URL: | https://career-marks.com/ |
Full analysis: | https://app.any.run/tasks/47b95787-2533-46af-a1c3-5b0651c26d11 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 18:10:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 9E134364CA9DD277C17A3DF3DDB56094 |
SHA1: | 937AE70E4864BAA75C873CD58F88FBFBB2B5C7A9 |
SHA256: | F2E6C11F0F2D1EF1A8180206A61427C4B59DC3F564EB1FAB03A51D46903ECA95 |
SSDEEP: | 3:N8ZXALRn:2ut |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2840 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://career-marks.com/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3436 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2840 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3832 | -modal 131368 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\admin\AppData\Local\Temp\NDF728.tmp -ep NetworkDiagnosticsWeb | C:\Windows\system32\msdt.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Diagnostics Troubleshooting Wizard Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3972 | C:\Windows\System32\sdiagnhost.exe -Embedding | C:\Windows\System32\sdiagnhost.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Scripted Diagnostics Native Host Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2872 | "C:\Windows\system32\ipconfig.exe" /all | C:\Windows\system32\ipconfig.exe | — | sdiagnhost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: IP Configuration Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
300 | "C:\Windows\system32\ROUTE.EXE" print | C:\Windows\system32\ROUTE.EXE | — | sdiagnhost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Route Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2824 | "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf | C:\Windows\system32\makecab.exe | — | sdiagnhost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft® Cabinet Maker Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3948 | C:\Windows\System32\sdiagnhost.exe -Embedding | C:\Windows\System32\sdiagnhost.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Scripted Diagnostics Native Host Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2840 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:FA526918A211E850A6078FB1D00B2045 | SHA256:396B94C667643AFA59D155EF4D812DA6F4D67DD50CEC97194E1CA3A1B3ECE3FE | |||
2840 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\1KMBPLSV.txt | text | |
MD5:3582C353551FF2F88F26A9F1DD675506 | SHA256:67ABC8CBBE5101DA273F855657EEA2CA0DAC52189D4C339C6BFE108B55F18184 | |||
2840 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\V4RI6TUA.txt | text | |
MD5:FAD8F6762E856FD2F4A80E6C592F19E8 | SHA256:6AF538912D724FCE504265C252E47D7218DD7905AC2713AFCE89134BBBF5832C | |||
2840 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:CF4C4F15A17C0B24E835BB27442B7A12 | SHA256:2DBC1865D18A75C06AA1A6BFFBEF4DBFA69F293E7373583BBF6E4C002D95A970 | |||
2840 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F | der | |
MD5:5C1113B7526A7723B64400D44129FA78 | SHA256:9ECC27C740862AB2712DA2C4FF31592E2C0A8643576E64551EE344A73FBE2494 | |||
2840 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | binary | |
MD5:EAF36D0B56685508459918D09B1A7641 | SHA256:AC1C1F78A79547240327AD2CDB92819045C6118038E6E40770FC1FAECB04BA6E | |||
2840 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:741A50F19B4AEEEF6A1E53402E56E981 | SHA256:513A60A12D32A53DEC1A12F600E3155AAE2BD1E9B105EBB17085F97143CB5D3F | |||
2840 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\ZSM26SVM.txt | text | |
MD5:2A40A99212F6FCDE2EA477A51032C1E4 | SHA256:18772154087310907E6895F59FBEEAD5311BF5513F23AA12BD8B49806F995C9E | |||
2840 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\SM1V71AQ.txt | text | |
MD5:AA5BB617917EB9B2EA32FDE48EBA74FF | SHA256:5D0574044DCE2A94890F976399B8228BC2B8B0B0990238418546283ED27EFAE5 | |||
2840 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\JLGQN6MR.txt | text | |
MD5:2032CEC59D5FAA8DF367B243196819D1 | SHA256:D4C114527F4B013E075A1A0C1E599E8116B8E9B163761D8D5DFD0E3BC042685C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2840 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
2840 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2840 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D | US | der | 471 b | whitelisted |
2840 | iexplore.exe | GET | 200 | 8.248.131.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4a6aad859aa2dab4 | US | compressed | 4.70 Kb | whitelisted |
2840 | iexplore.exe | GET | 200 | 8.248.131.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c0a0f27c2943d5a6 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2840 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2840 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3436 | iexplore.exe | 198.12.125.130:443 | career-marks.com | ColoCrossing | US | malicious |
2840 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2840 | iexplore.exe | 8.248.131.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
2840 | iexplore.exe | 96.16.143.41:443 | go.microsoft.com | Akamai International B.V. | US | whitelisted |
2840 | iexplore.exe | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2840 | iexplore.exe | 204.79.197.203:443 | www.msn.com | Microsoft Corporation | US | whitelisted |
3436 | iexplore.exe | 13.107.5.80:443 | api.bing.com | Microsoft Corporation | US | whitelisted |
2840 | iexplore.exe | 20.25.53.147:443 | query.prod.cms.msn.com | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
career-marks.com |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ieonline.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |