URL: | https://rplg.co/e4b950a0!* |
Full analysis: | https://app.any.run/tasks/de4880ee-c716-4675-b8e6-f847ab95692d |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 06:08:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 4EC01EC19276C3D3E81F12AB490D2EA0 |
SHA1: | 75B647808B76EA725A89A88288F1907DB70CC7D9 |
SHA256: | D64ADA77470E521037C822C2CD619E6581671D436F4A4B3B7BEA701C00ABB633 |
SSDEEP: | 3:N89IIAEA:29di |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2980 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://rplg.co/e4b950a0!*" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3472 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2980 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3472 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | der | |
MD5:F9F4B75EBF256C8CD508AC88A65AB59E | SHA256:C4141E809B54AE28605701E1EEF282FCC5AF6A6C64EECFB98024E50CFC42CDCF | |||
3472 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FF8D638A335B166BA1D28921ADD23159 | der | |
MD5:E9B01D1A19309B58CB2E1E1195DA2250 | SHA256:DC00857BB4F783CA76537784181C036122C730D0D9CF5597C36E400F09A7C0F7 | |||
3472 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | der | |
MD5:6AEB1C3681CD8858B7C4772AE836108F | SHA256:CAB405CE29F662E1E073DAD7294E24F1069894A2AE7A93F8949F83651AC8FCF6 | |||
3472 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | binary | |
MD5:F8406C8941A5EB9930F5AE4D7635122C | SHA256:47117635E38AE892DB19A4AFD7DA5F5141512E9C3D6FB5D2629C63C24082178C | |||
2980 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:197D5BD6A440BCCE844AACBDFDB977B2 | SHA256:A362D69510B3029859DB1021AE25D622AF6C1828A59247E87A434C0DC33E13FE | |||
3472 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:D2426DD419CB73E9A9608A5DF58C9273 | SHA256:CA2194FC0A8C7E1EB24D2948C6B9F9B5BC5B9689AFBCE48857B1A91504B551CE | |||
3472 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA | |||
3472 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3538626A1FCCCA43C7E18F220BDD9B02 | der | |
MD5:70289A20DA81616E8F17F4525B3BD6E5 | SHA256:15BF6630401629FB11FDC0AB402DE3059104B8F6E99A4C48A9421E10083E9DB9 | |||
3472 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3538626A1FCCCA43C7E18F220BDD9B02 | binary | |
MD5:A07CD0B378D2740713071DFCA24D84C3 | SHA256:73787DE175B8A82B31A7064F37D7430AC95EE879A0551E2B7CE09102D0DDD7FF | |||
3472 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | binary | |
MD5:F80C2858A53C2FF289BFC981E63199DA | SHA256:970FB3C4D79FF1954EBA9F8CF76263EB0207502A9D80E61057E3BA9C44094AF1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3472 | iexplore.exe | GET | 200 | 104.18.32.68:80 | http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEDLthCOb2zPe%2FX6xYzxLmUs%3D | US | der | 471 b | whitelisted |
3472 | iexplore.exe | GET | 200 | 104.18.32.68:80 | http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl | US | der | 978 b | whitelisted |
3472 | iexplore.exe | GET | 200 | 188.114.98.173:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
3472 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?140318e801f81cc6 | US | compressed | 4.70 Kb | whitelisted |
3472 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
3472 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?03afa53da2dc8147 | US | compressed | 4.70 Kb | whitelisted |
2980 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3472 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2980 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3472 | iexplore.exe | 35.238.70.19:443 | rplg.co | — | US | suspicious |
3472 | iexplore.exe | 188.114.98.173:80 | ocsp.comodoca.com | Cloudflare Inc | US | unknown |
2980 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 206.189.52.23:443 | replug.io | — | US | malicious |
3472 | iexplore.exe | 104.18.32.68:80 | ocsp.usertrust.com | Cloudflare Inc | US | suspicious |
3472 | iexplore.exe | 172.64.155.188:80 | ocsp.usertrust.com | — | US | suspicious |
3472 | iexplore.exe | 206.189.52.23:443 | replug.io | — | US | malicious |
— | — | 104.18.32.68:80 | ocsp.usertrust.com | Cloudflare Inc | US | suspicious |
Domain | IP | Reputation |
---|---|---|
rplg.co |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
crl.usertrust.com |
| whitelisted |
ocsp.sectigo.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3472 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3472 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3472 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3472 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |