrpvew |
.htm/html | | | HyperText Markup Language with DOCTYPE (80.6) |
---|---|---|
.html | | | HyperText Markup Language (19.3) |
lpVersion: | v6.23.8 |
---|---|
HTTPEquivXUACompatible: | IE=edge |
viewport: | width=device-width, initial-scale=1.0 |
Robots: | noindex, nofollow |
Description: | - |
Keywords: | - |
Title: | Cythera Webinar | IT Security |
ContentType: | text/html; charset=UTF-8 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2364 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\it-security.htm | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2028 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2364 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2740 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2364 CREDAT:398593 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
(PID) Process: | (2364) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 1009819008 | |||
(PID) Process: | (2364) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30852777 | |||
(PID) Process: | (2364) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2364) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2364) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2364) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2364) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (2364) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 46000000A5000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
(PID) Process: | (2364) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2364) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2364 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2028 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\CabDB16.tmp | — | |
MD5:— | SHA256:— | |||
2028 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\TarDB17.tmp | — | |
MD5:— | SHA256:— | |||
2028 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE77C.tmp | — | |
MD5:— | SHA256:— | |||
2364 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab30E7.tmp | — | |
MD5:— | SHA256:— | |||
2364 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar30E8.tmp | — | |
MD5:— | SHA256:— | |||
2028 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\ub[1].js | text | |
MD5:7B2EA18D249A8F17AC824B2379257636 | SHA256:146713F310842933DC62D2BED7F0EAAF8A9CF3CDF72FD37610EF51E58378C8DC | |||
2028 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B | der | |
MD5:6E9C56692BCA90D959FB0F4AEFAFF597 | SHA256:833D4926B6A3CA2916AFAA11F15066CFF8E3C469B3BA3713327AE32497317C14 | |||
2028 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623 | binary | |
MD5:54900CB505B4BC9E41F84712BA58EF88 | SHA256:CD07A1230385AE1DDA724327D44A3FCD2BF55C5924133838B88EE95D5CFD1785 | |||
2028 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623 | der | |
MD5:784AD1526D4EA08557704C3DCFEC7AAC | SHA256:C08137794D3B4735C32C4A135823BEE3709C859684BCAFF022DC60B8FEF4B0AB |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2028 | iexplore.exe | GET | 200 | 23.51.123.27:80 | http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGMYDTj7gJd4qdA1oxYY%2BEA%3D | NL | der | 1.71 Kb | shared |
2028 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D | US | der | 471 b | whitelisted |
2028 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2028 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D | US | der | 471 b | whitelisted |
2028 | iexplore.exe | GET | 200 | 23.51.123.27:80 | http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGMYDTj7gJd4qdA1oxYY%2BEA%3D | NL | der | 1.71 Kb | shared |
2364 | iexplore.exe | GET | 200 | 104.18.25.243:80 | http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIGkp0%2Fv9GUvNUu1EP06Tu7%2BChyAQUkZ47RGw9V5xCdyo010%2FRzEqXLNoCExwAFF8jA2u85i8%2FLFYAAAAUXyM%3D | US | der | 1.75 Kb | whitelisted |
2364 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 65.9.68.5:445 | builder-assets.unbounce.com | AT&T Services, Inc. | US | suspicious |
4 | System | 65.9.68.4:445 | builder-assets.unbounce.com | AT&T Services, Inc. | US | unknown |
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
4 | System | 65.9.68.124:445 | builder-assets.unbounce.com | AT&T Services, Inc. | US | suspicious |
4 | System | 65.9.68.108:139 | builder-assets.unbounce.com | AT&T Services, Inc. | US | unknown |
4 | System | 65.9.68.108:445 | builder-assets.unbounce.com | AT&T Services, Inc. | US | unknown |
4 | System | 172.217.10.106:445 | ajax.googleapis.com | Google Inc. | US | whitelisted |
4 | System | 13.225.84.77:445 | d9hhrg4mnvzow.cloudfront.net | — | US | unknown |
2028 | iexplore.exe | 23.51.123.27:80 | s.symcd.com | Akamai Technologies, Inc. | NL | whitelisted |
4 | System | 13.225.84.119:445 | d9hhrg4mnvzow.cloudfront.net | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
builder-assets.unbounce.com |
| shared |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
d34qb8suadcc4g.cloudfront.net |
| whitelisted |
s.symcd.com |
| shared |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
d9hhrg4mnvzow.cloudfront.net |
| shared |
r20swj13mr.microsoft.com |
| whitelisted |