File name: | [email protected] |
Full analysis: | https://app.any.run/tasks/b0c9bb04-32d5-4c82-9566-d87ee72a8c52 |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 19:32:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 59D49D263BB8BF998CCF010D64B2D400 |
SHA1: | 753B2162098FE4FAD292C945C93410D3EDE0F23F |
SHA256: | D10B1C12359D1D1A8383A74BEC31EA64EC283C133385D1AAE321E23C1B9DFDC2 |
SSDEEP: | 192:IttNuyhY+vKb3Q2sEg50LO3gg+5PprfiMX7XFQ+:mZKrQSg50L3h1JbrXFz |
.html | | | HyperText Markup Language (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1408 | "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\[email protected]" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3644 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
480 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
276 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1400 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:537615 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
888 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:603150 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3844 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:865331 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2680 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\admin\AppData\Local\Temp\foundation.html | C:\Program Files\Google\Chrome\Application\chrome.exe | Explorer.EXE | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 | ||||
560 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e59d988,0x6e59d998,0x6e59d9a4 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 | ||||
2832 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1056,14453187563987345992,15760423622575056817,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1064 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1408 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\V2ICIG8I.txt | text | |
MD5:2E9CE8DC289C601FD59710022684A64C | SHA256:74DCB34B1C4FA573C9D10C120814144A1D36FED2FB89C5C6E115DCCF33D83754 | |||
1408 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\SSVE0A7G.txt | text | |
MD5:DC749FB40AB0EF65E29F9CDB96EB7258 | SHA256:88BB8407C875AAD6DDE49F63778A25D209DB5963B96C2A4EF45F66CD37BC1D8A | |||
1408 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\JC0RX18L.txt | text | |
MD5:EC00C95F37F0650F65C70AC42278CF8D | SHA256:5C4A42E550C3279A045E76369B3890AF4C954A6CEE79D6D14E45A417962F3AE2 | |||
1408 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\JAZVT2RL.txt | text | |
MD5:D0D28710BA920E622FF14F22CBA1C7B0 | SHA256:E94B14C63BD17C14DB157D81278217C974FF5AB3D6E480DE2FCE28E9F529FFFE | |||
1408 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:ACE427D9E2E5197DA2F600C887DCFCB1 | SHA256:9D985EC5E3675B2C7DED4535F7DE2CBE39934D67046E25C3D0466220FAFE9651 | |||
480 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:C3DC6AB8CAFECA75C9FE75141E3AC75B | SHA256:BAB388AFABDC103CE962F9A6492E4F134B9F273BE80237F077D2EAB93AF7B0F4 | |||
1408 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:121D3DAF4FAD9C4659277E1438EDA602 | SHA256:E354C3EC98460596C3F9AE5852527C727C99B32BA440BA4D65922FA148672F5D | |||
480 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:7DF11948760E3DEF68D7FBE2789C1DED | SHA256:C30159BF405507643DD92957FD682EB405C7A78FEBC2982174695EDBB43FD93A | |||
1408 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\B6K3ZC2H.txt | text | |
MD5:69487DFAD8D8BCBA1B04C265326E2627 | SHA256:92550AE11C5DCB0591F945311D31B6B372CE280D00CE8F519A806E565962E737 | |||
1408 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\JDSBVRJ5.txt | text | |
MD5:7D086EAB75C9BBBB9A7B7C5995937E7F | SHA256:CD3F4F8B7D5AB424E31930C2C7C9718DAFC97F3BD8CABDC43DB2736DC4552F58 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1408 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D | US | der | 471 b | whitelisted |
480 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3916 | chrome.exe | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx | US | crx | 242 Kb | whitelisted |
1408 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
480 | iexplore.exe | GET | 200 | 2.16.186.89:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?566a14817dc7f284 | unknown | compressed | 4.70 Kb | whitelisted |
1408 | iexplore.exe | GET | 200 | 2.16.186.89:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6484e3a23877cefd | unknown | compressed | 4.70 Kb | whitelisted |
480 | iexplore.exe | GET | 200 | 2.16.186.56:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8760f8e977f9b8e4 | unknown | compressed | 4.70 Kb | whitelisted |
1408 | iexplore.exe | GET | 200 | 2.16.186.89:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?610a558198955de8 | unknown | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1408 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1408 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1408 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
480 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
480 | iexplore.exe | 13.107.13.80:443 | api.bing.com | Microsoft Corporation | US | whitelisted |
1408 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
480 | iexplore.exe | 2.16.186.89:80 | ctldl.windowsupdate.com | Akamai International B.V. | — | whitelisted |
480 | iexplore.exe | 2.16.186.56:80 | ctldl.windowsupdate.com | Akamai International B.V. | — | whitelisted |
1408 | iexplore.exe | 2.16.186.89:80 | ctldl.windowsupdate.com | Akamai International B.V. | — | whitelisted |
3644 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ieonline.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
www.msn.com |
| whitelisted |
query.prod.cms.msn.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.pw domain - Likely Hostile |