URL: | http://rftech.custhelp.com/app/answers/detail/a_id/63/~/how-do-speakers-get-blown%3F-why-do-they-sound-distorted%3F |
Full analysis: | https://app.any.run/tasks/182606a5-bf1d-496c-b087-af75cf0c9de6 |
Verdict: | Malicious activity |
Analysis date: | April 01, 2023, 05:59:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 2264F131ED10C1A8AC716254155C1531 |
SHA1: | 92027DBC470BFE8CF55F522314C4818BAD956699 |
SHA256: | DF10145AB2E50888D63BD1D155157F8CA59E0B2E10AFAB14810356B577EEDCF8 |
SSDEEP: | 3:N1KMNA3ud3oaAvJSAeCaWqnFJvZcI8s5INe622Akn:CMNYud3mRSkGF9iI8KINe6BPn |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2744 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://rftech.custhelp.com/app/answers/detail/a_id/63/~/how-do-speakers-get-blown%3F-why-do-they-sound-distorted%3F" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3108 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2744 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (2744) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 0 | |||
(PID) Process: | (2744) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30847387 | |||
(PID) Process: | (2744) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30847437 | |||
(PID) Process: | (2744) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2744) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2744) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2744) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (2744) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (2744) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (2744) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3108 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | der | |
MD5:21ED9CA0F4579A63723066FAB3CDB1E9 | SHA256:818A6653F6011A83D251998208826644FE68D228A739C87EC14E470E10817889 | |||
3108 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:E207B00E0A43D4A5EB483F4653A37695 | SHA256:C9781812B074B52E52C4F33872C1F52227300486D0CC8A2E076B74D3EDA977A2 | |||
3108 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\detail.themes.standard[1].css | text | |
MD5:70D527065376B70492E008C4943518E6 | SHA256:393F77C12B20B4BFE1D87DEFE6D5FEFFF09CD5A3A691668205310CBC61DBD7B6 | |||
3108 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_4E801842C65A05B32894AA44728A63C4 | der | |
MD5:A696094DDD713C86F344C6FD32F11F14 | SHA256:7A237E02F1144B5A546FE94E4A61B1BE58C2FB3B8FF2E8AA87E5AAC1212C0521 | |||
3108 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\standard.themes.standard.SITE[1].css | text | |
MD5:92B65AA5604FDFBD86ABFB19A044585D | SHA256:FBA73E62E187D97261B6A3CE9514852F5D6CA2E4A2AA3ACBAD1D7C9732543124 | |||
3108 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\answerid_63-a[1].htm | html | |
MD5:CED597F73574D1A28D11C904ABCCB09E | SHA256:5E0D3EB4706CB1A0DD034812266BC69DDD22593B48EEF619C0CED098E20C40D9 | |||
3108 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | binary | |
MD5:F21CACBC9AB42B32BF8F0B85559BD437 | SHA256:C1A418D4F9BB7B3AD61AAC2EA91F378FA9E7CEAAD5CF0A4DA7F1EABB5D68EDF6 | |||
3108 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_4E801842C65A05B32894AA44728A63C4 | binary | |
MD5:590ECFEF1A07D1B1E3F7914895710EB0 | SHA256:FC9FC63814E9DCB30E1213108290CEBF8AD6C6E9FC9BC9F7B4F74E4BC6A00FF1 | |||
3108 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\how-do-speakers-get-blown_-why-do-they-sound-distorted_[1].htm | html | |
MD5:C859539E91667A229F54F089DC838AB7 | SHA256:6F27C7457DD454779E39DF3B1C83A0F9C6FFC4293F4B004D889D63A9E19BBF28 | |||
3108 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\answerid_63-b[1].htm | html | |
MD5:D875974F001B8647177B46033251178D | SHA256:A1AB444BAAF6C111C2B2731F16608FCFDE21455A6B2586EDC34B80C7E0486E79 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3108 | iexplore.exe | GET | 301 | 147.154.16.196:80 | http://rftech.custhelp.com/app/answers/detail/a_id/63/~/how-do-speakers-get-blown%3F-why-do-they-sound-distorted%3F | US | — | — | suspicious |
3108 | iexplore.exe | GET | 301 | 172.66.42.238:80 | http://rockfordfosgate.com/rnt/rnw/docs/63/answerid_63-b.jpg | US | html | 548 b | whitelisted |
3108 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
3108 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAOouRkHnj79Qf7CLZzMA54%3D | US | der | 471 b | whitelisted |
3108 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3108 | iexplore.exe | GET | 301 | 172.66.42.238:80 | http://www.rockfordfosgate.com/rnt/rnw/docs/63/answerid_63-b.jpg | US | html | 548 b | suspicious |
3108 | iexplore.exe | GET | 301 | 172.66.42.238:80 | http://rockfordfosgate.com/rnt/rnw/docs/63/answerid_63-a.jpg | US | html | 548 b | whitelisted |
3108 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAJm2rSFQJYKsCIt47N8dcg%3D | US | der | 471 b | whitelisted |
3108 | iexplore.exe | GET | 301 | 172.66.42.238:80 | http://www.rockfordfosgate.com/rnt/rnw/docs/63/answerid_63-a.jpg | US | html | 548 b | suspicious |
3108 | iexplore.exe | GET | 200 | 8.238.33.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?405ee83d6c2ae9ac | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3108 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
3108 | iexplore.exe | 172.66.42.238:80 | www.rockfordfosgate.com | CLOUDFLARENET | US | suspicious |
3108 | iexplore.exe | 147.154.16.196:443 | rftech.custhelp.com | ORACLE-BMC-31898 | US | unknown |
3108 | iexplore.exe | 8.238.33.254:80 | ctldl.windowsupdate.com | LEVEL3 | US | suspicious |
3108 | iexplore.exe | 147.154.16.196:80 | rftech.custhelp.com | ORACLE-BMC-31898 | US | unknown |
3108 | iexplore.exe | 147.154.45.247:443 | rftech.widget.custhelp.com | ORACLE-BMC-31898 | US | unknown |
3108 | iexplore.exe | 172.66.42.238:443 | www.rockfordfosgate.com | CLOUDFLARENET | US | suspicious |
3108 | iexplore.exe | 23.37.40.225:443 | www.rnengage.com | AKAMAI-AS | DE | suspicious |
2744 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
2744 | iexplore.exe | 147.154.16.196:443 | rftech.custhelp.com | ORACLE-BMC-31898 | US | unknown |
Domain | IP | Reputation |
---|---|---|
rftech.custhelp.com |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.rockfordfosgate.com |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
rockfordfosgate.com |
| whitelisted |
rftech.widget.custhelp.com |
| unknown |
www.rnengage.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3108 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3108 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3108 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3108 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3108 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3108 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3108 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
3108 | iexplore.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |