URL: | https://sfsfsadf.com |
Full analysis: | https://app.any.run/tasks/a7c4b861-ce53-40e6-a4a4-5e3a8efd46e6 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 15:29:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 5F539AB978A7FC9D3F82889873387922 |
SHA1: | 290E80EB9B3A263CC2B88BA67CA80F1B5B9B0AEE |
SHA256: | F633ABC890E3D2D0F0B1EA506190F11D3201946BDF37F828487177D9FA511C25 |
SSDEEP: | 3:N8OWDWE1yKIn:2OEDI |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3088 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://sfsfsadf.com" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1073807364 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3728 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3088 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3416 | C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3976 | C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: COM Surrogate Exit code: 1073807364 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (3088) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (3088) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: 950446896 | |||
(PID) Process: | (3088) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30937399 | |||
(PID) Process: | (3088) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (3088) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30937399 | |||
(PID) Process: | (3088) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3088) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3088) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3088) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (3088) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3088 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFA04478D31E346618.TMP | gmc | |
MD5:164D015B9210C56A07AEAB1C95F28D6A | SHA256:B3D432D1A8B89EA0AFE3271E8948D23EB8042D188CFCA91C4C4573A6DD9792FE | |||
3088 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{7649CFD3-7D2A-11EC-A45D-12A9866C77DE}.dat | binary | |
MD5:9C9CFD475999A8494D574F8ADE290A20 | SHA256:A4F66E3B600A2E9C4A7F290AA33B299B742977BA3FF0984A33DA7E4094D71900 | |||
3088 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.dat | binary | |
MD5:62ADD32CA859D13C741C3AA994810524 | SHA256:D15FA85F6DF2E1EC4BAB69199F622E989BD623B37A813C1247732B197E01BC2B | |||
3088 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{7649CFD4-7D2A-11EC-A45D-12A9866C77DE}.dat | binary | |
MD5:602E2B180FA35840F674E6B6C13124BF | SHA256:E184B2A6A5BEBD5E020AA08FB62C1A8A5C2146253E223C6D92E8B655E0578B69 | |||
3088 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF50F8BC3849429380.TMP | gmc | |
MD5:EEF3A2927F6695DBE9E1A85F20572033 | SHA256:A4EECEE32E302CA93825926362A1BEA487BD9E07AFD1A1EEE03CA92D73FC938E | |||
3088 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7649CFD1-7D2A-11EC-A45D-12A9866C77DE}.dat | binary | |
MD5:9EDC2F7522729BAF32D2531B96E23FF8 | SHA256:BF9FAD7137CAE8CDCD402F823241B4C481D0E95142B5263F800BCE75C08EEB60 | |||
3088 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFA3C0C3F15A5AD0A0.TMP | gmc | |
MD5:AD1DD0A4F08B324DFE360FE139BBBD54 | SHA256:16BA22DA0D2CEE203968F28941FD3782E64263E0DB02929559C15C3268CF84EE | |||
3088 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:1CDF4E86C1CDA95A0E6A6DC20A2712ED | SHA256:A4A9B991428C356A6CB95C1EA2EB47CE0573A22416B4371187F1AA7E1C24820C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3728 | iexplore.exe | GET | 404 | 67.27.233.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d68f4ae558fb6517 | US | xml | 341 b | whitelisted |
3728 | iexplore.exe | GET | 404 | 67.27.233.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?58ec6aeeafa85f96 | US | xml | 341 b | whitelisted |
3088 | iexplore.exe | GET | 404 | 67.27.233.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?81b7bc6a738bcca7 | US | xml | 341 b | whitelisted |
3728 | iexplore.exe | GET | 404 | 67.27.233.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?93a388791bae1293 | US | xml | 341 b | whitelisted |
3088 | iexplore.exe | GET | 404 | 67.27.233.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?15d924fd7b8b52ce | US | xml | 341 b | whitelisted |
3088 | iexplore.exe | GET | 404 | 67.27.233.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a53a6cc97fb8ab6b | US | xml | 341 b | whitelisted |
364 | svchost.exe | GET | 404 | 67.27.233.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?05ae3aeb768d9571 | US | xml | 341 b | whitelisted |
3088 | iexplore.exe | GET | 404 | 67.27.233.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?474448c0b713d8ba | US | xml | 341 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3728 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3728 | iexplore.exe | 13.107.5.80:443 | api.bing.com | Microsoft Corporation | US | whitelisted |
3088 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3728 | iexplore.exe | 67.27.233.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
364 | svchost.exe | 67.27.233.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3088 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3088 | iexplore.exe | 67.27.233.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
sfsfsadf.com |
| unknown |
api.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |