URL: | https://api.vault.netvoyage.com/neWeb2/login.aspx?newUser=VAULT-UD0VZG3A%7c2021-07-23+12%3a20%3a47Z%7c9hoaPQ5bg0Pwq5HKG708Q4RhxD4%3d |
Full analysis: | https://app.any.run/tasks/474e6db5-68b4-4df4-b633-f9cec734ce20 |
Verdict: | Malicious activity |
Analysis date: | July 23, 2021, 15:02:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 0B2F0E9B2BACE0B1EBB26858993ECA7E |
SHA1: | 0433DDF05B0C45C16BD2C614B61F12FE45BFC2D4 |
SHA256: | FBDC09008D01C0555A57DACF2028E6A5CE13DA676F0D69B636F1A7193CA229E3 |
SSDEEP: | 3:N8DLtJtL0TKX3LVKPnaKBy/1cANSIZ5fIWNKE+QHBSUyGn:2XhL0J5g/qAN7Z50FQhRyGn |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2540 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://api.vault.netvoyage.com/neWeb2/login.aspx?newUser=VAULT-UD0VZG3A%7c2021-07-23+12%3a20%3a47Z%7c9hoaPQ5bg0Pwq5HKG708Q4RhxD4%3d" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
420 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2540 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2540 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:B5CAE31BC8AB74218C500C3C9DDFEDF9 | SHA256:EF774A57576A450AD7DB6B83F60F19EB1F752F92EFE63C802D30D388F1DCB7A3 | |||
420 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\waitWhite[1].gif | image | |
MD5:FEE0364C8963820CA3DEA8F4A42527AF | SHA256:9A30D8018F94E4D5CCA0E7921EE68A4558ED70FF1E8D96067462E0EA6F3C916E | |||
420 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\ndCommon[1].js | text | |
MD5:16AD17823C02B632A4235826D2D42A83 | SHA256:675740E53339204F53BD476C3FFA85106098B516668F4554A7951C58C0F84E8A | |||
420 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\neWebCl[1].cab | compressed | |
MD5:BA6505B604EBC0C13867B077D0630DE8 | SHA256:C699D974C121AB1CA62074CA4C8288AF8DA39A0CAAA5702102000C3B580766DB | |||
420 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4 | der | |
MD5:452010DF5190805ECCE2E9F404D43048 | SHA256:B5A129DC56EA03AF0880964265B4537CF70FE00212AB46D2FFB0931434D3CC90 | |||
2540 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:4745B777FE397BA7BB2107A05A6E6ADC | SHA256:2C03F58A9D4D559E3F36BA1501E8213C8611D5AC524BB2851433577DCEF1D9EC | |||
420 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\main[1].css | text | |
MD5:6FB4C389E7E7744FEAA2FD4274D2FAC4 | SHA256:2A2B10B31715076C8E4A766EFB02BAD8A3E115F4E386C8502915566312404F82 | |||
420 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\login[1].htm | html | |
MD5:9183386DC01AE6E25E177765DD67D183 | SHA256:223803B97A7BC7395953CC599B9C21BBE24933B7238941FC97B372BA9066DFE1 | |||
420 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\waitBlackGrey[1].gif | image | |
MD5:B28583233FA90B7369CD8BC5F23D59D5 | SHA256:5AE88CD097CEB56102ECBADEDFC2E273014836D2ECBD58235FB86964A6E1A152 | |||
420 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:1575B5DECA49B3345BFC30301B09742A | SHA256:1B5BE811423A011A9EB5CC68DE20FF64CFE09DF990C4C748246082512FCEDA46 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
420 | iexplore.exe | GET | 200 | 143.204.101.74:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
420 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | der | 471 b | whitelisted |
2540 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
420 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D | US | der | 471 b | whitelisted |
2540 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
420 | iexplore.exe | GET | 200 | 13.32.23.104:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
420 | iexplore.exe | GET | 200 | 23.55.163.73:80 | http://crl.identrust.com/DSTROOTCAX3CRL.crl | US | der | 1.16 Kb | whitelisted |
420 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
420 | iexplore.exe | GET | 200 | 67.27.157.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c19c7e0552192d91 | US | compressed | 4.70 Kb | whitelisted |
420 | iexplore.exe | GET | 200 | 23.55.163.58:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPJI4TIRSJWxIRXrY3bPKl8zA%3D%3D | US | der | 503 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2540 | iexplore.exe | 67.27.157.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
2540 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
420 | iexplore.exe | 67.27.157.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
420 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2540 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
420 | iexplore.exe | 23.55.163.73:80 | crl.identrust.com | Akamai International B.V. | US | unknown |
2540 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2540 | iexplore.exe | 67.26.139.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
420 | iexplore.exe | 23.36.235.31:443 | api.vault.netvoyage.com | Akamai Technologies, Inc. | NL | unknown |
420 | iexplore.exe | 104.117.200.9:80 | x1.c.lencr.org | TPG Telecom Limited | US | unknown |
Domain | IP | Reputation |
---|---|---|
api.vault.netvoyage.com |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.netdocuments.com |
| malicious |
crl.identrust.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |