URL: | https://intermountainhealthcare.us1.list-manage.com/track/click?u=13ee099aaffa8495dcf9f1865&id=425efb5257&e=987ecec441 |
Full analysis: | https://app.any.run/tasks/95051733-4341-4412-946c-5034c2a71096 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 13:53:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 53B3510C38E3024ED65D4020F9AE4CC8 |
SHA1: | 18E58C602F0DB63EA38F44763DB624C5B31151A7 |
SHA256: | EF0803A438536C274E42D0F656758068C6B43F46A36AA840815ADE6B42219A90 |
SSDEEP: | 3:N8MAXgLiKPNTQaCNULGGRXEGcJMkN4w2E84jzAxQ8Gkn:2MAei0NTvCNULEGcJM82CAxQkn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3572 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://intermountainhealthcare.us1.list-manage.com/track/click?u=13ee099aaffa8495dcf9f1865&id=425efb5257&e=987ecec441" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2964 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3572 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2964 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ERQDP9CX.txt | text | |
MD5:AB518660797FD7044E93B594864FD0B8 | SHA256:D27AFF8A327B17FB97FDB42442330F676A55C91464D0DBBBB72CB569331EF30B | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | der | |
MD5:7B1A47B5C13335388D33914618A38EE2 | SHA256:1B145D9B225C35C9672B60ADE9067803BBC51AB9E2EC053A12602FD8B1FC18AD | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:FC887F7C5EF1EEAE3FB3BA651F77AC36 | SHA256:5F98609231B96FC1ECFEFF757089F66D6A74BBE8FED6B33D83A799790484AA56 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | der | |
MD5:8EDB229E8AB5931CECAB275AB8B11C20 | SHA256:C3285E5DB1DD3692FF85E168EFECA0778F6A91CA0AE3866214166E27129339F1 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\main[1].css | text | |
MD5:08A860E7943EF1DC229F125AC2E7F8DA | SHA256:FA4F5A1816DEB1F42332CF90729E0BC21069BAE7EC3FA11F8DBEF1D6793181C7 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\VCGY48WV.txt | text | |
MD5:27FC7E98F95C8B8F3ED50A36773530AE | SHA256:BB1A6E405A4C9039BE72466D3D0DFD077C158A7A6AB39E0444535AB17C2436C4 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\21NOR5MZ.txt | text | |
MD5:DE57974BCED901CCBF03EEFF5FCA0B45 | SHA256:B818979950F824114402BBFDEDF06975119357676097C816F2E2560D4D0362D9 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\module.min[1].js | text | |
MD5:33DF9FA331BB803A082F78F66F3F2AA8 | SHA256:985C265477CA385ADE88580723375C7A8CB707BA3057EAAA2273C1FD7F76B242 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | binary | |
MD5:10514C8D91958612BAAB1FD6BAAE5D1F | SHA256:7E94875DADBD3A9A9230D23ECE3972A52EFEBD45CEDADE22F5C815FC5661D06F | |||
2964 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1KXZHAPY.txt | text | |
MD5:5B89352E2E5D7B9A83258FB7A1144F9A | SHA256:15D87AC9C1D2FE486965404235F05423B890689CFC93D59B736A11A06A3B324A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2964 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
3572 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2964 | iexplore.exe | GET | 200 | 142.250.186.163:80 | http://crl.pki.goog/gsr1/gsr1.crl | US | der | 1.61 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 192.124.249.22:80 | http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCGOLSh941fq8 | US | der | 1.74 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 192.124.249.22:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 18.66.242.155:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
2964 | iexplore.exe | GET | 200 | 192.124.249.22:80 | http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D | US | der | 1.69 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 104.18.32.68:80 | http://crl.comodoca.com/AAACertificateServices.crl | US | der | 506 b | whitelisted |
2964 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 18.66.242.94:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3572 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3572 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2964 | iexplore.exe | 104.89.22.184:443 | intermountainhealthcare.us1.list-manage.com | Akamai Technologies, Inc. | NL | suspicious |
2964 | iexplore.exe | 151.101.0.176:443 | js.stripe.com | Fastly | US | suspicious |
2964 | iexplore.exe | 104.18.132.60:443 | give.primarychildrenshospital.org | Cloudflare Inc | US | unknown |
2964 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2964 | iexplore.exe | 95.140.236.0:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | GB | whitelisted |
— | — | 151.101.0.176:443 | js.stripe.com | Fastly | US | suspicious |
2964 | iexplore.exe | 52.143.247.24:443 | htp.tokenex.com | Microsoft Corporation | US | unknown |
Domain | IP | Reputation |
---|---|---|
intermountainhealthcare.us1.list-manage.com |
| suspicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
give.primarychildrenshospital.org |
| unknown |
prod-frs.content.classy.org |
| shared |
js.stripe.com |
| shared |
unpkg.com |
| whitelisted |
htp.tokenex.com |
| unknown |