File name: | Truist Payment Advice 70030832 21222.html |
Full analysis: | https://app.any.run/tasks/cb826afb-812e-4d20-a15d-2f66af628798 |
Verdict: | Malicious activity |
Analysis date: | December 05, 2022, 21:13:34 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | ABB22690E736B374E66ECB6B535F6CC0 |
SHA1: | 1F30855149D377C3857C0780815CF31403277DCF |
SHA256: | D0420974D4566C590D492D1DE6BEEC342FEF6FB4912553555D8081C9431B7194 |
SSDEEP: | 768:KYlRjm3CCSjded9qCY8OPjnQwT89D6P+0nFVrw:BlRjm3ChbxHQwTbs |
.html | | | HyperText Markup Language (100) |
---|
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1592 | "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\Truist Payment Advice 70030832 21222.html" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
568 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1592 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3588 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1592 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
568 | iexplore.exe | 104.16.86.20:443 | — | CLOUDFLARENET | — | shared |
568 | iexplore.exe | 104.21.235.181:443 | www.linkpicture.com | CLOUDFLARENET | — | suspicious |
568 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
568 | iexplore.exe | 69.16.175.10:443 | — | STACKPATH-CDN | US | malicious |
1592 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
568 | iexplore.exe | 172.64.155.188:80 | ocsp.comodoca.com | CLOUDFLARENET | US | suspicious |
1592 | iexplore.exe | 13.107.22.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.linkpicture.com |
| suspicious |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |