URL: | https://meetmarigold.zoom.us/j/91402417282 |
Full analysis: | https://app.any.run/tasks/6bba3c59-a15b-4e9b-836f-f686c7408444 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2023, 20:37:12 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 64 bit) |
Indicators: | |
MD5: | D6EEC338FEFE3774C086E39A2CD3F0E0 |
SHA1: | 65249406F0790F3BADFD7D8E8E18EE086A151381 |
SHA256: | DDCD8859A051354B48B3729A3F535F8E82CCF3F01EE4C95C89FB62E52592993F |
SSDEEP: | 3:N8YYp3NiLXdX:2YgijdX |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1732 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://meetmarigold.zoom.us/j/91402417282" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1752 | "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:267521 /prefetch:2 | C:\Program Files (x86)\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2768 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2U1WPAC\Zoom_cm_frkkwrsu5xv8bZ9vvrZo4_mDvtsMMyCn+wuGIRxXuGQOlgJpp+niYWx9mPW@DuhKnhdTL6GaXfuj_kd46be2e3a15876bd_.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2U1WPAC\Zoom_cm_frkkwrsu5xv8bZ9vvrZo4_mDvtsMMyCn+wuGIRxXuGQOlgJpp+niYWx9mPW@DuhKnhdTL6GaXfuj_kd46be2e3a15876bd_.exe | iexplore.exe | ||||||||||||
User: admin Company: Zoom Video Communications, Inc. Integrity Level: MEDIUM Description: Zoom Opener Version: 5,10,3,4851 Modules
|
(PID) Process: | (1732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 3 | |||
(PID) Process: | (1732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: 659226608 | |||
(PID) Process: | (1732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30902802 | |||
(PID) Process: | (1732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 959230748 | |||
(PID) Process: | (1732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30902802 | |||
(PID) Process: | (1732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (1732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (1732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (1732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (1732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 460000008B000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1752 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ADNKYPOE.txt | text | |
MD5:332015FB7E8BFA2F85FF554229EE98EA | SHA256:DC6119C556DCB164E3EE06FC3741C4D1C02E90F6A5D402D94B3DCA6596D09CE4 | |||
1752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\91402417282[1].htm | html | |
MD5:461B52DAE874C0E8FA49F6B3EDDA08EF | SHA256:F98BA57011999261327168B43F0BD926DFDF8E7C768071A2ADF9A5D8316D67DE | |||
1752 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\A80DPWVW.txt | text | |
MD5:75FA83A55A0F39B9DD39E63EFF8AB277 | SHA256:8DACBE62E34AF03E5D5945B9944BAC78B1B4C3272E26F4C0087955EBAB5D330C | |||
1752 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\7GF3MDB8.txt | text | |
MD5:0DF54E8C878DE333EF79168FE2F2CCBA | SHA256:98D94C0323EFAE61C160AFFC18A82D087CFB77F9290FEFEA03247E4EC05846EF | |||
1752 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SLRNP3YJ.txt | text | |
MD5:3E2F1AD7FCCD7F2FB90A94E6A0AE7ED1 | SHA256:1012AECE3FE699662C2456B939427AEF2885025B02615750E3FBBD4026541DC2 | |||
1752 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\38B5GPAW.txt | text | |
MD5:B278935528473C6BA8241643BC5A3627 | SHA256:5AF43D8F1D346B3A6CB6963F5664C372332494D1645DA0A33AE99B415F39F6CF | |||
1752 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Z1826EE.txt | text | |
MD5:545EA85CB77C2F5445F9EAF814FCFC24 | SHA256:4B6430080535B4D2C3F8F613088225831608F19520F4CECA067FF16461207705 | |||
1752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\meeting.63c5f21c827d535767da[1].js | text | |
MD5:E37C4B788EE938CC63A3E61A3FB0F2B4 | SHA256:75365276F06FE70EC3750D91D986BBE0699560844F1A106C3C8EC5B5568D2436 | |||
1732 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDW1XBVN\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
1732 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDW1XBVN\favicon[2].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1752 | iexplore.exe | 170.114.52.2:443 | meetmarigold.zoom.us | — | US | suspicious |
1752 | iexplore.exe | 18.66.130.242:443 | st3.zoom.us | AMAZON-02 | US | unknown |
— | — | 18.66.147.60:443 | static.ada.support | AMAZON-02 | US | suspicious |
— | — | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
— | — | 18.66.130.242:443 | st3.zoom.us | AMAZON-02 | US | unknown |
— | — | 34.98.108.207:443 | cdn.solvvy.com | GOOGLE | US | unknown |
2768 | Zoom_cm_frkkwrsu5xv8bZ9vvrZo4_mDvtsMMyCn+wuGIRxXuGQOlgJpp+niYWx9mPW@DuhKnhdTL6GaXfuj_kd46be2e3a15876bd_.exe | 170.114.52.2:443 | meetmarigold.zoom.us | — | US | suspicious |
— | — | 54.227.249.145:443 | log-gateway.zoom.us | AMAZON-AES | US | unknown |
1732 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
1752 | iexplore.exe | 18.66.147.95:443 | static.ada.support | AMAZON-02 | US | suspicious |
Domain | IP | Reputation |
---|---|---|
meetmarigold.zoom.us |
| suspicious |
static.ada.support |
| whitelisted |
cdn.solvvy.com |
| shared |
st3.zoom.us |
| whitelisted |
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |
st1.zoom.us |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
log-gateway.zoom.us |
| unknown |
cdn.cookielaw.org |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
1752 | iexplore.exe | Unknown Traffic | ET JA3 Hash - [Abuse.ch] Possible Tofsee |
1752 | iexplore.exe | Unknown Traffic | ET JA3 Hash - [Abuse.ch] Possible Tofsee |
1752 | iexplore.exe | Unknown Traffic | ET JA3 Hash - [Abuse.ch] Possible Tofsee |
1752 | iexplore.exe | Unknown Traffic | ET JA3 Hash - [Abuse.ch] Possible Tofsee |
1752 | iexplore.exe | Unknown Traffic | ET JA3 Hash - [Abuse.ch] Possible Tofsee |
1752 | iexplore.exe | Unknown Traffic | ET JA3 Hash - [Abuse.ch] Possible Tofsee |
1752 | iexplore.exe | Unknown Traffic | ET JA3 Hash - [Abuse.ch] Possible Tofsee |
1752 | iexplore.exe | Unknown Traffic | ET JA3 Hash - [Abuse.ch] Possible Tofsee |
1732 | iexplore.exe | Unknown Traffic | ET JA3 Hash - [Abuse.ch] Possible Tofsee |
1732 | iexplore.exe | Unknown Traffic | ET JA3 Hash - [Abuse.ch] Possible Tofsee |