URL: | http://chloride1.com/sodium.zip |
Full analysis: | https://app.any.run/tasks/ef32c101-d73f-4899-b35a-bac9e224dd6b |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 04:31:28 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | ABAB18279CF98042DF249E458C6B02D5 |
SHA1: | A4361FCE8E46ED3227AE09E4B424173CE2BC9D7D |
SHA256: | E68149CDD889ACC7CCDB5D47722C1537FE5D8E6C94E8B7BDAC7C6DC0E46042A7 |
SSDEEP: | 3:N1KdNJMAN/EU:Cxh8U |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3420 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://chloride1.com/sodium.zip" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3948 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3420 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1376 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\sodium.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | iexplore.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3420 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:089D920CD9F96820207D311B09917F5E | SHA256:2E6CC2EC709C5D7FCDF7F55963C72A44900C897422C54F6B335B68345AA990A5 | |||
3420 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF941CAB8A9802B780.TMP | gmc | |
MD5:B082A3D3AEB6BC94ACE7D389C09AF68C | SHA256:73A355C860B1B73ABD09E12E497B980B1FD3A081A1B8C6D78B0AEA8F283FBB43 | |||
3948 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\sodium[1].zip | compressed | |
MD5:724DC8DCFEC804A0B46AD326A463EB59 | SHA256:B8E41317A5E150089CE23E9633EA32FDD6673B620F13377C22B26490E25EE805 | |||
3420 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{96C60A2F-4466-11ED-8C90-12A9866C77DE}.dat | binary | |
MD5:98B79BCD8F4E3CC4200B305140ECCB1F | SHA256:07E502F31E09F7FCD30455ABE46FA683EF894B29D4DA1586202FAB7636071834 | |||
3420 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:AFC3E2584B32E1E7C23C33E9534089A5 | SHA256:61597F5F937DA250A5ED7B4B82867BEBC546A5A35C0029982A003B1E9CBD2E7E | |||
3420 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:15286ACBFBAC8AC097163367A94DCDC5 | SHA256:BDC19CE7E5443AF9E7893B826877F73D1247CFE6301B6672A058DCB32932A50A | |||
3420 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\sodium.zip | compressed | |
MD5:E899E9D8DFC97C1B16052365B7269551 | SHA256:D7F938209E0E8FFF6059EE677C6DB0F5EAD477EC51821570B655ADE70EED5DED | |||
3420 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\sodium.zip.32z7b0g.partial:Zone.Identifier | text | |
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B | SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 | |||
3948 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\sodium.zip.32z7b0g.partial | compressed | |
MD5:E899E9D8DFC97C1B16052365B7269551 | SHA256:D7F938209E0E8FFF6059EE677C6DB0F5EAD477EC51821570B655ADE70EED5DED | |||
3420 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml | xml | |
MD5:CBD0581678FA40F0EDCBC7C59E0CAD10 | SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3948 | iexplore.exe | GET | 200 | 138.199.37.226:80 | http://chloride1.com/sodium.zip | unknown | compressed | 7.67 Mb | malicious |
3420 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1c6762f84bba0d06 | US | compressed | 4.70 Kb | whitelisted |
3420 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?95b9891dec8f5b84 | US | compressed | 4.70 Kb | whitelisted |
3420 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3420 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?653c353a4ef9d429 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3420 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | EDGECAST | US | whitelisted |
3948 | iexplore.exe | 138.199.37.226:80 | chloride1.com | Datacamp Limited | DE | malicious |
3420 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
3420 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
Domain | IP | Reputation |
---|---|---|
chloride1.com |
| malicious |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |