URL: | http://tracking.getupeduwebinars.com/tracking/click?d=izPinQ4jDrirfgCSJgdGcAtglGOAeyWL1z9vqdnaD-sb_-4wpkdZzVvsS5Tyr600pLr7kJX3kAemsO8ODCisgtYc1yUjT2aOq6gAZ5kbYDSHjOhYZd_-CtmRpi89D4GTDrTrd9YbGndWxBAAwqG_f2DL_zTaaGe-yJ8B3mQOMiIKinaO9vjn_4vuCBo28wZ6pWxom2WJsknhWvIapZNS6as1 |
Full analysis: | https://app.any.run/tasks/3cfba024-6465-419a-8c1f-3f8d405d12d1 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 14:58:12 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | F1EEFCC2C6250AB467A4FF8AB75EB61F |
SHA1: | 7477E2B461F1A6DD6CC935CB8EA62EF7E58203AC |
SHA256: | DF975CF10D0BE5BA7F11B4EBE5BDFA091A85A2F1E972EA046359C76FB381915B |
SSDEEP: | 6:CKXvB6ZGhGEu9bBUBGNVUfj/4VMTqZwi9QMXyGt:/vBUvE2bBYGNyL/hihdXy6 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2596 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://tracking.getupeduwebinars.com/tracking/click?d=izPinQ4jDrirfgCSJgdGcAtglGOAeyWL1z9vqdnaD-sb_-4wpkdZzVvsS5Tyr600pLr7kJX3kAemsO8ODCisgtYc1yUjT2aOq6gAZ5kbYDSHjOhYZd_-CtmRpi89D4GTDrTrd9YbGndWxBAAwqG_f2DL_zTaaGe-yJ8B3mQOMiIKinaO9vjn_4vuCBo28wZ6pWxom2WJsknhWvIapZNS6as1" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2924 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2596 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:B4C37ACE2202546B7D713A12D853A0A0 | SHA256:638FEDC4134EBF807ED2B35A69644C0730AF6F12048D0BA2C5E335C45AB2F302 | |||
2924 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab679C.tmp | compressed | |
MD5:589C442FC7A0C70DCA927115A700D41E | SHA256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A | |||
2924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:589C442FC7A0C70DCA927115A700D41E | SHA256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A | |||
2924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6A0EFD9E80D62EDACC8E9D39B79BC394 | der | |
MD5:FE1E1750C102801266B6C1018A67A63F | SHA256:B522FA1C955BEEF3928CF28628A9DB0465202CC6D419C774D4318F94A4E9484B | |||
2924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6A0EFD9E80D62EDACC8E9D39B79BC394 | binary | |
MD5:3B9181B636937F350FBA747D821D6B5A | SHA256:11575A56A5FF9B116BD7C1205364DC9F34944425F1679781E49C84D3BB7171C7 | |||
2924 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar679D.tmp | cat | |
MD5:7EE994C83F2744D702CBA18693ED1758 | SHA256:5DB917AB6DC8A42A43617850DFBE2C7F26A7F810B229B349E9DD2A2D615671D2 | |||
2924 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab677B.tmp | compressed | |
MD5:589C442FC7A0C70DCA927115A700D41E | SHA256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A | |||
2596 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:CB8F9C0C447B0D7F093F746050271E4D | SHA256:614095FFEB95D45FB650216BF49B3C9A4FB82C6CE7666C1C0195BBCC83A77BDD | |||
2924 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\Multi-State-Taxation-in-a-Remote-Work-Environment[1].htm | html | |
MD5:D0F14AE0F06D86925EEFD6728848E97F | SHA256:0C7CD0BB8EC31ECE929C4CF24111B199BD051CDD2498C913EAD41C5AF6DF9F1E | |||
2924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | compressed | |
MD5:F7DCB24540769805E5BB30D193944DCE | SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2924 | iexplore.exe | GET | 302 | 94.23.161.19:80 | http://tracking.getupeduwebinars.com/tracking/click?d=izPinQ4jDrirfgCSJgdGcAtglGOAeyWL1z9vqdnaD-sb_-4wpkdZzVvsS5Tyr600pLr7kJX3kAemsO8ODCisgtYc1yUjT2aOq6gAZ5kbYDSHjOhYZd_-CtmRpi89D4GTDrTrd9YbGndWxBAAwqG_f2DL_zTaaGe-yJ8B3mQOMiIKinaO9vjn_4vuCBo28wZ6pWxom2WJsknhWvIapZNS6as1 | DE | html | 203 b | suspicious |
2924 | iexplore.exe | GET | 200 | 8.248.133.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e23a1cf438697d91 | US | compressed | 60.2 Kb | whitelisted |
2924 | iexplore.exe | GET | 200 | 108.138.2.195:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
2924 | iexplore.exe | GET | 200 | 8.248.133.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?1d8a5ba8761f8927 | US | compressed | 60.2 Kb | whitelisted |
2924 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
2924 | iexplore.exe | GET | 200 | 184.24.77.82:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRfevZMOZPx3B1Jbre05fWAJQ%3D%3D | US | der | 503 b | shared |
2924 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDGaM9nfILxSxIGz%2Bm2TRwQ | US | der | 472 b | whitelisted |
2596 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
2924 | iexplore.exe | GET | 200 | 8.248.133.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f443ad68667e6b58 | US | compressed | 4.70 Kb | whitelisted |
2924 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC7KoDMFPzdvBICsqCGvR0X | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2596 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2924 | iexplore.exe | 8.248.133.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | malicious |
2924 | iexplore.exe | 94.23.161.19:80 | tracking.getupeduwebinars.com | OVH SAS | DE | suspicious |
2924 | iexplore.exe | 96.16.145.230:80 | x1.c.lencr.org | Akamai Technologies, Inc. | US | suspicious |
2924 | iexplore.exe | 173.255.235.72:443 | getupeducator.com | Linode, LLC | US | unknown |
2924 | iexplore.exe | 184.24.77.82:80 | r3.o.lencr.org | Time Warner Cable Internet LLC | US | unknown |
2596 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2596 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2924 | iexplore.exe | 142.250.185.100:443 | www.google.com | Google Inc. | US | whitelisted |
2924 | iexplore.exe | 142.250.186.138:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
tracking.getupeduwebinars.com |
| suspicious |
getupeducator.com |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
r3.o.lencr.org |
| shared |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |