analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://www.giftsbymint.com/

Full analysis: https://app.any.run/tasks/c3d17731-626a-4a36-a382-a353f3e47594
Verdict: Malicious activity
Analysis date: June 27, 2022, 12:19:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

992BBCFAC9A461525D2686DE4CE17601

SHA1:

A8DEFC6446D8FE9458D8B323C996223BC9A714E2

SHA256:

01BBC4CE188C9CFCF988057EE23C0340B5763FF9F26E2BEC8F0390F8F310555A

SSDEEP:

3:N1KJS4VWZMP3:Cc4sG3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3212)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3212)
      • iexplore.exe (PID: 2472)

    • Checks supported languages

      • iexplore.exe (PID: 2472)
      • iexplore.exe (PID: 3212)

    • Changes internet zones settings

      • iexplore.exe (PID: 2472)

    • Application launched itself

      • iexplore.exe (PID: 2472)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2472)
      • iexplore.exe (PID: 3212)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3212)

    • Creates files in the user directory

      • iexplore.exe (PID: 3212)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2472)
      • iexplore.exe (PID: 3212)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2472"C:\Program Files\Internet Explorer\iexplore.exe" "http://www.giftsbymint.com/"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3212"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2472 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
21 449
Read events
21 330
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
33
Text files
50
Unknown types
28

Dropped files

PID
Process
Filename
Type
3212iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab713F.tmpcompressed
MD5:308336E7F515478969B24C13DED11EDE
SHA256:889B832323726A9F10AD03F85562048FDCFE20C9FF6F9D37412CF477B4E92FF9
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:308336E7F515478969B24C13DED11EDE
SHA256:889B832323726A9F10AD03F85562048FDCFE20C9FF6F9D37412CF477B4E92FF9
3212iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab7141.tmpcompressed
MD5:308336E7F515478969B24C13DED11EDE
SHA256:889B832323726A9F10AD03F85562048FDCFE20C9FF6F9D37412CF477B4E92FF9
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3A3D981CCFD57556F1B1696917031403binary
MD5:A5C20BE163368A30E1CFB3E17516FA8F
SHA256:DFE8E2FFBF44763ADF3479FDE226DBFDF898EB2FA4183AD8369F07C9A42A78B8
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:C87C10213F8090EE08699ADD6B3A4E62
SHA256:5C07EEDD0382B82C9EB5480651D87CE6C41B886F220DFE73BEDF781DDC278B07
2472iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342
SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E
3212iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3L7S90Z5.txttext
MD5:130A21693143F1693052ECACDE4D52EE
SHA256:09C7B618E140FE5A24AD7D9117809DA7AA2178E4F341760D0FA89EA936029868
3212iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\97PIX31W.txttext
MD5:CFDC3F4173FB59B2599F92271035BED2
SHA256:75CBE062ED7C3E5E7018C4582ADDF43AA0F59F9DD46BD649456860C2D812E2C6
3212iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar7140.tmpcat
MD5:2D8A5090656DE9FB55DD0F3BA20F9299
SHA256:44AE1E61A4E6305C15AAA52FD1B29DDB060E69233703CBA611F5E781D766442E
3212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:E0A4D063DD81AB085EEF0F8CA7F1414E
SHA256:2F6CBB26107BC7165FC52FFEF51A81D0E9C72B9F61AC965C6DD97D52BB26148E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
72
DNS requests
47
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3212
iexplore.exe
GET
301
23.227.38.74:80
http://www.giftsbymint.com/
CA
html
90 b
malicious
3212
iexplore.exe
GET
200
67.26.137.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e23a1cf438697d91
US
compressed
4.70 Kb
whitelisted
3212
iexplore.exe
GET
200
96.16.145.230:80
http://x1.c.lencr.org/
US
der
717 b
whitelisted
3212
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
3212
iexplore.exe
GET
200
192.124.249.24:80
http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D
US
der
1.66 Kb
whitelisted
2472
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3212
iexplore.exe
GET
200
143.204.101.78:80
http://s.ss2.us/r.crl
US
der
434 b
whitelisted
3212
iexplore.exe
GET
200
67.26.137.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c2ead0a9a167a904
US
compressed
60.0 Kb
whitelisted
3212
iexplore.exe
GET
200
142.250.185.67:80
http://crl.pki.goog/gtsr1/gtsr1.crl
US
der
760 b
whitelisted
3212
iexplore.exe
GET
200
184.24.77.73:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNG1TDWa3qeGCcmKCAXw9BQUA%3D%3D
US
der
503 b
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3212
iexplore.exe
67.26.137.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
malicious
3212
iexplore.exe
23.227.38.65:443
giftsbymint.com
Shopify, Inc.
CA
malicious
3212
iexplore.exe
104.16.255.71:443
cdn.shopify.com
Cloudflare Inc
US
unknown
3212
iexplore.exe
96.16.145.230:80
x1.c.lencr.org
Akamai Technologies, Inc.
US
suspicious
2472
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2472
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3212
iexplore.exe
23.227.38.74:80
www.giftsbymint.com
Shopify, Inc.
CA
malicious
3212
iexplore.exe
184.24.77.73:80
r3.o.lencr.org
Time Warner Cable Internet LLC
US
unknown
3212
iexplore.exe
142.250.185.104:443
www.googletagmanager.com
Google Inc.
US
suspicious
3212
iexplore.exe
143.204.89.2:443
d3hw6dc1ow8pp2.cloudfront.net
US
malicious

DNS requests

Domain
IP
Reputation
www.microsoft.com
whitelisted
www.giftsbymint.com
  • 23.227.38.74
malicious
giftsbymint.com
  • 23.227.38.65
malicious
ctldl.windowsupdate.com
  • 67.26.137.254
  • 67.26.139.254
  • 8.238.30.126
  • 8.238.28.254
  • 8.248.143.254
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
x1.c.lencr.org
  • 96.16.145.230
whitelisted
r3.o.lencr.org
  • 184.24.77.73
  • 184.24.77.81
  • 184.24.77.77
  • 184.24.77.46
  • 184.24.77.59
  • 184.24.77.70
  • 184.24.77.47
  • 184.24.77.48
  • 184.24.77.44
shared
ocsp.digicert.com
  • 93.184.220.29
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.giftsbymint.com/