URL: | https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMjAxMTAuNTE1NDI2MzEiLCJ1cmwiOiJodHRwOi8vd3d3LmtpdGNoZW5zaXN0ZXJzLm9yZy9wcmVzZW50LyJ9.kfoILRwnK5-D02gtnbcnmQAQJUQndqpSAeRLLytVKrc/s/601723030/br/124432635406-l |
Full analysis: | https://app.any.run/tasks/97b37a75-5b9e-4b37-af37-f817d5e5b0cc |
Verdict: | Malicious activity |
Analysis date: | January 11, 2022, 15:04:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | EEB79B353E145F41AE19D9203CD1B3B3 |
SHA1: | EB58AC9F7491539BF5039BD56D8824C2A48F7DC9 |
SHA256: | F025E3CCACF991A4F3D0BD9280955959078448377DBF6484B7630DC20E246D9B |
SSDEEP: | 6:2xKxNFr48eNtp2LghoEpJDOs9qi/mRGhz3eOkaGfG:2xiNNnYtpR+EpJDOAmRa1kaG+ |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2520 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMjAxMTAuNTE1NDI2MzEiLCJ1cmwiOiJodHRwOi8vd3d3LmtpdGNoZW5zaXN0ZXJzLm9yZy9wcmVzZW50LyJ9.kfoILRwnK5-D02gtnbcnmQAQJUQndqpSAeRLLytVKrc/s/601723030/br/124432635406-l" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
148 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2520 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (2520) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (2520) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (2520) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30934780 | |||
(PID) Process: | (2520) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (2520) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30934780 | |||
(PID) Process: | (2520) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (2520) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (2520) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (2520) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (2520) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
148 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\miniplayer[1].css | text | |
MD5:EA6DE0ABFB018CEF912E2B53E3184D98 | SHA256:DAE01496EF2C717B56A7F3A7CF8B3797424881975FC763AA1266B5114181F75B | |||
148 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\woocommerce-styling[1].css | text | |
MD5:6D5355B74C6747F7F0EEA11581695CB8 | SHA256:9142D3D31F31750A0A0AF71C1990871403C35445429668EEDAF1DCE38C0301C5 | |||
148 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\204C1AA6F6114E6A513754A2AB5760FA_F08D193BC3B4026ECC0251B4C09BE3F5 | binary | |
MD5:77444CCEE41B6191474540EF94BDDF01 | SHA256:791C9858CBF9F9233B6E055F0A4F6F30EEE9394FDDEAAB0499A26FA9D8DDA18B | |||
148 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E | der | |
MD5:3C25AE40011D89B20ABD9294701F7D71 | SHA256:CB88C85861D98B7C2F84F837560BD9A0830E3CF074632EB9A8ED760C070F3738 | |||
2520 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:7CE57A327C37CB93D97EFCEA39984D5C | SHA256:7F5DEC72D2A15FAA8A66C26D8D8462DED8E0469C841712AF71C0C2A7A0F77BF3 | |||
2520 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:345C9A343F84986448D8863255B6EC4C | SHA256:F8E0BC9F60B77861E3F56B4DE780BC555CC7BAED390F7D1C76B80CBA533E1324 | |||
148 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3F26ED5DE6B4E859CCCA6035ECB8D9CB | binary | |
MD5:2FD2B682B3D259EC1D90719B40953425 | SHA256:10F4125402FB4E2A2C0E4600A97B017B484F037450515CBB14F73C0308E294F8 | |||
2520 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:B2CA82ED846F57E76DFE3E48EF8563A1 | SHA256:9503CA94FC5C7E333D4806DDBF6C07550A68CB4EB8C6CB5A5584C16D093D3F8F | |||
148 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\124432635406-l[1].htm | html | |
MD5:BD40225DFE8FD332FC471760254D0608 | SHA256:4431F13C914960F00B15DC416FD1A48D02D5C5B20C29D01D3E6EC229DCF2373E | |||
148 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\site[1].js | text | |
MD5:36C69C12E057361D3DEBE983FA589FB8 | SHA256:E9EC9EBF944BC428590B4C2B665AD3086A0F991BF785341635E876BEAF048E7B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
148 | iexplore.exe | GET | 200 | 69.163.251.156:80 | http://www.kitchensisters.org/present/ | US | html | 27.9 Kb | suspicious |
148 | iexplore.exe | GET | 200 | 69.163.251.156:80 | http://www.kitchensisters.org/wp-includes/js/wp-emoji-release.min.js?ver=5.5.8 | US | text | 4.61 Kb | suspicious |
148 | iexplore.exe | GET | 200 | 69.163.251.156:80 | http://www.kitchensisters.org/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=2.4.10 | US | text | 6.52 Kb | suspicious |
148 | iexplore.exe | GET | 200 | 69.163.251.156:80 | http://www.kitchensisters.org/wp-content/themes/purity/plugins/woocommerce/assets/woocommerce-styling.css?ver=5.5.8 | US | text | 5.53 Kb | suspicious |
148 | iexplore.exe | GET | 200 | 69.163.251.156:80 | http://www.kitchensisters.org/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.2.2 | US | text | 729 b | suspicious |
148 | iexplore.exe | GET | 200 | 104.18.31.182:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEGxVq9vQB5LHnQcM2BGe1r8%3D | US | der | 727 b | whitelisted |
148 | iexplore.exe | GET | 200 | 69.163.251.156:80 | http://www.kitchensisters.org/wp-content/plugins/wp-miniaudioplayer/css/miniplayer.css?ver=1.7.5 | US | text | 2.62 Kb | suspicious |
148 | iexplore.exe | GET | 200 | 104.18.31.182:80 | http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRyyuDOSqb8BtprWZSAvBT9kFoYdwQU%2BftQxItnu2dk%2FoMhpqnOP1WEk5kCEQC1tMD7M6W%2BrFcdEWF%2BoECX | US | der | 472 b | whitelisted |
2520 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
148 | iexplore.exe | GET | 200 | 69.163.251.156:80 | http://www.kitchensisters.org/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=2.4.10 | US | text | 940 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
148 | iexplore.exe | 69.163.251.156:80 | www.kitchensisters.org | New Dream Network, LLC | US | suspicious |
148 | iexplore.exe | 104.18.30.182:80 | ocsp.comodoca.com | Cloudflare Inc | US | suspicious |
148 | iexplore.exe | 209.134.144.229:443 | lnks.gd | Vector Internet Services, Inc. | US | suspicious |
2520 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2520 | iexplore.exe | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2520 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
148 | iexplore.exe | 104.18.31.182:80 | ocsp.comodoca.com | Cloudflare Inc | US | unknown |
148 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
148 | iexplore.exe | 79.142.69.149:443 | second.pmservicespr.com | AltusHost B.V. | DK | suspicious |
148 | iexplore.exe | 192.229.233.25:443 | platform.twitter.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
lnks.gd |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
www.kitchensisters.org |
| suspicious |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
148 | iexplore.exe | Potentially Bad Traffic | ET INFO Observed ZeroSSL SSL/TLS Certificate |