URL: | https://applauncher.gotowebinar.com/#join/attendee/en_US/e0-P3gKiXFXZt30tY3ka5NJlYpe-0y08/e0-P3gKiXFXZt30tY3ka5NJlYpe-0y08FV1r2gvNIDSVa8lCb3MTr78vB24_goJ3IoPdUl3epwd1NEnMMntD23wpgN7A5rmWVvOffP7mGaOOF-TXZFl9ztEZnEddSvVjlRV4GbEpSi6_rMIui_-Jo07cyYNIlXn5mUIWcxEL2GvySjsGDFbFJXXFO4dmYWxR8no6ZvGBHHaBvqGX3NfR2gAPOCd6GHAibrSCQrKMq7Luljm-PmqjdBN2CWNlk3YOJC_zKtVURCmvSnJqkt2cwGcA343vZwrpJVfJjfrDVI3udg4pIDVh1zZcgoZqZHavAPNZrHcA6UL0cKfjLClPnylu6W-2zBZLUfZFbhQP9HiogOG8FxbYm6k-_Xn6qehyrHc0j-DhQcahK2wBscr7OMDmiAa5AdLeWhrhOTWj8owJ960UeTMtzrY8x4UxLVXef3ze940pa4fNYY8CATorDJrZz0F420HcJDQR6TXGcz-m2X8mJqJ2UK8pBZOeTowM9aG0CiyvCoD8ngzi2jO90Cc-kjs9_nZKNffvqQUW-0wBZldukuieYLsBAZYiVdB7pZIVRaRGJF8NeZUYbDN6XVryhqRips5XYmbVS6KyPxGy63-34Ap-2FNFXK9CXgConviA61caHYdC1NyMLC-6OelbcEL7FU/7069325799378402561/189637482 |
Full analysis: | https://app.any.run/tasks/65c80d7d-2c8e-4ca7-af27-4c67a6d9e6f6 |
Verdict: | Malicious activity |
Analysis date: | December 18, 2018, 17:56:07 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 1CB46FFFFFE575CB6A2299BE0D52C857 |
SHA1: | 6D4AF3FDC3CAEADD2AC6BF84B3B6D931C4093685 |
SHA256: | FDB58B21682C85D4096C7B93B7FB2C9D3073D4C5851920E93A8E115EA4473748 |
SSDEEP: | 12:2DGoZqPykg7A8nQ8ofqYJx1GXSwtsd9MOM1UASQeQSUeCmnCAf0Ib2iI1m8Q:2yykgs8tofq0DGXlafMOM1bfe1lZQU8Q |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2944 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3200 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2944 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2944 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2944 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3200 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarAB86.tmp | — | |
MD5:— | SHA256:— | |||
3200 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabABA7.tmp | — | |
MD5:— | SHA256:— | |||
3200 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarABA8.tmp | — | |
MD5:— | SHA256:— | |||
3200 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabAC16.tmp | — | |
MD5:— | SHA256:— | |||
3200 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarAC17.tmp | — | |
MD5:— | SHA256:— | |||
3200 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | binary | |
MD5:843D890FFDD73E847A75A05A10F40300 | SHA256:7C1601E76EDEC5285E633F93E487FE28071B79834383EEC366E010C7817CE1EA | |||
3200 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 | compressed | |
MD5:A902CF373E02F7DC34F456ED7449279C | SHA256:EA0C12AEDEA644678014991A96534145E85AA12CD8955396DFDC98A4FC96F0D5 | |||
3200 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\applauncher_gotowebinar_com[1].htm | html | |
MD5:69F442926D7FD3D59374792F1FAAE0CB | SHA256:679B5D735502DD982E5AE06662B61DF718E8BE3BDC8C1F06820B5B411370B852 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3200 | iexplore.exe | GET | 200 | 93.184.221.240:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 55.2 Kb | whitelisted |
2944 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3200 | iexplore.exe | GET | 200 | 13.35.254.54:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3200 | iexplore.exe | 13.35.253.27:443 | applauncher.gotowebinar.com | — | US | suspicious |
2944 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3200 | iexplore.exe | 13.35.253.93:443 | applauncher.gotowebinar.com | — | US | suspicious |
3200 | iexplore.exe | 130.211.5.208:443 | cdn.mxpnl.com | Google Inc. | US | whitelisted |
3200 | iexplore.exe | 35.186.241.51:443 | api.mixpanel.com | Google Inc. | US | whitelisted |
3200 | iexplore.exe | 13.35.253.56:443 | weblibrary.cdn.getgo.com | — | US | suspicious |
3200 | iexplore.exe | 13.35.254.54:80 | x.ss2.us | — | US | malicious |
3200 | iexplore.exe | 93.184.221.240:80 | www.download.windowsupdate.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3200 | iexplore.exe | 13.35.253.25:443 | weblibrary.cdn.getgo.com | — | US | suspicious |
2944 | iexplore.exe | 13.35.253.27:443 | applauncher.gotowebinar.com | — | US | suspicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
applauncher.gotowebinar.com |
| whitelisted |
x.ss2.us |
| whitelisted |
www.download.windowsupdate.com |
| whitelisted |
weblibrary.cdn.getgo.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
cdn.mxpnl.com |
| whitelisted |
api.mixpanel.com |
| whitelisted |
launch.getgo.com |
| whitelisted |
tags.tiqcdn.com |
| whitelisted |