URL:

http://www.smartbill.co.kr/xMain/mb/mb_login/login2.aspx?DtiId=524874984&DtiWriteDate=2024-03-25&IsArAp=AP&SBGubun=BYR&Signal=ARISSUE&BrkDtiYn=N&LoginTicket=B2774E527A740B765704DA2C22B37EE6&scvepn=rNvp3yWo2bGAMYIZVUlold6Swn9XluE8dJFRNN6VXgV5jd/tmQ4ghiRznjKuJtPb&stkn=

Full analysis: https://app.any.run/tasks/972901cc-f7ea-42e2-84e0-79daeb1a8328
Verdict: Malicious activity
Analysis date: March 26, 2024, 02:02:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

0E3AC6EDFF438AC19B873CF7FD454A8C

SHA1:

AFA04658319634667D3D0DF679876AAD7A1168C7

SHA256:

0289B76D47C60F6ACE7D21D063096EF05B63403E49F1236335A68108B4362191

SSDEEP:

6:Cc4sqY+RMkRzucHGqD85XwDCO+fYH52sJs0eIt2PrOn:1qhRTDH45xO+fYHosZ2Kn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2124"C:\Program Files\Internet Explorer\iexplore.exe" "http://www.smartbill.co.kr/xMain/mb/mb_login/login2.aspx?DtiId=524874984&DtiWriteDate=2024-03-25&IsArAp=AP&SBGubun=BYR&Signal=ARISSUE&BrkDtiYn=N&LoginTicket=B2774E527A740B765704DA2C22B37EE6&scvepn=rNvp3yWo2bGAMYIZVUlold6Swn9XluE8dJFRNN6VXgV5jd/tmQ4ghiRznjKuJtPb&stkn="C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2856"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2124 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
25 498
Read events
25 364
Write events
100
Delete events
34

Modification events

(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31096609
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31096609
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
50
Text files
131
Unknown types
29

Dropped files

PID
Process
Filename
Type
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:D40899FA388CB40AFE870DED0B6F32BF
SHA256:E556BAB0A0BC18C6FB8400E0607C67AC42ACD00130F360361CCF271FF9DA6D3E
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:EB020F13DD4A85B68D82A454AA4E4C73
SHA256:A1868B8C4EDEB05D1F2568FABCE22D86EEF64F6504B62D6D5A4DA3474096B258
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:B979F98892F43422B886D414A38E4832
SHA256:D89D6651A5847E1A0AC1A5C7780FB85DD9C3EFC410AD714EDC16D7B8F43DDFD3
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:6CCBC20FB1DB9A318EECD3C976F1B482
SHA256:FB8DBAFD25AE146C2A3541F4869A57C787FE4F3BEA945DC3EA8CBD658EA43846
2856iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\js[1].jstext
MD5:5741A3D30009287DF5483D63C72F809D
SHA256:53ADAA45C859B9DF6A70ED68B0A0BA1E927369F15F3206E4461515EFE43D9BA6
2856iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\login[1].jstext
MD5:964C4B6EB2082D391F32F4EEBD16F32E
SHA256:A9121E12735876523FBB0942CB5C3CC137B6BE82F92EF9447E4947822BDA6738
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62der
MD5:38F8032E6CD53C8D412D4C330FD852C0
SHA256:92C063DD0AAD31E695014A96D215989F7842549AA702BF958E4EB57A56C9607C
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:65C1CE3FCF74FF9C730879C2B9AD5BF6
SHA256:FE9B255089AA3021139ACB74C3112C005E7F925B4189C6FC729DD11BA35F3561
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_99430B8B5F4E113F6193E2BF9312EF16binary
MD5:156E67C39F39AB12D19C3A0CDE5D8AF9
SHA256:D1BF8021D5BB76AA34263BDB09369DC11072AF2964B1D684B51A4438842C6504
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:37621E538B6758E7BA0F8FDEC8C0E9FA
SHA256:FB224F6B3F0386994AC2AF3BE62366EA4DC64D7C41608E3EA676C46F595B520D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
96
TCP/UDP connections
119
DNS requests
56
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2856
iexplore.exe
GET
200
183.111.188.210:80
http://www.smartbill.co.kr/xMain/mb/mb_login/login2.aspx?DtiId=524874984&DtiWriteDate=2024-03-25&IsArAp=AP&SBGubun=BYR&Signal=ARISSUE&BrkDtiYn=N&LoginTicket=B2774E527A740B765704DA2C22B37EE6&scvepn=rNvp3yWo2bGAMYIZVUlold6Swn9XluE8dJFRNN6VXgV5jd/tmQ4ghiRznjKuJtPb&stkn=
unknown
html
80.8 Kb
unknown
2856
iexplore.exe
GET
200
183.111.188.210:80
http://www.smartbill.co.kr/js/ga.js?gaid=UA-104224323-1
unknown
text
773 b
unknown
2856
iexplore.exe
GET
200
183.111.188.210:80
http://www.smartbill.co.kr/js/main/login.js
unknown
text
5.96 Kb
unknown
2856
iexplore.exe
GET
200
183.111.188.210:80
http://www.smartbill.co.kr/js/title.js
unknown
html
3.75 Kb
unknown
2856
iexplore.exe
GET
200
183.111.188.210:80
http://www.smartbill.co.kr/js/mb.js
unknown
text
44.9 Kb
unknown
2856
iexplore.exe
GET
304
23.216.77.69:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?36ca310eb28aaa33
unknown
unknown
2856
iexplore.exe
GET
304
23.216.77.69:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b150b552b216e1f4
unknown
unknown
2856
iexplore.exe
GET
200
183.111.188.210:80
http://www.smartbill.co.kr/js/dti_common.js
unknown
text
383 Kb
unknown
2856
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2856
iexplore.exe
GET
200
183.111.188.210:80
http://www.smartbill.co.kr/sbadmin/file/bannerFile/176x108_%EB%A0%88%ED%94%84%ED%8A%B8%EB%A6%AC%EB%AA%A8%EC%BB%A81.jpg
unknown
image
6.14 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2856
iexplore.exe
183.111.188.210:80
www.smartbill.co.kr
Korea Telecom
KR
unknown
2856
iexplore.exe
142.250.185.72:443
www.googletagmanager.com
GOOGLE
US
unknown
2856
iexplore.exe
23.216.77.69:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2856
iexplore.exe
142.250.181.227:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2856
iexplore.exe
18.244.18.89:443
compass.adop.cc
US
unknown
2856
iexplore.exe
108.138.2.195:80
o.ss2.us
AMAZON-02
US
unknown
2856
iexplore.exe
18.245.39.64:80
ocsp.rootg2.amazontrust.com
US
unknown

DNS requests

Domain
IP
Reputation
www.smartbill.co.kr
  • 183.111.188.210
unknown
www.googletagmanager.com
  • 142.250.185.72
whitelisted
ctldl.windowsupdate.com
  • 23.216.77.69
  • 23.216.77.80
whitelisted
ocsp.pki.goog
  • 142.250.181.227
whitelisted
compass.adop.cc
  • 18.244.18.89
  • 18.244.18.27
  • 18.244.18.128
  • 18.244.18.126
shared
o.ss2.us
  • 108.138.2.195
  • 108.138.2.173
  • 108.138.2.10
  • 108.138.2.107
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.245.39.64
whitelisted
www.google-analytics.com
  • 216.239.34.178
  • 216.239.32.178
  • 216.239.38.178
  • 216.239.36.178
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.245.39.64
shared
region1.analytics.google.com
  • 216.239.32.36
  • 216.239.34.36
whitelisted

Threats

PID
Process
Class
Message
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
1080
svchost.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2856
iexplore.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
2856
iexplore.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
2856
iexplore.exe
Not Suspicious Traffic
INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)
2856
iexplore.exe
Not Suspicious Traffic
INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)
2856
iexplore.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
2856
iexplore.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.smartbill.co.kr/xMain/mb/mb_login/login2.aspx?DtiId=524874984&DtiWriteDate=2024-03-25&IsArAp=AP&SBGubun=BYR&Signal=ARISSUE&BrkDtiYn=N&LoginTicket=B2774E527A740B765704DA2C22B37EE6&scvepn=rNvp3yWo2bGAMYIZVUlold6Swn9XluE8dJFRNN6VXgV5jd/tmQ4ghiRznjKuJtPb&stkn=