URL: | https://docs.google.com/forms/d/e/1FAIpQLSeOogYipnGxt275dunPKkmJ35_rJT0vfpCNhKZ9d9LSvA7c-Q/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link |
Full analysis: | https://app.any.run/tasks/f2401328-4228-413d-8c76-a5d5e92ece26 |
Verdict: | Malicious activity |
Analysis date: | December 27, 2021, 10:25:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | D9213060EB709726DFBE5DF0CC6CE3EB |
SHA1: | F76378137F0CBDC390E7FD2D17587088BE490AC5 |
SHA256: | FABDA147FEC06B16C7913269906E7BC8E1488E4DE73728048EFD06FD475DBBD3 |
SSDEEP: | 3:N8SP3ulYabK6k0Q2y8LsQYOBpVTVcqpdSf0OIYAYVDiOQ1Io6z:2SmvuPmgVE7TVppd3OT9pid9C |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3732 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://docs.google.com/forms/d/e/1FAIpQLSeOogYipnGxt275dunPKkmJ35_rJT0vfpCNhKZ9d9LSvA7c-Q/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3116 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3732 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2344 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3732 CREDAT:2888966 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (3732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (3732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: 402541696 | |||
(PID) Process: | (3732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 30931724 | |||
(PID) Process: | (3732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 702549196 | |||
(PID) Process: | (3732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30931724 | |||
(PID) Process: | (3732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (3732) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3116 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_76F26EDEF7C1087F80A272B48769819E | der | |
MD5:432F936A13BD4C958CDCEDEFAAEBDC80 | SHA256:47227C17FEF8B63CA712452F599278F5111398ED8059A986D2A737C01BD610B5 | |||
3116 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | binary | |
MD5:08629DE5157F85B41033EE63ACBECA34 | SHA256:2CFB67F1C875988F2F017C9E6CFCEDED1E8ACE63B725222427B0ABC5918EB0DC | |||
3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\6283888[1].htm | html | |
MD5:82D8CBD89FA8265009307F36D222FFED | SHA256:3B46517810818B672ECB6F8095BCC9ED510331E5AE102303638A688517326132 | |||
3116 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | binary | |
MD5:21FFB46FD8C6E1DE837561389BC86DD4 | SHA256:357A1C8DAAFC87057639D394B4D89229C8642BD484C38ACAC024191DB65DC092 | |||
3116 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | der | |
MD5:64E9B8BB98E2303717538CE259BEC57D | SHA256:76BD459EC8E467EFC3E3FB94CB21B9C77A2AA73C9D4C0F3FAF823677BE756331 | |||
3116 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_30F32374BEBB4A72181B36E407396E90 | der | |
MD5:672EDE9903C1D69CEAC9F8C2A3B1462A | SHA256:F891A88F4CE65B3BA78A0D0BFCE3DD1C7328BFE3402668700C4F1D607C741AA9 | |||
3116 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | der | |
MD5:E83601188510672F5BF45AFD27652623 | SHA256:1778240A48E413EF8FAA9B7C30C7C1FC8C4C36E7D6F10A7D0794C0CE2EE95D92 | |||
3116 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TCZXRM3Q.txt | text | |
MD5:DB8428A3C2EB851D87887A5FC7A4C910 | SHA256:6FEC73ABF08D625470F085C580F1228DB2E2E5F0DFB856AEFF8C1B96E62DC0F1 | |||
3116 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:4BFCE14D3C289823614B0305226F65EA | SHA256:EA68EE8FC3D6175104C852243B790B0832BD6C4729E64D968BF27C5F1F2FD195 | |||
3116 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_76F26EDEF7C1087F80A272B48769819E | binary | |
MD5:3BBB9DFE96D9A45A4EEB97AEE80494DD | SHA256:258B36CDEB3361BA31F75A22E8E8B41EBD26A5A791891BBAE75AE84CF769A1B1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3116 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
3116 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD6vIn3vzMQlAoAAAABJf0y | US | der | 472 b | whitelisted |
3116 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
3116 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDpy2TqvAT99woAAAABJgKl | US | der | 472 b | whitelisted |
3732 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3116 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCECiWvl1%2BUB7cCgAAAAEl%2F%2BI%3D | US | der | 471 b | whitelisted |
3116 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDDxQmkH%2FlDagoAAAABJgJE | US | der | 472 b | whitelisted |
2344 | iexplore.exe | GET | 200 | 23.45.105.185:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
2344 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCZ2fjZwSXF%2BwoAAAABJfz9 | US | der | 472 b | whitelisted |
3116 | iexplore.exe | GET | 200 | 142.250.185.67:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCECHMNwkPtKJCCgAAAAEl%2FQo%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3116 | iexplore.exe | 142.250.186.78:443 | apis.google.com | Google Inc. | US | whitelisted |
3116 | iexplore.exe | 142.250.185.67:443 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3116 | iexplore.exe | 142.250.185.67:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3116 | iexplore.exe | 142.250.181.129:443 | lh3.googleusercontent.com | Google Inc. | US | whitelisted |
3116 | iexplore.exe | 142.250.186.164:443 | www.google.com | Google Inc. | US | whitelisted |
3116 | iexplore.exe | 142.250.185.238:443 | docs.google.com | Google Inc. | US | whitelisted |
3116 | iexplore.exe | 8.248.137.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
3116 | iexplore.exe | 172.217.21.46:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
3116 | iexplore.exe | 142.250.185.142:443 | play.google.com | Google Inc. | US | whitelisted |
3732 | iexplore.exe | 142.250.185.174:443 | support.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
docs.google.com |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
support.google.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
lh3.googleusercontent.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
ogs.google.com |
| whitelisted |