URL: | https://thuong.ceohuong.com/tairqnaeu/enrteteiiq-icleaiislunhtauep-orbsssuliees |
Full analysis: | https://app.any.run/tasks/87920ed2-4c9f-4485-a6a2-81ca9f4aefb0 |
Verdict: | Malicious activity |
Analysis date: | January 25, 2022, 00:19:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | FF14BEF60B04600BEE047DEF5DE0AD57 |
SHA1: | 258060E3A9870F5F4A669CAC58C640DA7E1C1D81 |
SHA256: | FAEAF9B295EB84E836D3A4ED33C8F1C1EC9428CF60FC9F73A533B02B0D34D7CA |
SSDEEP: | 3:N8FQKALdhEWULERXdRuEEe5iQAi9lWn:2xBTsfuRe5iQR9lW |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2152 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://thuong.ceohuong.com/tairqnaeu/enrteteiiq-icleaiislunhtauep-orbsssuliees" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2912 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2152 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2008 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\enrteteiiq-icleaiislunhtauep-orbsssuliees.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | iexplore.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 Modules
| |||||||||||||||
2200 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | WinRAR.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 Modules
| |||||||||||||||
2072 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | EXCEL.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Excel Exit code: 0 Version: 14.0.6024.1000 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2200 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRA2A6.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2152 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:12CB8CD537C6616F338A761663335C99 | SHA256:20864A8BB4D7E79BDE194BAA6D59CBF6A3845F1DBE2A0A25FBBE924EC2A1EA1D | |||
2152 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:C301E9F0DB2C1985F13658B0C1175332 | SHA256:2BE226B104C5696DB2E6FBF2A0402BA947812F2E30575C1A72C916F0EAD90825 | |||
2152 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:FC990EAA7247546FB67C18916A4CAC9B | SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993 | |||
2912 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\enrteteiiq-icleaiislunhtauep-orbsssuliees[1].htm | html | |
MD5:57D6014147D8D969331D9B49DD6E7BEE | SHA256:888411DB22D37AAD63A619CAA3E13EE4CDF0A923E6ED6EEAEC6837531AF3A796 | |||
2200 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\OICE_ED4E4B5D-1DF6-4402-8BB4-2DEE0B24FD22.0\msoA620.tmp | compressed | |
MD5:2A815A77F565BA03BEAA8DFF397BACB5 | SHA256:0AE8412AA75913E53D77048B52DAE184791F0EAE7B2AFA2A7DFB670A618E7DB5 | |||
2008 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa2008.14574\THYH-1121791562.xlsb | document | |
MD5:AD13536054BB5A4C0B64BE61A8744DB3 | SHA256:F546268B90A73D2C94E47A2D7ACA5F1A27FE9CA3A05006FA2DB808698D4DB62A | |||
2912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:BB40D11CFC0D5D3856D639792868949D | SHA256:2D8EF0A991948EE9E3E2361E69E67CE4E06DB89880C5D135692AC77BB3E0CD48 | |||
2912 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\enrteteiiq-icleaiislunhtauep-orbsssuliees[1].zip | compressed | |
MD5:94561D3D6CF3802EB02E10117509B753 | SHA256:04EE021B45239AA42653554C939158726B1F8E8EC3CEF18395DD4DD647F14B37 | |||
2912 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:8CD7E90C9F52DCC22A188DB1D82D4356 | SHA256:F3F9DC32585CEBC0A478458DF911980CF546F8DAB032649EC676B7D243A4F46F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2152 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2912 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
2152 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2152 | iexplore.exe | GET | 200 | 2.16.106.171:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?eebe35231b25f1cc | unknown | compressed | 4.70 Kb | whitelisted |
2152 | iexplore.exe | GET | 200 | 2.16.106.171:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ce5e98476f0082cc | unknown | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2912 | iexplore.exe | 188.114.96.22:443 | thuong.ceohuong.com | Cloudflare Inc | US | malicious |
2152 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2152 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2912 | iexplore.exe | 188.114.97.22:443 | thuong.ceohuong.com | Cloudflare Inc | US | malicious |
2152 | iexplore.exe | 2.16.106.171:80 | ctldl.windowsupdate.com | Akamai International B.V. | — | whitelisted |
2152 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2912 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
thuong.ceohuong.com |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |