analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| URL: | http://www.mediafire.com/file/4zx7qsvp9c87xkx/MEE6_Controller.rar/file |
| Full analysis: | https://app.any.run/tasks/a3879491-717c-4284-bef2-15a487646974 |
| Verdict: | Malicious activity |
| Threats: | Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security. |
| Analysis date: | May 10, 2020 at 06:41:04 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MD5: | E056E0D6BEFFBF4DB18A03E9449FD3AB |
| SHA1: | 1E98833158F96BB0DC36DF0C6DE6DA10F5566584 |
| SHA256: | 02D44F6A26236B7461430DB99CCFCFFCA6EA9B473955BD656522FC86BF698A92 |
| SSDEEP: | 3:N1KJS4w3eGUoR5U2CX69lagzKA:Cc4w3eG15dZ9lXKA |
MALICIOUS
Application was dropped or rewritten from another process
- MEE6 Controller - Setup.exe (PID: 2956)
- MEE6 Controller - Setup.exe (PID: 3948)
- MEE6 Controller.exe (PID: 2128)
- MEE6 Controller.exe (PID: 2548)
SUSPICIOUS
Executed via COM
- FlashUtil32_26_0_0_131_ActiveX.exe (PID: 1948)
Executable content was dropped or overwritten
- WinRAR.exe (PID: 2896)
- MEE6 Controller - Setup.exe (PID: 2956)
- MEE6 Controller - Setup.exe (PID: 3948)
- MEE6 Controller - Setup.tmp (PID: 3212)
Reads the Windows organization settings
- MEE6 Controller - Setup.tmp (PID: 3212)
Reads Windows owner or organization settings
- MEE6 Controller - Setup.tmp (PID: 3212)
INFO
Modifies the phishing filter of IE
- iexplore.exe (PID: 2296)
Reads Internet Cache Settings
- iexplore.exe (PID: 2296)
- iexplore.exe (PID: 2360)
- iexplore.exe (PID: 1028)
Dropped object may contain TOR URL's
- iexplore.exe (PID: 1028)
Reads internet explorer settings
- iexplore.exe (PID: 1028)
- iexplore.exe (PID: 2360)
Creates files in the user directory
- FlashUtil32_26_0_0_131_ActiveX.exe (PID: 1948)
- iexplore.exe (PID: 1028)
- iexplore.exe (PID: 2296)
- iexplore.exe (PID: 2360)
Changes internet zones settings
- iexplore.exe (PID: 2296)
Application launched itself
- iexplore.exe (PID: 2296)
Manual execution by user
- MEE6 Controller - Setup.exe (PID: 2956)
- MEE6 Controller.exe (PID: 2548)
Application was dropped or rewritten from another process
- MEE6 Controller - Setup.tmp (PID: 2308)
- MEE6 Controller - Setup.tmp (PID: 3212)
Creates files in the program directory
- MEE6 Controller - Setup.tmp (PID: 3212)
Creates a software uninstall entry
- MEE6 Controller - Setup.tmp (PID: 3212)
Reads settings of System Certificates
- iexplore.exe (PID: 1028)
- iexplore.exe (PID: 2360)
- iexplore.exe (PID: 2296)
Changes settings of System certificates
- iexplore.exe (PID: 2296)
Adds / modifies Windows certificates
- iexplore.exe (PID: 2296)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
58
Monitored processes
11
Malicious processes
0
Suspicious processes
1
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2296 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://www.mediafire.com/file/4zx7qsvp9c87xkx/MEE6_Controller.rar/file" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
| 2360 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2296 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
| 1028 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2296 CREDAT:3937553 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
| 1948 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Exit code: 0 Version: 26,0,0,131 Modules
| |||||||||||||||
| 2896 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\MEE6 Controller.rar" | C:\Program Files\WinRAR\WinRAR.exe | iexplore.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 Modules
| |||||||||||||||
| 2956 | "C:\Users\admin\Desktop\MEE6 Controller - Setup.exe" | C:\Users\admin\Desktop\MEE6 Controller - Setup.exe | explorer.exe | ||||||||||||
User: admin Company: Anonyme Integrity Level: MEDIUM Description: MEE6 Controller Setup Exit code: 0 Version: Modules
| |||||||||||||||
| 2308 | "C:\Users\admin\AppData\Local\Temp\is-F3P37.tmp\MEE6 Controller - Setup.tmp" /SL5="$8029C,10886353,724992,C:\Users\admin\Desktop\MEE6 Controller - Setup.exe" | C:\Users\admin\AppData\Local\Temp\is-F3P37.tmp\MEE6 Controller - Setup.tmp | — | MEE6 Controller - Setup.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 Modules
| |||||||||||||||
| 3948 | "C:\Users\admin\Desktop\MEE6 Controller - Setup.exe" /SPAWNWND=$801F4 /NOTIFYWND=$8029C | C:\Users\admin\Desktop\MEE6 Controller - Setup.exe | MEE6 Controller - Setup.tmp | ||||||||||||
User: admin Company: Anonyme Integrity Level: HIGH Description: MEE6 Controller Setup Exit code: 0 Version: Modules
| |||||||||||||||
| 3212 | "C:\Users\admin\AppData\Local\Temp\is-GSKKA.tmp\MEE6 Controller - Setup.tmp" /SL5="$E0266,10886353,724992,C:\Users\admin\Desktop\MEE6 Controller - Setup.exe" /SPAWNWND=$801F4 /NOTIFYWND=$8029C | C:\Users\admin\AppData\Local\Temp\is-GSKKA.tmp\MEE6 Controller - Setup.tmp | MEE6 Controller - Setup.exe | ||||||||||||
User: admin Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 Modules
| |||||||||||||||
| 2128 | "C:\Program Files\MEE6 Controller\MEE6 Controller.exe" | C:\Program Files\MEE6 Controller\MEE6 Controller.exe | MEE6 Controller - Setup.tmp | ||||||||||||
User: admin Integrity Level: MEDIUM Description: MEE6 Controller Exit code: 3762504530 Version: 1.5 Modules
| |||||||||||||||
Total events
10 242
Read events
3 275
Write events
4 717
Delete events
2 250
Modification events
| (PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
| Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: 369840542 | |||
| (PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
| Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 30811798 | |||
| (PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
| Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
| (PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
| (PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| Operation: | write | Name: | SavedLegacySettings |
Value: 46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
| (PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
| (PID) Process: | (2296) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | AutoDetect |
Value: 1 | |||
Executable files
7
Suspicious files
184
Text files
140
Unknown types
113
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2360 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\K9MWBJ1S.txt | — | |
MD5:— | SHA256:— | |||
| 2360 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\T11KJZXP.txt | text | |
MD5:EDC599324875182EF48C8E2CA795F240 | SHA256:FA9D04B69EA1D96FDADEC980F4B6264ABD5D67C0772215BCCEAE9CEA334018FE | |||
| 2360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:1C400D233070530C717A810D7F9BC99E | SHA256:58B407B0DDF17FBF78FCB2E2DAD4FABAADA9BD88641F19941480951A200AE4E0 | |||
| 2360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\prebid2.44.1[1].js | text | |
MD5:AAAA66B0743FF66798FDEE9E0610E180 | SHA256:0A7E39087BED30F124A891216762B67ADDF2644E1C730BC5E94FA9D0AD733266 | |||
| 2360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\f[1].txt | text | |
MD5:08E49092F42B1D8C59097BBD9FCCD5A0 | SHA256:598939256E7846E259B0F052351E90BC583D137C4669E9C863283D076FD09BD3 | |||
| 2360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\icons_sprite[1].svg | image | |
MD5:51F76E839A217E338342852ED63D27C9 | SHA256:315F5F67F80B413592A970D2D7A3875294BE6039956C2EDFA0AA9D3095FA6F2D | |||
| 2360 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab9161.tmp | — | |
MD5:— | SHA256:— | |||
| 2360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C | der | |
MD5:55BDB2070E8CD74DCE5DA3F5EC769DF5 | SHA256:230EF30A087ECDD39557AD2CCD4A4D4B60F2252E099A8FD8CEDA2F831226112C | |||
| 2360 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\apps_list_sprite-v4[1].png | image | |
MD5:E9CD3384FEB28199FE2BB7F9E95D4DCD | SHA256:AC9442C5EA66C76ECF230E9BD349D1F98354319765E366B4EC3150E76BEA828C | |||
| 2360 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | binary | |
MD5:C1CB702AB3672036EF772C247DC16876 | SHA256:CAFE5C8FBAEC0D297FD171CFFD38B33AD4EC7C59DC31549CA7F425269A37C632 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
134
TCP/UDP connections
221
DNS requests
94
Threats
13
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2360 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | der | 471 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 172.217.16.174:80 | http://translate.google.com/translate_a/element.js?cb=googFooterTranslate | US | text | 796 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAqGuQR2WDHiQMxiERAfVzY%3D | US | der | 471 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 172.217.18.99:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAqGuQR2WDHiQMxiERAfVzY%3D | US | der | 471 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 104.16.202.237:80 | http://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v4.png | US | image | 6.78 Kb | shared |
2360 | iexplore.exe | GET | 200 | 104.16.203.237:80 | http://www.mediafire.com/images/icons/svg_light/icons_sprite.svg | US | image | 8.51 Kb | shared |
2360 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | der | 471 b | whitelisted |
2360 | iexplore.exe | GET | 200 | 104.16.202.237:80 | http://static.mediafire.com/images/backgrounds/download/dl_promo_logo.png | US | image | 2.19 Kb | shared |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
2360 | iexplore.exe | 216.58.206.10:443 | translate.googleapis.com | Google Inc. | US | whitelisted |
2360 | iexplore.exe | 172.217.16.174:80 | translate.google.com | Google Inc. | US | whitelisted |
2360 | iexplore.exe | 23.45.111.242:443 | c.aaxads.com | Akamai International B.V. | NL | unknown |
2360 | iexplore.exe | 216.58.210.2:443 | securepubads.g.doubleclick.net | Google Inc. | US | whitelisted |
2360 | iexplore.exe | 216.58.210.8:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
2296 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2360 | iexplore.exe | 104.16.190.66:443 | dmx.districtm.io | Cloudflare Inc | US | shared |
2360 | iexplore.exe | 34.95.120.147:443 | mediafire-d.openx.net | — | US | unknown |
2360 | iexplore.exe | 172.217.18.99:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2360 | iexplore.exe | 37.252.173.22:80 | ib.adnxs.com | AppNexus, Inc | — | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
www.mediafire.com |
| shared |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
translate.google.com |
| whitelisted |
securepubads.g.doubleclick.net |
| whitelisted |
c.aaxads.com |
| whitelisted |
cdn.otnolatrnup.com |
| whitelisted |
translate.googleapis.com |
| whitelisted |
static.mediafire.com |
| shared |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
— | — | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
— | — | Misc activity | ADWARE [PTsecurity] Redirecting.Zemot (RBN ZeroPark 0-Click) |
— | — | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
— | — | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
— | — | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |
— | — | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |
— | — | Generic Protocol Command Decode | SURICATA HTTP unable to match response to request |
5 ETPRO signatures available at the full report