URL: | http://trappedtree.com/ |
Full analysis: | https://app.any.run/tasks/c79ed94e-fe9d-4b24-a701-c7b8d801e83b |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 18:33:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 7FAC7F28B6B3724AC0B4587102B128F8 |
SHA1: | C761D13CE779F269C8BCF969E89DA57E4397D29D |
SHA256: | F981914151DFDFBC10EB731EA59FFBAA94D0B55C4D2255A42F4BEEB057A4292B |
SSDEEP: | 3:N1KKXEVqnfIK:CKXJfIK |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1300 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://trappedtree.com/" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3416 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1300 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:FC4481675963028318EA82CBE21ECE3F | SHA256:0EAD5760BF55B283AA10DDB80197420980C98386E6F29DFC5A3FE56D8554D131 | |||
3416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_7A6811D4A6D8E5D9A83111D47C405249 | der | |
MD5:DC8E8924DDF298805E2F08938429D085 | SHA256:B7E8204149DA4FF6068979DDF698FD46AC084A8E5B57BC44A5A64D81F9572B46 | |||
3416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | binary | |
MD5:F11DA20B38226B06C6B73D5B09CD580A | SHA256:22FD1FA46ACD32841013669A552E573D73CFF66F02182D2B1ACD0B1C611A16F3 | |||
3416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_7A6811D4A6D8E5D9A83111D47C405249 | binary | |
MD5:2496701492DBCA9259FB753F4F88C2F0 | SHA256:0D32F89FEC1A2621B47B6B348CDBCB3AF723A74E836402700AF05D55AAE66A8B | |||
3416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | der | |
MD5:5A11C6099B9E5808DFB08C5C9570C92F | SHA256:91291A5EDC4E10A225D3C23265D236ECC74473D9893BE5BD07E202D95B3FB172 | |||
3416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_6C5C4E1A482F75D0EA0262D75C3C6DA4 | binary | |
MD5:C0FB4D81F8DCCCBBF3AB244223B13133 | SHA256:F5EFEDF544A95713AED99EABCD40AB64736CD8AF122F756B602D10AC25214E8C | |||
1300 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:EE87BB11E233C12009CC11725035DBDC | SHA256:D82930A5B051B3C3F1639C24E83BDDF41D5AA66E467A0944D1AC3D59AE6330C5 | |||
3416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | der | |
MD5:FC4A5A9D19C073BF2FCB2090CE0F8D1E | SHA256:33DEFDCBE87BC5E257D30F2FA45683F7898FF0FF1327D1E6753BD51A657A3DA2 | |||
3416 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\EHPLLYM8.txt | text | |
MD5:1F07CFEB2AA829D70BB0A8D1198566DC | SHA256:61B25B576F838907FB1EA15D0EA5C390993C60A522374D67917B5E036E9D45E7 | |||
3416 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | binary | |
MD5:AE56D8949D705BBAF7E7766C56E7E5D8 | SHA256:041C998CC6795DF95F1B02CAA883A90396388A4EA513FCF4002DEDF620FE3DEA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3416 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
3416 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCsaQm9IjtQWwpY0PgImSGA | US | der | 472 b | whitelisted |
1300 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3416 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC7KoDMFPzdvBICsqCGvR0X | US | der | 472 b | whitelisted |
3416 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
3416 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDGaM9nfILxSxIGz%2Bm2TRwQ | US | der | 472 b | whitelisted |
1300 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
3416 | iexplore.exe | GET | 200 | 8.249.61.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9eae438d1ab9dc75 | US | compressed | 4.70 Kb | whitelisted |
3416 | iexplore.exe | GET | 301 | 192.243.59.12:80 | http://trappedtree.com/ | US | html | 169 b | malicious |
3416 | iexplore.exe | GET | 200 | 8.249.61.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a9528d093f22c3eb | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3416 | iexplore.exe | 172.217.16.206:443 | google.com | Google Inc. | US | whitelisted |
3416 | iexplore.exe | 192.243.59.12:80 | trappedtree.com | DataWeb Global Group B.V. | US | malicious |
3416 | iexplore.exe | 142.250.185.163:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
1300 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3416 | iexplore.exe | 8.249.61.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3416 | iexplore.exe | 216.58.212.132:443 | www.google.com | Google Inc. | US | whitelisted |
1300 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3416 | iexplore.exe | 142.250.184.206:443 | consent.google.com | Google Inc. | US | whitelisted |
3416 | iexplore.exe | 142.250.184.227:443 | www.gstatic.com | Google Inc. | US | whitelisted |
1300 | iexplore.exe | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
trappedtree.com |
| malicious |
google.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
www.google.com |
| whitelisted |
consent.google.com |
| shared |
ocsp.digicert.com |
| whitelisted |
www.gstatic.com |
| whitelisted |