URL: | https://docs.google.com/forms/d/12dhhD-BvN-fdHHAurSnAuBikeqtLB9H1N8BEyjRwTY8/viewform |
Full analysis: | https://app.any.run/tasks/1d57ea85-ead8-485d-9fe8-38fa36c3de6d |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 15:03:09 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 24643F465E3D99E8C210A2B32360986A |
SHA1: | B0C9D6D7930A4F39A49EA3D4A48C0CB5EAA8A604 |
SHA256: | E5E4A909E693A7F5A555BC628B2C847DC2E56EF4C216C3165F13132CB55665B1 |
SSDEEP: | 3:N8SP3ulYaltH2QkPncePGBwMIn:2Smv3H2PGKMI |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2288 | "C:\Program Files\Internet Explorer\iexplore.exe" https://docs.google.com/forms/d/12dhhD-BvN-fdHHAurSnAuBikeqtLB9H1N8BEyjRwTY8/viewform | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2724 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2288 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2732 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2288 CREDAT:922890 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2156 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
4068 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f5aa9d0,0x6f5aa9e0,0x6f5aa9ec | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
3408 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2152 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
2452 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=988,12378402814703958072,12058489573650433326,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=13619774493458961963 --mojo-platform-channel-handle=1004 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100 | ||||
1120 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=988,12378402814703958072,12058489573650433326,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=8141154155937299982 --mojo-platform-channel-handle=1516 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
3640 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,12378402814703958072,12058489573650433326,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1939075365352763426 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
2536 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,12378402814703958072,12058489573650433326,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2838162409851565271 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2724 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab3A17.tmp | — | |
MD5:— | SHA256:— | |||
2724 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar3A27.tmp | — | |
MD5:— | SHA256:— | |||
2724 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_66063E1D41DB33DA9172ED5118AD6EE3 | binary | |
MD5:37E0D8BC862F2739F2FCD94BEA53CA88 | SHA256:68FD25C2908DEE01A67E9F45414A542FB5A7BFF6B320C17232670273640ED3CE | |||
2724 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\viewform[1].htm | html | |
MD5:F43FE3D041FC912F419C4D83353BEE0F | SHA256:05D8A5E23236E60D7F6782FEF75BAC639C2EF532D8591DDDC97CFC54B72105B5 | |||
2724 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\T0I2WFOK.txt | text | |
MD5:2BE3984B4A505CAFED555442244D6C25 | SHA256:AFADB46A0677601CCF59A323DFFC29F3FD57AAA08EDF6EE583C8B2210DBB9E8B | |||
2724 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\7IWOK9KH.txt | text | |
MD5:D23FF2DBCDB48FEC97A43AB6964B1073 | SHA256:F2DED76DD3860355B320975DAB7E4254D4213002F6EF06B1F5F3A03D8A822B28 | |||
2724 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_369CB1678386F6FBC2F0CD20C2047425 | der | |
MD5:2262E3B915118C2F5A2FC31FF841DA83 | SHA256:76A3CB5B201D647DBA21F3FB2286D9A0AEA945A8D40E66C32E38E13407224875 | |||
2724 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:1C400D233070530C717A810D7F9BC99E | SHA256:58B407B0DDF17FBF78FCB2E2DAD4FABAADA9BD88641F19941480951A200AE4E0 | |||
2724 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_369CB1678386F6FBC2F0CD20C2047425 | binary | |
MD5:D92D425C9539B9C1F660D1FBF8FBAAFC | SHA256:FE8C02832EC6CC6C60C490431C735E95D3191836E549710D34D0CFFC6418E49A | |||
2724 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_66063E1D41DB33DA9172ED5118AD6EE3 | der | |
MD5:51F698349BCE3EEBB7F6740B4ECE577D | SHA256:D63DFBF293DD3C550092DE037C23DFBCE599581A03FF2AA19D8546981A10AA35 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2724 | iexplore.exe | GET | 200 | 216.58.210.3:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2288 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2732 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAsllCLO2YEqFaBOmVKKDvo%3D | US | der | 471 b | whitelisted |
2288 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2732 | iexplore.exe | GET | 200 | 216.58.210.3:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEGq42E1AyJyECAAAAABNn3g%3D | US | der | 471 b | whitelisted |
2724 | iexplore.exe | GET | 200 | 216.58.210.3:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCEs0cc0pt0BwIAAAAAc8zc | US | der | 472 b | whitelisted |
2724 | iexplore.exe | GET | 200 | 216.58.210.3:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDdE1cf4Gvu%2FAgAAAABzzNg%3D | US | der | 471 b | whitelisted |
2732 | iexplore.exe | GET | 200 | 216.58.210.3:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEGq42E1AyJyECAAAAABNn3g%3D | US | der | 471 b | whitelisted |
2724 | iexplore.exe | GET | 200 | 216.58.210.3:80 | http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDdE1cf4Gvu%2FAgAAAABzzNg%3D | US | der | 471 b | whitelisted |
2732 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJiUKgT2m88fZ4nxc1Lu6M%2FjvkagQUDNtsgkkPSmcKuBTuesRIUojrVjgCEAZTxDKF8FTpV2C9b5Jl9Kw%3D | US | der | 471 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2724 | iexplore.exe | 172.217.22.110:443 | docs.google.com | Google Inc. | US | whitelisted |
2724 | iexplore.exe | 216.58.207.74:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2724 | iexplore.exe | 172.217.21.195:443 | www.gstatic.com | Google Inc. | US | whitelisted |
2724 | iexplore.exe | 216.58.210.3:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2288 | iexplore.exe | 172.217.23.99:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
2288 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2724 | iexplore.exe | 172.217.23.99:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
2724 | iexplore.exe | 216.58.207.35:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
2288 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2288 | iexplore.exe | 172.217.16.164:443 | www.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
docs.google.com |
| shared |
ocsp.pki.goog |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
crl.pki.goog |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |