URL: | https://theync.com/ |
Full analysis: | https://app.any.run/tasks/8a3e7a64-6243-48ce-814b-ba98dc96f1d2 |
Verdict: | Malicious activity |
Analysis date: | July 02, 2021, 19:08:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | D844AF336704FABE4BB905E38CB7E9A2 |
SHA1: | DA61933D5343ECE883E40C572D68AEAC0B2E4DEE |
SHA256: | D44DE781CBFA91C7178CBEA90A6A7EA43A39A5FA4AF6DC194F70F2E8E8599A5E |
SSDEEP: | 3:N8FAcL2:23a |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2252 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://theync.com/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2348 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2252 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3388 | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Integrity Level: MEDIUM Description: Adobe� Flash� Player Installer/Uninstaller 32.0 r0 Version: 32,0,0,453 Modules
|
(PID) Process: | (2252) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2252) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (2252) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30895989 | |||
(PID) Process: | (2252) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (2252) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30895989 | |||
(PID) Process: | (2252) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2252) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2252) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2252) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2252) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2348 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VY96KL0.txt | text | |
MD5:DDDA399225BA3331C5A4084EEC2EDB02 | SHA256:5D8C246A45E0C4F177141DAA5181B0583FBF4F2226C1BB2C857321744F719F6B | |||
2348 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_EA7CC791515F507716D81ACF951FDA2B | der | |
MD5:C6020350BC36AAF01C1A4DF8899AD5D6 | SHA256:510250061C97632AE9CEFE7E94926082C0C390398F1D54BA7EEE91E702938AAC | |||
2348 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:4F914D6A12B48374677859978D3DEF97 | SHA256:EB9AC8C88C0857B9588076073491EEC79F4725AA32BC7AF00C20EF31095D1D68 | |||
2348 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:86755CF8EF975EB9851E0C515D858461 | SHA256:63ED4BCA1D5AC5B1DA4F1AA18D7D3D5D934AA633320973E317C17419CFF05A2E | |||
2348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\OneSignalSDK[1].js | text | |
MD5:9CC5B20EFBBB51FC44F99BEB97C68732 | SHA256:F182ED807D450695CA1B7A46485055753F62953E537375F87ED760DB40B5E944 | |||
2348 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:716B9967C2C8A0CEE555F591365BB26C | SHA256:16EE929DD70D39FFAA274DB0632F5765BF64DB5F039D79D551C26352D814DF48 | |||
2348 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | binary | |
MD5:6A4221FBED9915043A40D2A28BBEDAA8 | SHA256:F860817031B6933F570B6AD5F065A27E4479EF143C058E1C535DDF2976990573 | |||
2348 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:0C7304C4FCAAC5225ED9F1AA9C94242D | SHA256:C1EF6CEEC4C72D81B88661177EDC583F39539E369C5C5020C1EDD61CC44A19ED | |||
2348 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_EA7CC791515F507716D81ACF951FDA2B | binary | |
MD5:009D90A031CB2AAC82D27249A06519CB | SHA256:E9C0946A40B42C4392960D1B2234E5595763A88A3ACE497DE6A5C47CA42AD78E | |||
2348 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\8588660d90ed0dabdf.mp4-9[1].jpg | image | |
MD5:E679CCC9087EBE424A5EF99FB91EAB97 | SHA256:3CEC24238E270451098FB28F804AA6F4510D5763A6B9FC2477CDD9657E924047 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2348 | iexplore.exe | GET | — | 23.45.105.185:80 | http://x1.c.lencr.org/ | NL | — | — | whitelisted |
2348 | iexplore.exe | GET | 200 | 142.250.185.227:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
2252 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2348 | iexplore.exe | GET | 200 | 142.250.185.227:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCn%2BIV%2FaPStiAoAAAAA4GEX | US | der | 472 b | whitelisted |
2348 | iexplore.exe | GET | 200 | 142.250.185.227:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEEv1fo69oyETBQAAAACH6kw%3D | US | der | 471 b | whitelisted |
— | — | GET | 200 | 2.16.186.27:80 | http://crl.identrust.com/DSTROOTCAX3CRL.crl | unknown | der | 1.16 Kb | whitelisted |
2348 | iexplore.exe | GET | 200 | 142.250.185.227:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDAj6AZuIBzdAoAAAAA3JuZ | US | der | 472 b | whitelisted |
2348 | iexplore.exe | GET | 200 | 142.250.185.227:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2348 | iexplore.exe | GET | 200 | 2.16.186.27:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOUHIZh50TgzaVDK%2BLKGJOVLQ%3D%3D | unknown | der | 503 b | shared |
2348 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2348 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2348 | iexplore.exe | 104.18.225.52:443 | cdn.onesignal.com | Cloudflare Inc | US | malicious |
2348 | iexplore.exe | 142.250.186.42:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2348 | iexplore.exe | 172.217.16.138:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
2348 | iexplore.exe | 104.22.34.231:443 | theync.com | Cloudflare Inc | US | unknown |
2348 | iexplore.exe | 104.22.35.231:443 | theync.com | Cloudflare Inc | US | unknown |
2348 | iexplore.exe | 172.217.18.110:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
2348 | iexplore.exe | 2.16.186.27:80 | crl.identrust.com | Akamai International B.V. | — | whitelisted |
2252 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 66.254.122.18:443 | cdn1.traffichaus.com | Reflected Networks, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
theync.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
cdn1.traffichaus.com |
| whitelisted |
cdn.onesignal.com |
| whitelisted |
thumbs.theync.com |
| unknown |