URL: | https://store.wondershare.com/index.php?submod=checkout&method=sku_combine&is_combine=1&sku_id=102000002415&coupon_id=9677¤cy=USD&language=English&verify=5C40E1A8C66167C9656C2C5A3E364B6C&_ga=2.42052844.898665043.1638853095-1649960342.1638853095 |
Full analysis: | https://app.any.run/tasks/909eb5c0-201b-43d8-bcb7-712affbe96d4 |
Verdict: | Malicious activity |
Analysis date: | December 07, 2021, 05:00:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 43F9923D8B65A13CC5B36A0891D7D569 |
SHA1: | 10D6609BE6A12E6607D38F9DD7AA4BB9C6A9E10A |
SHA256: | D6D0CC0F1F067C1F8DCD8913AF56BD5EEE47BDF4C4B76DFC579949AED44E52DC |
SSDEEP: | 6:2cMuShQLGbKbHTLRQy9neMz5QBOBYcNViD61KCBCQaUZI8WLBn:2cMuSsGbKbRQmnTz5yUEXUZpMBn |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1704 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://store.wondershare.com/index.php?submod=checkout&method=sku_combine&is_combine=1&sku_id=102000002415&coupon_id=9677¤cy=USD&language=English&verify=5C40E1A8C66167C9656C2C5A3E364B6C&_ga=2.42052844.898665043.1638853095-1649960342.1638853095" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1592 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1704 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30927655 | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30927655 | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (1704) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1592 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C | der | |
MD5:AA31D4449E3C7CF297B0F45AAD24879E | SHA256:AB5D0144FABC9D659C7579039A1B40D9670F509131AC16706B29998B9E8152F6 | |||
1592 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GNO9W1UY.txt | text | |
MD5:A1D9BFC7B6761456562F1FBC93BBE343 | SHA256:8362F88E65A93C32B8F4881E2D00E3B1B114DDF5C2C339A8E9BBF73A1D217F84 | |||
1592 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | der | |
MD5:64E9B8BB98E2303717538CE259BEC57D | SHA256:76BD459EC8E467EFC3E3FB94CB21B9C77A2AA73C9D4C0F3FAF823677BE756331 | |||
1592 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z97Z5RUY.txt | text | |
MD5:CC451B1C1D3190DD8185A204C82BFAFC | SHA256:4E3021357DBBF29D6C121093BDDD7CD1424D7128ABC3CF83D41C8D8274D6D2FF | |||
1592 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\interfaceacting210923[1].js | text | |
MD5:5513A2331D0D418AA4F6C422D5B36E7B | SHA256:9CE0D940BD20B815F44114296C34CE290E2020A725454C56885543738CE86769 | |||
1592 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:27DD9642931934B08702545086EF6ED3 | SHA256:43AA95C1B818EAAADD0D471A627FB5D8393A6F2C0C7A36F7F46B20008CB56A48 | |||
1592 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C | binary | |
MD5:487CA0185629E7F16E0A3248817C6167 | SHA256:AE37B171466C37A236D6A39A210DA1148DC3E8379F8B25F110F54395D1AEA8FE | |||
1592 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_E5444D45C9FE492ECB6959D959EBD456 | binary | |
MD5:492103B6D85B01641DAF718876FAE213 | SHA256:7880370EEB34F14FD10061ECDE5E5ECD826E711E7FE15B5F1415CD1F2DEE51F6 | |||
1592 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | binary | |
MD5:AF893CD12FED47E650688AA824B7B811 | SHA256:DDE8E273CB1F133674F0185C8C7986B0BA65C70A5EFCA4D11361D4D7C1A2D69E | |||
1592 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\myCart[1].htm | html | |
MD5:B8280AE60DC0789EB007F322E6CB54FB | SHA256:DD5A7475C60D3E6835BB77E6D7ABB20B6511E2ED6DBABEF545FC7390D7FEA1FA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1592 | iexplore.exe | GET | — | 172.217.16.131:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | — | — | whitelisted |
1592 | iexplore.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDC7%2Ft%2BUHf3KPGGIMcA%3D%3D | US | der | 1.46 Kb | whitelisted |
1592 | iexplore.exe | GET | 200 | 172.217.16.131:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCKJpvy9pIOCwoAAAABGVGE | US | der | 724 b | whitelisted |
1592 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
1592 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAFHUz99GLw07%2FICp%2BgZbto%3D | US | der | 471 b | whitelisted |
1592 | iexplore.exe | GET | 200 | 172.217.16.131:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
1592 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
1592 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAyQ1CdVOOqKrvpspqsDmt0%3D | US | der | 471 b | whitelisted |
1704 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
1592 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1592 | iexplore.exe | 142.250.185.131:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
1592 | iexplore.exe | 172.217.16.138:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
1592 | iexplore.exe | 67.26.73.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
1592 | iexplore.exe | 104.111.216.213:443 | aeu.alicdn.com | Akamai International B.V. | NL | whitelisted |
1592 | iexplore.exe | 2.16.186.65:443 | images.wondershare.com | Akamai International B.V. | — | whitelisted |
1592 | iexplore.exe | 47.254.72.199:443 | store.wondershare.com | Alibaba (China) Technology Co., Ltd. | US | unknown |
1592 | iexplore.exe | 157.240.236.1:443 | connect.facebook.net | — | US | unknown |
1592 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1704 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1592 | iexplore.exe | 157.240.27.35:443 | www.facebook.com | Facebook, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
store.wondershare.com |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
status.geotrust.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
aeu.alicdn.com |
| suspicious |
images.wondershare.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .cc TLD |