URL: | https://docs.google.com/document/d/17h45DyasfOhEXEZXcOStKk1OQx7nYyKhv0KUmxxIchk/edit?usp=sharing |
Full analysis: | https://app.any.run/tasks/fb756415-ec25-4ba3-9689-a9524ec87240 |
Verdict: | Malicious activity |
Analysis date: | February 21, 2020, 17:20:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | B31E54E0023839E7F631D7223B641F51 |
SHA1: | 39CE6B2D67D641BAFC4C675723BFC772E1A1BF4F |
SHA256: | FD747B9E28BC0DD0F120DE56D17ACDCE7B6C11C58F73535FE7809526BE049345 |
SSDEEP: | 3:N8SP3unKJRBUfh1DN469GNRBYQ9/dnRsC:2SmKJsffR46kN0QjnqC |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2524 | "C:\Program Files\Internet Explorer\iexplore.exe" "https://docs.google.com/document/d/17h45DyasfOhEXEZXcOStKk1OQx7nYyKhv0KUmxxIchk/edit?usp=sharing" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2632 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2524 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3128 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 | ||||
3292 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2524 CREDAT:1119544 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3840 | "C:\Program Files\Google\Update\1.3.34.11\GoogleUpdateWebPlugin.exe" "https:%2F%2Fwww.google.com%2F" "%2Finstall%20%22appguid=%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid=%7BA0BF5797-BB74-FFDB-A36C-1187ED0ABBA5%7D%26lang=sv%26browser=2%26usagestats=1%26appname=Google%2520Chrome%26needsadmin=prefers%26ap=stable-arch_x86-statsdef_1%26brand=SXXQ%26installdataindex=defaultbrowser%22" /installsource oneclick | C:\Program Files\Google\Update\1.3.34.11\GoogleUpdateWebPlugin.exe | — | iexplore.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Update Exit code: 0 Version: 1.3.34.11 | ||||
2076 | "C:\Program Files\Google\Update\1.3.34.11\GoogleUpdateWebPlugin.exe" "https:%2F%2Fwww.google.com%2F" "%2Finstall%20%22appguid=%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid=%7BA0BF5797-BB74-FFDB-A36C-1187ED0ABBA5%7D%26lang=sv%26browser=2%26usagestats=1%26appname=Google%2520Chrome%26needsadmin=prefers%26ap=stable-arch_x86-statsdef_1%26brand=SXXQ%26installdataindex=defaultbrowser%22" /installsource oneclick | C:\Program Files\Google\Update\1.3.34.11\GoogleUpdateWebPlugin.exe | — | iexplore.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Update Exit code: 0 Version: 1.3.34.11 | ||||
2532 | "C:\Program Files\Google\Update\GoogleUpdate.exe" /pi "https:%2F%2Fwww.google.com%2F" "%2Finstall%20%22appguid=%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid=%7BA0BF5797-BB74-FFDB-A36C-1187ED0ABBA5%7D%26lang=sv%26browser=2%26usagestats=1%26appname=Google%2520Chrome%26needsadmin=prefers%26ap=stable-arch_x86-statsdef_1%26brand=SXXQ%26installdataindex=defaultbrowser%22" /installsource oneclick | C:\Program Files\Google\Update\GoogleUpdate.exe | GoogleUpdateWebPlugin.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Installer Exit code: 0 Version: 1.3.33.23 | ||||
2404 | "C:\Users\admin\AppData\Local\Temp\{5F8AFECF-A716-4EFB-BB9C-D49122158771}\GoogleUpdate.exe" /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={A0BF5797-BB74-FFDB-A36C-1187ED0ABBA5}&lang=sv&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=stable-arch_x86-statsdef_1&brand=SXXQ&installdataindex=defaultbrowser" /installsource oneclick | C:\Users\admin\AppData\Local\Temp\{5F8AFECF-A716-4EFB-BB9C-D49122158771}\GoogleUpdate.exe | — | GoogleUpdate.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Installer Exit code: 2147747856 Version: 1.3.34.11 | ||||
3560 | "C:\Users\admin\AppData\Local\Temp\{5F8AFECF-A716-4EFB-BB9C-D49122158771}\GoogleUpdateSetup.exe" /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={A0BF5797-BB74-FFDB-A36C-1187ED0ABBA5}&lang=sv&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=stable-arch_x86-statsdef_1&brand=SXXQ&installdataindex=defaultbrowser" /installsource oneclick /installelevated /nomitag | C:\Users\admin\AppData\Local\Temp\{5F8AFECF-A716-4EFB-BB9C-D49122158771}\GoogleUpdateSetup.exe | GoogleUpdate.exe | |
User: admin Company: Google LLC Integrity Level: HIGH Description: Google Update Setup Exit code: 2147747856 Version: 1.3.34.11 | ||||
3732 | "C:\Program Files\GUM4113.tmp\GoogleUpdate.exe" /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={A0BF5797-BB74-FFDB-A36C-1187ED0ABBA5}&lang=sv&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=stable-arch_x86-statsdef_1&brand=SXXQ&installdataindex=defaultbrowser" /installsource oneclick /installelevated | C:\Program Files\GUM4113.tmp\GoogleUpdate.exe | — | GoogleUpdateSetup.exe |
User: admin Company: Google LLC Integrity Level: HIGH Description: Google Installer Exit code: 2147747856 Version: 1.3.34.11 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2632 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab81AB.tmp | — | |
MD5:— | SHA256:— | |||
2632 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar81AC.tmp | — | |
MD5:— | SHA256:— | |||
2632 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\PGXAICWX.txt | — | |
MD5:— | SHA256:— | |||
2524 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2632 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:E550DA03AEE5B546B436CD553D3233B9 | SHA256:9ABFD4E29B96CCA442502B1DE6071FE0293455DF22B4EFF19FA3E6DF060947E7 | |||
2632 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7GO6VZI.txt | text | |
MD5:3E23D25FA8C2475515417A68E899BDAD | SHA256:67BD99C10B25177A6C9B32A6C023C886393729AABAD1B2EF75867B125DB84D3B | |||
2632 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C | der | |
MD5:2B4FB43498D09D21C8EBE8C4F14A75D5 | SHA256:F34126B491F207CFE70B24CF3AFD592F6BC39768569F4E42A8C13FC286D60EE8 | |||
2632 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3PCSQWH5.txt | text | |
MD5:29C53E7462596D24F84082B5B9BF8226 | SHA256:706875F025576DBBF81490087F2EC3772A38C7771119E5E6CD16C6030631BADD | |||
2632 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\BFNULQTW.txt | text | |
MD5:C63D015FD1283AC783854031FC0CE80A | SHA256:3B597DF771C693931E6D43C1EE96A9844B78CD633E10B161249D33120D04AE23 | |||
2632 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C | binary | |
MD5:5D29432E1439A3B923858D99B2DA14C1 | SHA256:6AB32672B59B784422A83C8F0B7C1EF21777C7EBB956F9F842EB5EB2718ACD3B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2632 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDvdxhhS3x8DggAAAAALnGY | US | der | 472 b | whitelisted |
2632 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDvdxhhS3x8DggAAAAALnGY | US | der | 472 b | whitelisted |
2632 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCED0tmi9noer%2BAgAAAABXm9Y%3D | US | der | 471 b | whitelisted |
2632 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCaKXJiibI7zAgAAAAALC6E | US | der | 472 b | whitelisted |
2632 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2632 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2632 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDu3mVgzTXArwIAAAAAWXG3 | US | der | 472 b | whitelisted |
2632 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDu3mVgzTXArwIAAAAAWXG3 | US | der | 472 b | whitelisted |
3292 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCgdZM8AVzzKAgAAAAALnDU | US | der | 472 b | whitelisted |
2632 | iexplore.exe | GET | 200 | 172.217.23.99:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCZXC%2BXyoEf%2BQgAAAAALnGl | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2632 | iexplore.exe | 172.217.23.131:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
2632 | iexplore.exe | 172.217.18.164:443 | www.google.com | Google Inc. | US | whitelisted |
2632 | iexplore.exe | 172.217.22.67:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
2632 | iexplore.exe | 172.217.16.142:443 | docs.google.com | Google Inc. | US | whitelisted |
2524 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2632 | iexplore.exe | 172.217.23.99:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2632 | iexplore.exe | 172.217.23.161:443 | lh6.googleusercontent.com | Google Inc. | US | whitelisted |
2632 | iexplore.exe | 172.217.22.35:443 | www.gstatic.com | Google Inc. | US | whitelisted |
2632 | iexplore.exe | 172.217.23.110:443 | play.google.com | Google Inc. | US | whitelisted |
2632 | iexplore.exe | 172.217.16.174:443 | apis.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
docs.google.com |
| shared |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
www.google.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
lh6.googleusercontent.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
— | — | Misc activity | ET INFO EXE - Served Attached HTTP |