URL: | https://t.ly/_5qZ/ |
Full analysis: | https://app.any.run/tasks/b6ac59db-a72f-49e8-b5b7-f6974afa6269 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 12:43:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | AECD20BF1AE4CE7B68837B508669ED56 |
SHA1: | 3BA49A872AF40C111FE523BDE6DA91A303AB70B4 |
SHA256: | C669F0761FA2FBE55FA2A623B7B3FF9D1B9963B355B8F7F4E072F21741248165 |
SSDEEP: | 3:N8D5Q/Kn:2tQ/Kn |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2764 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://t.ly/_5qZ/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2924 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2764 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:45E6E82EA8BA8492C75383D1D298476F | SHA256:0C6BADACA8A697282EAD6F769E59E7A866F410359AD63B72E7EFBA08E3366F1A | |||
2924 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab85DB.tmp | compressed | |
MD5:308336E7F515478969B24C13DED11EDE | SHA256:889B832323726A9F10AD03F85562048FDCFE20C9FF6F9D37412CF477B4E92FF9 | |||
2764 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
2924 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2G4KY4E.txt | text | |
MD5:81B303F9AE72291E182072216814234B | SHA256:C2143D6D309A98817C27EDCBA4E801E12B04C0536C4A71AB963A226D92A40E80 | |||
2924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:3D443463BF8C31CF2D200FEC31C933FC | SHA256:75382C90C885204F0227E1655ACD2B809F7AB1FFA0242CD7CD28B1C12EE9DDA7 | |||
2924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EFC26C9D3B591EAF223E88F0B15645AF | der | |
MD5:0B9539B6F2292F96429C1F238CFF59FA | SHA256:7996919271A476768A98779C59E52678E105240E57C07485798CCDC662BD718E | |||
2924 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\RX5EOXHW.txt | text | |
MD5:593FCD6084787926A3EFB2014EB36381 | SHA256:FECAA91B0C2F692D4C6F04E34C9D31E7922D23AF97F6D7ABA207800CF90F1AAF | |||
2924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:308336E7F515478969B24C13DED11EDE | SHA256:889B832323726A9F10AD03F85562048FDCFE20C9FF6F9D37412CF477B4E92FF9 | |||
2764 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:5AE6E2DC4BCB4EC67B0ECAC17B5AA297 | SHA256:AB8A138607974727926A00662D6217A5D54E58FA0E9EC4712719603CD5F0F8BA | |||
2924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F | der | |
MD5:DF6DEECBA36F8D0AF53EAFA9C51AB1F7 | SHA256:60D1053BDE5FBCA23ED8976F1EABAEE9C4BB459D9C997E5A76BB2182EE916D98 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2924 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
2764 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2924 | iexplore.exe | GET | 200 | 8.252.73.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?24f056ead05b76ad | US | compressed | 60.0 Kb | whitelisted |
2924 | iexplore.exe | GET | 200 | 8.252.73.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0f56b02e2d74dc41 | US | compressed | 60.0 Kb | whitelisted |
2764 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2924 | iexplore.exe | GET | 200 | 92.123.224.235:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQn5PlIQ%2BbaXWE%2Fawr%2BmmaYEA%3D%3D | unknown | der | 503 b | shared |
2924 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
2924 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEArEUKwX8I4ZIpOYKXd%2B%2FBg%3D | US | der | 471 b | whitelisted |
2924 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0tOcjGcdlkhVARHvHzj6Qwhh26wQUpI3lvnx55HAjbS4pNK0jWNz1MX8CEAFHNNUpDP%2BL7ji3wrZelLo%3D | US | der | 471 b | whitelisted |
2924 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAeYNgOt45kIIZygDCe8imw%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2764 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2764 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2924 | iexplore.exe | 8.252.73.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
2924 | iexplore.exe | 172.67.135.215:443 | t.ly | — | US | unknown |
2924 | iexplore.exe | 5.188.196.193:443 | smartdrivinglabs.com | Petersburg Internet Network ltd. | NL | unknown |
2924 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2924 | iexplore.exe | 96.16.145.230:80 | x1.c.lencr.org | Akamai Technologies, Inc. | US | suspicious |
2924 | iexplore.exe | 104.17.25.14:443 | cdnjs.cloudflare.com | Cloudflare Inc | US | suspicious |
2924 | iexplore.exe | 113.108.231.116:443 | blog.kungfuenglish.com | CHINANET Guangdong province network | CN | unknown |
2924 | iexplore.exe | 161.190.1.97:443 | onlinebanking.bancogalicia.com.ar | Banco de Galicia y Buenos Aires | AR | unknown |
Domain | IP | Reputation |
---|---|---|
t.ly |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
smartdrivinglabs.com |
| unknown |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |
blog.kungfuenglish.com |
| unknown |