URL: | https://www.business.att.com/industries/manufacturing.html?source=EBBZeqACQ00Wel00E&wtExtndSource=T108202019Bst&LNS=EM_OT_MLT_VTGBLWttB_0819&LinkID=bannerManuf&elqTrackId=91d97ba766284aa9996a918c4a2b980a&elq=baaf10220c14421096576d6de23db18d&elqaid=3560&elqat=1&elqCampaignId=665&elqcst=272&elqcsid=3545 |
Full analysis: | https://app.any.run/tasks/c3750cc2-6254-4481-bad8-9688f7f8630d |
Verdict: | Malicious activity |
Analysis date: | July 12, 2020, 09:57:21 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 7505EB75E8CA4C0014F8E23E708F942E |
SHA1: | 67F6B7FE61240DFFF6AAE76271D5DB5C59628267 |
SHA256: | D37FE15E6A3B05CDC6CFB38F582E1AB9011D6A5A4A5CA088136D0BF162F65016 |
SSDEEP: | 6:2OLwCLtGbYQ5CwUWc/KpusHwnn6H/nkfISCC8mKrRXlqAY+LWDLgxDYQX2:2aLwbYtw08YKQISCC8mARXlnLWXakM2 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2620 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://www.business.att.com/industries/manufacturing.html?source=EBBZeqACQ00Wel00E&wtExtndSource=T108202019Bst&LNS=EM_OT_MLT_VTGBLWttB_0819&LinkID=bannerManuf&elqTrackId=91d97ba766284aa9996a918c4a2b980a&elq=baaf10220c14421096576d6de23db18d&elqaid=3560&elqat=1&elqCampaignId=665&elqcst=272&elqcsid=3545" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2324 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2620 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2324 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabABC2.tmp | — | |
MD5:— | SHA256:— | |||
2324 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarABD3.tmp | — | |
MD5:— | SHA256:— | |||
2324 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y430FQO0.txt | — | |
MD5:— | SHA256:— | |||
2620 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2324 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\detm-container-ftr[1].js | text | |
MD5:8C1B899D417B2A0283AFE21B836DA604 | SHA256:178FAB8F721F7639665EC6EF300452E94387AEE858D14300D1EF5C3D98442A01 | |||
2324 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\clientlibs-jquery.min[1].js | text | |
MD5:01F260E90627A442694D2CAA80CA9829 | SHA256:E25EFF5325916218CCB5703420FDB590286DF2F830A2E30E3AF7E99E864791DC | |||
2324 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\clientlibs-insights-container-page.min[1].js | text | |
MD5:D89458277C6D7A80403DC41D393F820C | SHA256:EF6276F247E7B863DA6493F1065DFD46AC1DD5A2C620DA44CA5FE229068CD43B | |||
2324 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C | binary | |
MD5:45A49292D2928B83F8A6111D67AEE2FD | SHA256:0E13E7EFBA7A320F7741F1F65528A8D06F7917ABEA5250C78D2563241B58EB79 | |||
2324 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | binary | |
MD5:A5BEFD7EDC4CE49A8CFBAA116604A306 | SHA256:A79915F989FDC4F467EEFFC7FC2E3A716A7724C74A6ECCD4BB6C1D30E2793EB1 | |||
2324 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\detm-container-hdr[1].js | text | |
MD5:D6DB5F95CBBEA73885248955D2EA35E3 | SHA256:0EC515C4A78B150FFE85C20ABE0E36A5D57B6BA142E398FE824653FF0D51BD66 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2324 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2324 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2324 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2620 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2324 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCED4r%2FOxfZt%2BRCAAAAABH74c%3D | US | der | 471 b | whitelisted |
2324 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEH4Q2QH3rAPNCAAAAABH744%3D | US | der | 471 b | whitelisted |
2324 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEBzaDxa68rqhAgAAAABvB7Y%3D | US | der | 471 b | whitelisted |
2324 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEBzaDxa68rqhAgAAAABvB7Y%3D | US | der | 471 b | whitelisted |
2324 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEAar2mu0dHehCAAAAABH74o%3D | US | der | 471 b | whitelisted |
2324 | iexplore.exe | GET | 200 | 216.58.207.67:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEAar2mu0dHehCAAAAABH74o%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2324 | iexplore.exe | 84.53.165.28:443 | www.business.att.com | Akamai Technologies, Inc. | US | unknown |
2324 | iexplore.exe | 104.111.216.57:443 | www.att.com | Akamai International B.V. | NL | whitelisted |
2324 | iexplore.exe | 34.243.136.226:443 | dpm.demdex.net | Amazon.com, Inc. | IE | unknown |
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2324 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 34.243.136.226:443 | dpm.demdex.net | Amazon.com, Inc. | IE | unknown |
2324 | iexplore.exe | 172.217.18.102:443 | fls.doubleclick.net | Google Inc. | US | suspicious |
— | — | 172.217.18.110:443 | www.youtube.com | Google Inc. | US | whitelisted |
2324 | iexplore.exe | 172.217.22.34:443 | www.googleadservices.com | Google Inc. | US | whitelisted |
2324 | iexplore.exe | 172.217.18.110:443 | www.youtube.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.business.att.com |
| suspicious |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.att.com |
| suspicious |
dpm.demdex.net |
| whitelisted |
fls.doubleclick.net |
| whitelisted |
www.youtube.com |
| whitelisted |
customer.cludo.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |