URL: | https://click.pstmrk.it/3s/www.bigbox.cl*2Fcontacto*2Ffaq*2F/nlhf/7kmsAQ/AQ/bd3a9785-7237-4a8f-99f1-66c6bae51f62/2/HoICqDJ-9H__;JSUl!!P110LumUDw!9fIbllSUc3ene6y-dseQ1jkppAZF1sN3Abz3zH34y1S9tHge7btQpMXTqBzj5ZthpSRjDa5QiPCOHI7cQg$ |
Full analysis: | https://app.any.run/tasks/71466f92-eff8-4fe9-ad76-ab5873a40ee0 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2023, 20:05:16 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | BFEF8F1EA0316717484536D2DEBD1C67 |
SHA1: | C9486102EA5DC92034F548D9F843C40CC1FDB2FE |
SHA256: | E5387D49857E6A6E4E580A7506EBE371BC488E833803C1A268D1D343BA02A360 |
SSDEEP: | 6:2UEVN4sE/ihmBIdVYoRxXWMQfoqZEQ1srj:2UxrN2YM+6Qcj |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2700 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://click.pstmrk.it/3s/www.bigbox.cl*2Fcontacto*2Ffaq*2F/nlhf/7kmsAQ/AQ/bd3a9785-7237-4a8f-99f1-66c6bae51f62/2/HoICqDJ-9H__;JSUl!!P110LumUDw!9fIbllSUc3ene6y-dseQ1jkppAZF1sN3Abz3zH34y1S9tHge7btQpMXTqBzj5ZthpSRjDa5QiPCOHI7cQgf7f81a39-5f63-5b42-9efd-1f13b5431005quot; | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3220 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2700 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (2700) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 0 | |||
(PID) Process: | (2700) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30847387 | |||
(PID) Process: | (2700) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30847437 | |||
(PID) Process: | (2700) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2700) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2700) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2700) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (2700) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (2700) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (2700) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8 | binary | |
MD5:38FE68C08B9AA1A42A9245386628E498 | SHA256:3A789F48808AE98C05437E6511E9110B926EF7FD2D3C3D1AB08A92A557A68B69 | |||
3220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | der | |
MD5:7C242CEAAE0CBFAF314B9818E43F0F18 | SHA256:DB32B108184CE977EA08CD56BC282D83E3F53ED580CF5FA9FC11CC8BD9F09A57 | |||
3220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_B06F0A16F926E989E323DC26008BF4E6 | der | |
MD5:F974B6C962572584EC01B374FB4C0181 | SHA256:7F00432043CE943AE77784D64808969E98DF4E25419D3F8F2743A0C6A5F61758 | |||
3220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 | der | |
MD5:934BC897356C395BE4CF9CA8A967D4CF | SHA256:FE4094EB5E79F1B991ED3949E9C0B1681DD93D6BB0A5E96EBF269EF62D7D1427 | |||
3220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:9AFDD521582FC78FC96F14558B6F096D | SHA256:9610B2544C7ECD06F4BBA887CEF070ABD120B9A4628B2E9C1F7ADAD917DA18AC | |||
2700 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{5D2A45DB-CFFF-11ED-94DF-12A9866C77DE}.dat | binary | |
MD5:21370C59A5A53629D06DBE9CBCCD0102 | SHA256:36C16D7002D8FE51C2423C35BFBCD1F4920617A1C94AB5A57C0454B1CF17DBC5 | |||
3220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 | binary | |
MD5:45BB6980C9601486D9253338AEADCE08 | SHA256:7C9C2F1291556FE891B2DD079E574B636252FFEB7A90272AD82AEE5B9B3F3240 | |||
3220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_B06F0A16F926E989E323DC26008BF4E6 | binary | |
MD5:8C23B5B8ECE35690EAD1D24518FC41F6 | SHA256:61687BB31EA785E8D18D1FBC76563AA92BDD97F87020B14764AF2F94CBA1C3FC | |||
2700 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{66B3ADD8-CFFF-11ED-94DF-12A9866C77DE}.dat | binary | |
MD5:2419C949E68861B154363FB0F2C9ACC1 | SHA256:4123910910D56443ED877E29510E97B0280A79D6C1A7400744EFC0A2D09AAFE2 | |||
3220 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | binary | |
MD5:3C5CAF755BEC763B876B90692DEF6209 | SHA256:D715646B5E4374D079EF5D02EF6C6FE48A781F9D288D2F60365978403EAD79AD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3220 | iexplore.exe | GET | 200 | 108.138.2.195:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
3220 | iexplore.exe | GET | 200 | 52.222.250.42:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D | US | der | 1.39 Kb | shared |
2700 | iexplore.exe | GET | — | 192.229.221.95:80 | http://crl3.digicert.com/Omniroot2025.crl | US | — | — | whitelisted |
3220 | iexplore.exe | GET | 200 | 13.249.12.60:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
3220 | iexplore.exe | GET | 200 | 13.224.192.222:80 | http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAG7P22uxKz8mz98OkAv2ag%3D | US | der | 471 b | whitelisted |
3220 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ce6002017abddbbd | US | compressed | 4.70 Kb | whitelisted |
2700 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2700 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3220 | iexplore.exe | 52.16.168.161:443 | — | AMAZON-02 | IE | unknown |
— | — | 63.35.18.113:443 | — | AMAZON-02 | IE | unknown |
3220 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
2700 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
2700 | iexplore.exe | 13.107.21.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3220 | iexplore.exe | 108.138.2.195:80 | o.ss2.us | AMAZON-02 | US | unknown |
3220 | iexplore.exe | 52.222.250.42:80 | ocsp.rootca1.amazontrust.com | AMAZON-02 | US | whitelisted |
3220 | iexplore.exe | 13.224.192.222:80 | ocsp.r2m01.amazontrust.com | AMAZON-02 | US | unknown |
3220 | iexplore.exe | 13.249.12.60:80 | ocsp.rootg2.amazontrust.com | AMAZON-02 | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
o.ss2.us |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
ocsp.r2m01.amazontrust.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |