URL: | equipopacificard.webcindario.com |
Full analysis: | https://app.any.run/tasks/27be2736-7aec-4be5-a48f-625112e81c84 |
Verdict: | Malicious activity |
Analysis date: | February 29, 2024, 20:59:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 38D7655E2D491C9AC56E21F6E7B48625 |
SHA1: | FB303834EC684594640CD9482774A465F3B0D9C1 |
SHA256: | 5FEC3C0A3A7758563A0B47C7C8DE9D25902A9A3A7319CE8BC34801BE26C75AF4 |
SSDEEP: | 3:xQTp9SWLyPdI:cpVadI |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3656 | "C:\Program Files\Internet Explorer\iexplore.exe" "equipopacificard.webcindario.com" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3664 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3656 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
(PID) Process: | (3656) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
(PID) Process: | (3656) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
(PID) Process: | (3656) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 31091538 | |||
(PID) Process: | (3656) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
(PID) Process: | (3656) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 31091538 | |||
(PID) Process: | (3656) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3656) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3656) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3656) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
(PID) Process: | (3656) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_279EB7E7074697CADB0A3844954F1B7D | binary | |
MD5:3A41D3227DEF803C1BD7AE45219B4043 | SHA256:5446DE1DFBD23AAD6A59208D70724E5528ECFA7DE34DDD1DCAF5EEF0F0F326BA | |||
3664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_279EB7E7074697CADB0A3844954F1B7D | der | |
MD5:DF6124F6C53E3437C8D377C2A294CEE2 | SHA256:C4E2B6A92FF989FD02455BD8BBE76874B3C11CFFFE788C1522EE10BAFE42570F | |||
3664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | binary | |
MD5:EA7F9A23E7F020F6F949B43F55FC5FAB | SHA256:FC5821EB5908312B8B2A7BE5378EE7ECE8E0D09EB2FD23242149BB5ED6435ADE | |||
3664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | binary | |
MD5:49E61D7ACD2209CE1C4F8B77D3641E33 | SHA256:C353606147AABDD7E9CF7BBC8DF7BEC6E07A01B979854125AE4D6FBB0000A0AB | |||
3664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | der | |
MD5:76127914A3A2DE51D32EEBD077334F62 | SHA256:2D4B9B4A30AFB959FF3B9551DB6DE33398B7E2F0C4B42579CEBD9E592226093B | |||
3664 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\TF0JWWFH.htm | html | |
MD5:E74F8243DE436F809E0C2E0D6E83D3BD | SHA256:5555889A75E459537724B47E42EB0422C646FD588A999B2DB1873BD3A6DBD6F8 | |||
3664 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\gtm[1].js | text | |
MD5:42C25F53AC05399041189920BC10C4EF | SHA256:427FA6D02FEBFCB996367DBB9909FFCECB7D076C721F9BA0E16101A5392F5136 | |||
3664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4748633DC5731827D4B432DBAC7A3ECE | binary | |
MD5:24C10B330A9FD279D9132F547EB867AC | SHA256:BB8A9C056B0019EE2E29489DD14E19EE2E088F461D85E0D0836A29DF076D2EAC | |||
3664 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | der | |
MD5:AC89A852C2AAA3D389B2D2DD312AD367 | SHA256:0B720E19270C672F9B6E0EC40B468AC49376807DE08A814573FE038779534F45 | |||
3664 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\IUE53ASH.txt | text | |
MD5:47465844FDC5ED1786469DEEFC4B58E3 | SHA256:1A92E06303BB97E853E2191E6A61A17F71A7226598FA5426DFE6D48B4AC6ACDC |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3664 | iexplore.exe | GET | 200 | 142.250.185.227:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEH1ZfRmkcbmIEJt1GKpWSOU%3D | unknown | binary | 471 b | unknown |
3664 | iexplore.exe | GET | 304 | 23.48.23.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b3372c99093cbf50 | unknown | — | — | unknown |
3664 | iexplore.exe | GET | 304 | 23.48.23.7:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5b0325f31ae0f9b6 | unknown | — | — | unknown |
3664 | iexplore.exe | GET | 200 | 142.250.185.227:80 | http://crl.pki.goog/gtsr1/gtsr1.crl | unknown | binary | 854 b | unknown |
3664 | iexplore.exe | GET | 200 | 142.250.185.227:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | unknown | binary | 724 b | unknown |
3664 | iexplore.exe | GET | — | 142.250.185.227:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D | unknown | — | — | unknown |
3664 | iexplore.exe | GET | — | 23.48.23.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?29f261daf338db73 | unknown | — | — | unknown |
3664 | iexplore.exe | GET | 200 | 5.57.226.202:80 | http://equipopacificard.webcindario.com/ | unknown | html | 1.13 Kb | unknown |
3664 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | unknown | binary | 1.47 Kb | unknown |
3664 | iexplore.exe | GET | 200 | 142.250.185.227:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | unknown | binary | 1.41 Kb | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
3664 | iexplore.exe | 5.57.226.202:80 | equipopacificard.webcindario.com | ServiHosting Networks S.L. | ES | unknown |
3664 | iexplore.exe | 216.58.212.136:443 | www.googletagmanager.com | GOOGLE | US | unknown |
3664 | iexplore.exe | 23.48.23.7:80 | ctldl.windowsupdate.com | Akamai International B.V. | DE | unknown |
3664 | iexplore.exe | 23.48.23.8:80 | ctldl.windowsupdate.com | Akamai International B.V. | DE | unknown |
3664 | iexplore.exe | 142.250.185.227:80 | ocsp.pki.goog | GOOGLE | US | unknown |
3664 | iexplore.exe | 142.250.184.238:443 | www.google-analytics.com | GOOGLE | US | whitelisted |
3664 | iexplore.exe | 64.233.167.155:443 | stats.g.doubleclick.net | GOOGLE | US | whitelisted |
3664 | iexplore.exe | 172.67.218.124:443 | miarroba.st | CLOUDFLARENET | US | unknown |
Domain | IP | Reputation |
---|---|---|
equipopacificard.webcindario.com |
| unknown |
www.googletagmanager.com |
| whitelisted |
miarroba.st |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
www.google-analytics.com |
| whitelisted |
stats.g.doubleclick.net |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
crl.pki.goog |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3664 | iexplore.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
3664 | iexplore.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |