URL: | https://arstechnica.com |
Full analysis: | https://app.any.run/tasks/458fe3b5-e189-411b-b5d5-3c48fe047772 |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 19:36:28 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 344ADD8DABB753D03641CE9F246787AD |
SHA1: | F0971194A59E796E4A2C4ABD61C66AE6D8E3ED68 |
SHA256: | E620C1E06FF8915C3EA9778099824C7C0EC4E966A69BD574BA35A5E78DC388E4 |
SSDEEP: | 3:N8WAMTLK:2M2 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3204 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://arstechnica.com" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
760 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3204 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (3204) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (3204) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: 131751088 | |||
(PID) Process: | (3204) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30935422 | |||
(PID) Process: | (3204) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 431913588 | |||
(PID) Process: | (3204) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30935422 | |||
(PID) Process: | (3204) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3204) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3204) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3204) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (3204) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3204 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:8E7FEA005186B24438041121B7040432 | SHA256:9DF4E37863838BCE1AE2C1B871E7987ACFB8D1E3C2503027B2E43946D31AB8B1 | |||
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | binary | |
MD5:F5E36F9AE0893FE5C0258E9A772271ED | SHA256:3DD80E12F83578B7FDF5F8A131A03927C5A6CD14AEA394AE49FA1826AB9A0E2F | |||
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BCB67D7ECB470284AF35679F339E879F | binary | |
MD5:CE7AEF5F4C795B9CAD4CF3F1616AD65D | SHA256:E8F44547429048DA435B275109969F8E318AF580602EDC300C2D67CFCC1B2872 | |||
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | der | |
MD5:9B980225C891790166A8A8535BB4E178 | SHA256:EEFABCF46B58056A1447B6A084046FAFDBE7D8F512415EFF473544202FE1E047 | |||
760 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\otCCPAiab[1].js | text | |
MD5:91DAA4BD4E0A102BF87AB6C76A3ED87E | SHA256:C020F54C248A55614E1DBE7002AC03E4A6ED263A6E9D460621B4894ADD76EFCD | |||
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | binary | |
MD5:F1AD0508A2DF54785EF0F2BAADE4E60F | SHA256:91FBCC19C39A9D38FABD734FE08F36FD8B1E90EB2C350D6CE32F15E8623DF5B1 | |||
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F | der | |
MD5:029FB7DD858601813AE129D575D2B242 | SHA256:98DBA01C5B1A4C1DD4ABE3819DBB8A9846FECC746BEE19BC15B4626D4C7B62DE | |||
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D6243C18F0F8F9AEC6638DD210F1984_F38FD74EA7B374E076318826806C8195 | der | |
MD5:9DA3DAAB02B5A0FD965586434F37759E | SHA256:FB45F24DFC3E0A9C2FF1F3428C1440ADE96BA0C1C7A440AF52C153701A8A55C4 | |||
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 | der | |
MD5:1BA78C901BF35F9710BE47AE2A6B3D25 | SHA256:7E96651546AE845FCFEB2A1B3149E6B9EDB3198CFB4E6A8155C60951C1874585 | |||
760 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:CF99BB76C1FC326F41B3797905DEDB3D | SHA256:2519E62BCCE96155203E5B2A240551A948304572A4A01880E27ECA86476DE29F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
760 | iexplore.exe | GET | 200 | 52.222.250.42:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
760 | iexplore.exe | GET | 200 | 18.66.107.167:80 | http://crl.rootg2.amazontrust.com/rootg2.crl | US | der | 660 b | whitelisted |
760 | iexplore.exe | GET | 200 | 18.66.92.70:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
3204 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.68 Kb | whitelisted |
760 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | der | 471 b | whitelisted |
760 | iexplore.exe | GET | 200 | 52.222.250.42:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
760 | iexplore.exe | GET | 200 | 104.18.21.226:80 | http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDBNjUwStE%2B4%2BTlyzcA%3D%3D | US | der | 1.41 Kb | whitelisted |
760 | iexplore.exe | GET | 200 | 18.66.107.5:80 | http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAuhkfoSxkWUoMnwMbrBcSU%3D | US | der | 471 b | whitelisted |
760 | iexplore.exe | GET | 200 | 67.26.139.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?093edcdb72a5c293 | US | compressed | 4.70 Kb | whitelisted |
760 | iexplore.exe | GET | 200 | 142.250.185.195:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3204 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3204 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
760 | iexplore.exe | 18.216.136.68:443 | arstechnica.com | Amazon.com, Inc. | US | unknown |
760 | iexplore.exe | 67.26.139.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
760 | iexplore.exe | 18.66.107.167:80 | crl.rootg2.amazontrust.com | Massachusetts Institute of Technology | US | whitelisted |
760 | iexplore.exe | 52.222.250.112:80 | ocsp.rootg2.amazontrust.com | Amazon.com, Inc. | US | whitelisted |
760 | iexplore.exe | 18.66.92.70:80 | o.ss2.us | Massachusetts Institute of Technology | US | unknown |
760 | iexplore.exe | 104.16.148.64:443 | cdn.cookielaw.org | Cloudflare Inc | US | unknown |
3204 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
760 | iexplore.exe | 18.66.107.5:80 | ocsp.sca1b.amazontrust.com | Massachusetts Institute of Technology | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
arstechnica.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
o.ss2.us |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
ocsp.sca1b.amazontrust.com |
| whitelisted |