URL: | https://smex-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsecure%2dweb.cisco.com%2f1IN5tPBBut36NoMoAQ1rs%2do0IRgPI1xrkpGe6sISKEBGx8erKnUvVLJuwPUPLnBB5IaAn6iCF6pni2anShVgo1FSUw%5fQTNOU38Y9REbIXSNylb8v4Ms7f77ARLrKp1MFrkBW%2dB6lhODGXNzRX75YhEoQk0n49ih%5f6nflzD2BtHMc3PB8lNotjbvhkTwC%2dQOKfufpFLhjfAgpSSW1R%2doQip3ZDkt0qcUz68fbsnQ%5fHDRIHdTDKu1BlYpAG%2dPaS5ksWoaJRyWei4I7m2R1PmxwT7yjpBjdqMfGlYLNz9VfT6L49qZqwKwBfcrv1LbqCXH7%2dKx6vM0Q906GQSpygWVyi%2dA%2fhttps%253A%252F%252Furldefense.com%252Fv3%252F%5f%5fhttps%253A%252Fapc01.safelinks.protection.outlook.com%252F%253Furl%253Dhttp%252A3A%252A2F%252A2Fwww.empiricmedia.co.in%252A2F%2526data%253D04%252A7C01%252A7Cmsb%252A40bpl.net%252A7C1dbb2532cc00464ee91d08d97c00ced6%252A7C4da7c811dd004dd48e9f4ec36e00d36f%252A7C1%252A7C0%252A7C637677165362624461%252A7CUnknown%252A7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%252A3D%252A7C1000%2526sdata%253DmS2CtR9pX4RWPS0A%252A2FP%252A2FsiE0H%252A2FshMnW2Lc7XgJjFEI5w%252A3D%2526reserved%253D0%5f%5f%253BJSUlJSUlJSUlJSUlJSUlJSUlJSU%2521%2521N3hqHg43uw%25219Jwkc0AWEFkOQ8UxpWwf9hIqbVmzgA1O2eKiCwT9UnRJL1aMuRUAyt8g855u%2d7Hi9u0tlg%2524&umid=6225f225-132a-49da-acdd-e9906ee490f1&auth=77a7b035285166a4390d2f3296f78c65b32e3c85-505ab78fe2e97a7a1b439a337072a0d0df072687 |
Full analysis: | https://app.any.run/tasks/ef9fbbd6-6bab-4768-a735-ec192d03e46f |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 12:02:47 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 59CE377FAADA4BDD6D664988BCA0AF8B |
SHA1: | 89B65115811DB5DE50C9D5E731DB5CD26728F084 |
SHA256: | E3E5402AC59AAA6F7031BA6E2BBF23773447B47E0EE638884FCFF88E3EA14EE2 |
SSDEEP: | 24:2biDAiGneLWwq+4eXb4qMCOmoHWTGOP74FuhW7Lo2HLJy7Kx:ii//nb4q5OYqOjC/1Oc |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1416 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://smex-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsecure%2dweb.cisco.com%2f1IN5tPBBut36NoMoAQ1rs%2do0IRgPI1xrkpGe6sISKEBGx8erKnUvVLJuwPUPLnBB5IaAn6iCF6pni2anShVgo1FSUw%5fQTNOU38Y9REbIXSNylb8v4Ms7f77ARLrKp1MFrkBW%2dB6lhODGXNzRX75YhEoQk0n49ih%5f6nflzD2BtHMc3PB8lNotjbvhkTwC%2dQOKfufpFLhjfAgpSSW1R%2doQip3ZDkt0qcUz68fbsnQ%5fHDRIHdTDKu1BlYpAG%2dPaS5ksWoaJRyWei4I7m2R1PmxwT7yjpBjdqMfGlYLNz9VfT6L49qZqwKwBfcrv1LbqCXH7%2dKx6vM0Q906GQSpygWVyi%2dA%2fhttps%253A%252F%252Furldefense.com%252Fv3%252F%5f%5fhttps%253A%252Fapc01.safelinks.protection.outlook.com%252F%253Furl%253Dhttp%252A3A%252A2F%252A2Fwww.empiricmedia.co.in%252A2F%2526data%253D04%252A7C01%252A7Cmsb%252A40bpl.net%252A7C1dbb2532cc00464ee91d08d97c00ced6%252A7C4da7c811dd004dd48e9f4ec36e00d36f%252A7C1%252A7C0%252A7C637677165362624461%252A7CUnknown%252A7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%252A3D%252A7C1000%2526sdata%253DmS2CtR9pX4RWPS0A%252A2FP%252A2FsiE0H%252A2FshMnW2Lc7XgJjFEI5w%252A3D%2526reserved%253D0%5f%5f%253BJSUlJSUlJSUlJSUlJSUlJSUlJSU%2521%2521N3hqHg43uw%25219Jwkc0AWEFkOQ8UxpWwf9hIqbVmzgA1O2eKiCwT9UnRJL1aMuRUAyt8g855u%2d7Hi9u0tlg%2524&umid=6225f225-132a-49da-acdd-e9906ee490f1&auth=77a7b035285166a4390d2f3296f78c65b32e3c85-505ab78fe2e97a7a1b439a337072a0d0df072687" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2964 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1416 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_866C50176A5034E1EC2311E8E3D34074 | der | |
MD5:4555913A74F6E88A24C7C507F0879177 | SHA256:E16CF310177430B4EA4AD0067D2F43CA029214E205DE1E4B5FE0B618255C7386 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6CFED4E1A8866BE87BE17622BFB4D726_FBADB8F7FD7B56EE191ACF24A8989D94 | binary | |
MD5:C7D312BD03C0A571FBE3D5BA8996DD5F | SHA256:B9EFC58BD624330C4841D2B928128FEF28654E04477A8B043526425A9946BAA7 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | binary | |
MD5:F565495061C10B0D18E2380421AA8BF7 | SHA256:8F6DAA25856244211458F6FD151B485EC5AB2CAD71AF741340D6C8C6834A412C | |||
1416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:B4A8EF2DC0CBEB6DFE557C91D7D4D4C8 | SHA256:8949BA3089A548EFAF4335E6F5AA11C5D1BA7D9DE43EB57A3035D396B517B816 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3 | binary | |
MD5:47430BDD7F1BCDE9B7D6E0D22E661A17 | SHA256:6E109ABC377936A67D6CA1D2B2AA9CFD2325E6F5A9240563A48671FE61210800 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\263821BCA2CBC5EA0B25012F05788322_41310C887E59D4EB5B8FD9D3DCA2C98D | der | |
MD5:9511CAED9D5BB1CD0D9CF116D95B9E83 | SHA256:F943AB21164C6FEBF7391B6890F4A92E9E4BAEB1D97849D3CEAD8A66BDF0626B | |||
1416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:FE56DE7A8C2A48C593B90C777538C0F9 | SHA256:8984045FD2F93CAC6E19FB6CFF061BC49D329DCE1F33BB79B1C84FD6605CE918 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\263821BCA2CBC5EA0B25012F05788322_41310C887E59D4EB5B8FD9D3DCA2C98D | binary | |
MD5:CF4A5732FE07E55428C21814B8BCFAD5 | SHA256:A051AD1DFD14B0976AD2A87265AA998F3DC72DEB53A223AC71CCCD6B3799A8D5 | |||
1416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
1416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:37D302410753DE2A9C3CCB0E6BFD500C | SHA256:1DC45C4E66764A25F893336E65974A2D3061BB50EBA935DFFA4786F8002702F9 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2964 | iexplore.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D | US | der | 1.40 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D | US | der | 727 b | whitelisted |
2964 | iexplore.exe | GET | 200 | 192.35.177.23:80 | http://commercial.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTQfEOioPd4%2FtCA3%2FhgDklRXB0FwgQU7UQZwNPwBovupHu%2BQucmVMiONnYCEEABbvsKIFz66%2BGPcdc6u3g%3D | US | der | 1.63 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDEW%2BmJUAT2jAp1nrDA%3D%3D | US | der | 1.40 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 104.18.32.68:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
1416 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1416 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 192.35.177.23:80 | http://commercial.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTULRG8NAnkG2vMiFulhUophWOf2gQUibibtp7t%2B7DGvQ3sZ048o5KdLfkCEEABfOt6GkOKldoRYnQ%2BdUA%3D | US | der | 1.46 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 188.114.98.173:80 | http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEBBsbMdZKid6hcZfT6LpnsI%3D | US | der | 471 b | whitelisted |
1416 | iexplore.exe | GET | 200 | 23.216.77.69:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?40a679b8c63fdc7a | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1416 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 192.168.100.2:53 | — | — | — | whitelisted |
1416 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2964 | iexplore.exe | 104.18.21.226:80 | ocsp2.globalsign.com | Cloudflare Inc | US | shared |
1416 | iexplore.exe | 23.216.77.69:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
2964 | iexplore.exe | 8.250.185.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | unknown |
2964 | iexplore.exe | 104.18.20.226:80 | ocsp2.globalsign.com | Cloudflare Inc | US | shared |
2964 | iexplore.exe | 35.82.107.49:443 | smex-ctp.trendmicro.com | Merit Network Inc. | US | unknown |
2964 | iexplore.exe | 8.252.73.126:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
2964 | iexplore.exe | 146.112.255.69:443 | secure-web.cisco.com | OpenDNS, LLC | — | suspicious |
Domain | IP | Reputation |
---|---|---|
smex-ctp.trendmicro.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp2.globalsign.com |
| whitelisted |
ocsp.globalsign.com |
| whitelisted |
secure-web.cisco.com |
| whitelisted |
commercial.ocsp.identrust.com |
| whitelisted |