URL: | https://bit.ly/3b8enkd |
Full analysis: | https://app.any.run/tasks/e91cb1e5-5bd1-43fb-832d-cf8fea8c316a |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 11:30:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 6AB3493E9CE9E8A1D6951EA1B67E2D88 |
SHA1: | AB32844B8B2E0DC9AF5E222E19E199C479E39CEA |
SHA256: | F304E5E661D62849BA43C985D22335A205FCD902FCC1FCB693759287DF34EF7A |
SSDEEP: | 3:N8kSiq:2uq |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
4060 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://bit.ly/3b8enkd" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3392 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4060 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3392 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\L9WPB0BB.txt | text | |
MD5:DE80DA1CA525ADD3287EB263A6BA9620 | SHA256:28472AF753AF3880852FF938B7C5E227A57C444E3B7B9B493CCB343C23130AAB | |||
3392 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\7K3FRPIY.txt | text | |
MD5:F9FC7CC05325F3E66DDB0C987DA3799F | SHA256:DBAEEC339189291102A1276DE14878A23C159CFD436EAD91A9BD36495313A632 | |||
3392 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:71ADC34ACDC9C1A1C5F8CDAE9EFFC579 | SHA256:71F6F9BBC6510AA0808985A7A56417C4393E53315EA2DDC8490F2F22A8722106 | |||
3392 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB | der | |
MD5:6D676CF8CC0E0E8C814461805E761CCA | SHA256:EFDFEA3D85CEA32051FDE431C7C5CAD519C0FD4803ECB466BD6282ADA744381F | |||
3392 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB | binary | |
MD5:E55E85F25ECE518B99B57106EE16A695 | SHA256:650B76E1C075D253C8E95C909852B8327BDEB78B442716FDE6E64773CAEDFCA1 | |||
3392 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | der | |
MD5:7B1A47B5C13335388D33914618A38EE2 | SHA256:1B145D9B225C35C9672B60ADE9067803BBC51AB9E2EC053A12602FD8B1FC18AD | |||
3392 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4D1ED785E3365DE6C966A82E99CCE8EA_BE51B43F9F95B8E556690D4EA2757FD1 | der | |
MD5:2D1B0661D29247F50E74F9F7ECF0C4CF | SHA256:23EC09A69E52CE7EDAF472C0DD094CA84CB13F444CAAD5C3907C421FCCC78A65 | |||
3392 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | binary | |
MD5:B52DC085F2664F611AC97DC84C5B794D | SHA256:0512F3CD7F5972335EDA716BB58751BA55651B0032CFC5BFD5E0308B0D4A6888 | |||
4060 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342 | SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E | |||
4060 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:FEDA6C2DAC40FE1309A82970676E3C99 | SHA256:75F709EE653FAA0FC6F7CD85E3AA17014F74E44F9357C934F00CEED432F25263 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3392 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
3392 | iexplore.exe | GET | 302 | 34.145.241.156:80 | http://5jzv0.77news.live/pic3253465235623 | US | — | — | unknown |
3392 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAHET5O3BolBmehILoXYe1Q%3D | US | der | 471 b | whitelisted |
4060 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3392 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAoIoPYH8AScgXOj0yKW3ww%3D | US | der | 471 b | whitelisted |
3392 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAF07byUPU%2BJxy5NOObLGdI%3D | US | der | 471 b | whitelisted |
3392 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAN0CgoljzL%2F6va%2Bdi6qtO0%3D | US | der | 471 b | whitelisted |
3392 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAeTng%2BdviJSZvvsgyHhGaA%3D | US | der | 471 b | whitelisted |
3392 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
3392 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3392 | iexplore.exe | 67.199.248.11:443 | bit.ly | Bitly Inc | US | shared |
4060 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3392 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3392 | iexplore.exe | 34.145.241.156:80 | 5jzv0.77news.live | — | US | unknown |
4060 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3392 | iexplore.exe | 87.248.119.251:443 | uk.yahoo.com | Yahoo! UK Services Limited | GB | malicious |
3392 | iexplore.exe | 74.6.143.25:443 | yahoo.com | — | US | malicious |
3392 | iexplore.exe | 54.154.107.215:443 | guce.yahoo.com | Amazon.com, Inc. | IE | unknown |
3392 | iexplore.exe | 87.248.100.216:443 | www.yahoo.com | Yahoo! UK Services Limited | GB | malicious |
3392 | iexplore.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
bit.ly |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
5jzv0.77news.live |
| unknown |
yahoo.com |
| whitelisted |
www.yahoo.com |
| whitelisted |
uk.yahoo.com |
| whitelisted |
guce.yahoo.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3392 | iexplore.exe | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |