URL: | https://finecus.atlassian.net |
Full analysis: | https://app.any.run/tasks/3ed41425-450f-4740-acb0-e304b875b12b |
Verdict: | Malicious activity |
Analysis date: | May 21, 2022, 09:49:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 0937075F30A78EE111857BFE012541AA |
SHA1: | F5C69973C295C1AAD9DF16C400850274217DB2E8 |
SHA256: | DC4492ABC1A9425FEC9ED0D3918140998B2BDA29968F4B1996F9D7E387BDC114 |
SSDEEP: | 3:N85qD0:2gg |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1636 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://finecus.atlassian.net" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
912 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1636 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
912 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\runtime-main.3cfcc755[1].js | text | |
MD5:17347BECB19E3BFBACECDAB0599C7233 | SHA256:77BC8929D0A5D3395A05CBD934C98E4A090624251BC37B7BC118CA325E8F0183 | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 | der | |
MD5:EA14882BC25E3D89D7705A3E8B311D7E | SHA256:F348DA10BEF4F6AAC2AF202A368C4032B53447643B6FBEB62030BA083FA96A62 | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | der | |
MD5:4A8C7F6C5AE2A37D5E6CCB1BBC0AF569 | SHA256:7AB918B977BBA5FDFEE3E8E570F1BE8680969932AD717C34A1A736348B7946A9 | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | der | |
MD5:60937BA0E67EE3E021378614EDC8B41C | SHA256:3B339514CB3BDFCA941E2E1F215C9A28143E940D9D060471123E1217E24F22E4 | |||
912 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\F9XLN80J.txt | text | |
MD5:21FE54E601D9515089C15EB1B28A4472 | SHA256:FF55FC45FE0E728C8346C70A9C3718EC4B5511C3C1181A4733FFEDB432599EC7 | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_793EF318C0E0F5E46F41FDC9CDA223AB | der | |
MD5:0945589F08F2E25F31C0860524405D78 | SHA256:D6532ACBE86865C809D478F1A3DCCE7B67FF588D6A6B9C4F680F93E392034959 | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_FC2597002E0869C839C3E6840DBDF145 | binary | |
MD5:1102A3A2E268D4F4DB854A7E58BDE66B | SHA256:7AAD3E5306B10ABB5CE02E6E5462681411FA1E8B9E3CE45C9B50CD4472A85CB2 | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:0F2F0D33E264BBFEF2AB1AA152FE82C3 | SHA256:16CC04CFC83120826A2D089F4C91AE085B0FECB8BA46D45058F6DC555CB5845C | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | binary | |
MD5:7F7A2F0E9A9DF3C1620208888398E2CD | SHA256:C17E4C5546097437ABF84112970F601014C4C8EC51CA595A4289EEAA6F0E350F | |||
912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_FC2597002E0869C839C3E6840DBDF145 | der | |
MD5:5A82CBC273AC182A7A2554E12BB17E4C | SHA256:0C17CC5D1BAF325F2D09EC2D9BD0D916D36B07E09D3E5BC88C0F72C562EF8698 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
912 | iexplore.exe | GET | 200 | 108.138.2.10:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
912 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEAIM2ZSi%2BBypaU%2BEZA11IvE%3D | US | der | 312 b | whitelisted |
912 | iexplore.exe | GET | 200 | 18.66.242.155:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
912 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEAuXd3ahO1T8sGRrjcv7RCI%3D | US | der | 313 b | whitelisted |
912 | iexplore.exe | GET | 200 | 18.66.242.45:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
912 | iexplore.exe | GET | 200 | 142.250.185.131:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
912 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D | US | der | 471 b | whitelisted |
912 | iexplore.exe | GET | 200 | 142.250.185.131:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
912 | iexplore.exe | GET | 200 | 142.250.185.131:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDix8Xecs1REgrrmT3L4YRr | US | der | 472 b | whitelisted |
912 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?da55bedbff9e13b7 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
912 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
912 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
912 | iexplore.exe | 185.166.143.36:443 | finecus.atlassian.net | ATLASSIAN PTY LTD | DE | unknown |
912 | iexplore.exe | 142.250.185.109:443 | accounts.google.com | Google Inc. | US | suspicious |
912 | iexplore.exe | 18.66.242.45:80 | ocsp.rootg2.amazontrust.com | Massachusetts Institute of Technology | US | whitelisted |
912 | iexplore.exe | 108.138.2.10:80 | o.ss2.us | BellSouth.net Inc. | US | unknown |
912 | iexplore.exe | 18.66.242.155:80 | ocsp.rootg2.amazontrust.com | Massachusetts Institute of Technology | US | whitelisted |
912 | iexplore.exe | 185.166.143.25:443 | id.atlassian.com | ATLASSIAN PTY LTD | DE | suspicious |
912 | iexplore.exe | 108.157.4.117:443 | metal.prod.atl-paas.net | — | US | suspicious |
912 | iexplore.exe | 142.250.185.131:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
finecus.atlassian.net |
| suspicious |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
id.atlassian.com |
| shared |
metal.prod.atl-paas.net |
| whitelisted |
aid-frontend.prod.atl-paas.net |
| whitelisted |
o.ss2.us |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
api.bing.com |
| whitelisted |