URL:

ipinfo.io

Full analysis: https://app.any.run/tasks/d80b491f-ffa4-45e8-afbf-ed6b63f048f6
Verdict: Malicious activity
Analysis date: April 17, 2024, 08:26:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
Indicators:
MD5:

69A2C0DD9E32D90B3D4E00B722A241CB

SHA1:

9C90FD6A0FD7FC8305E9B29E8578758D2CF48872

SHA256:

080EDED95AC0CF29458B6581312A17E9FFC2980F58DA42ED552EC4055DC98D5E

SSDEEP:

3:UKWH:UnH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 1316)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1316"C:\Program Files\Internet Explorer\iexplore.exe" "ipinfo.io"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2928"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1316 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
21 190
Read events
21 044
Write events
101
Delete events
45

Modification events

(PID) Process:(1316) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(1316) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(1316) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31101088
(PID) Process:(1316) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
259815906
(PID) Process:(1316) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31101089
(PID) Process:(1316) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1316) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1316) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1316) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1316) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
24
Text files
68
Unknown types
11

Dropped files

PID
Process
Filename
Type
2928iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:8BE028A85C65AA880C2D7CDA748C2643
SHA256:3EC154292D666C3416F1AF3165995540182C433EF5B951275E46529786A4F656
2928iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:822467B728B7A66B081C91795373789A
SHA256:AF2343382B88335EEA72251AD84949E244FF54B6995063E24459A7216E9576B9
2928iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\93103B93A640E1BCB25D6A3861351E0Fbinary
MD5:A2DC4C128B1C1B7772C304AB53F2F5A9
SHA256:AAA71AD88334F4BDE1FD93913983F61F89A048C951D2078ABB04CA1DFA60DD79
2928iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\93103B93A640E1BCB25D6A3861351E0Fder
MD5:C354ED27FD6CB3AC05C2B215EE2639FD
SHA256:6386C147AB82EDFD10EA850D1967CC678AD4F9E241AA9B247411E3F418E3C2B6
2928iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:394124988E07A5D34CE2D92380BCC5C1
SHA256:B39F33C462CB7E6EAAC86F48CE8D727ED20D663A230BE6FB77941D61084D62CC
2928iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\I54P9BUB.htmhtml
MD5:2A5CB5DBE2F380CB2F529D0188540E41
SHA256:807D5E056652996FD0320F2399B66C9FB269DC2966DA30255C09D36ED4D45ED7
2928iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:84CC91708C444C30647EF07922BAC2F1
SHA256:3E95B831913D3D7205A09C98CC185943FD810F6E2582607A54FA1E9CC30731AA
2928iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:29F65BA8E88C063813CC50A4EA544E93
SHA256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
2928iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:6B6B0E4FFC53EFD19371B00D66436A67
SHA256:F77968CF80B3544DE0ECC680D378B2363DD9AFB5C86782AF58ECEEA34118A3CE
2928iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabFB93.tmpcompressed
MD5:29F65BA8E88C063813CC50A4EA544E93
SHA256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
54
DNS requests
20
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2928
iexplore.exe
GET
302
34.117.186.192:80
http://ipinfo.io/
unknown
unknown
2928
iexplore.exe
GET
200
95.100.108.49:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQQ%2BoVQWmwup%2BVc%2BQ9mkC%2FLoA%3D%3D
unknown
unknown
2928
iexplore.exe
GET
200
72.247.176.112:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?2977d901150a41b5
unknown
unknown
2928
iexplore.exe
GET
200
72.247.176.112:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?977c815abd21404a
unknown
unknown
2928
iexplore.exe
GET
200
172.217.18.99:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D
unknown
unknown
2928
iexplore.exe
GET
200
173.223.56.243:80
http://x2.c.lencr.org/
unknown
unknown
2928
iexplore.exe
GET
200
72.247.176.112:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?da49fc643c991473
unknown
unknown
1316
iexplore.exe
GET
304
72.247.176.112:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3ed6d2b4a8fbdc40
unknown
unknown
2928
iexplore.exe
GET
200
173.223.56.243:80
http://x1.c.lencr.org/
unknown
unknown
2928
iexplore.exe
GET
304
72.247.176.112:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3d3d14b9ee381273
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
2928
iexplore.exe
34.117.186.192:80
ipinfo.io
GOOGLE-CLOUD-PLATFORM
US
unknown
2928
iexplore.exe
34.117.186.192:443
ipinfo.io
GOOGLE-CLOUD-PLATFORM
US
unknown
2928
iexplore.exe
72.247.176.112:80
ctldl.windowsupdate.com
Akamai International B.V.
GB
unknown
2928
iexplore.exe
173.223.56.243:80
x1.c.lencr.org
AKAMAI-AS
US
unknown
2928
iexplore.exe
95.100.108.49:80
r3.o.lencr.org
Akamai International B.V.
ZA
unknown
2928
iexplore.exe
34.160.152.12:443
website-cdn.ipinfo.io
GOOGLE
US
unknown
2928
iexplore.exe
172.64.146.187:443
www.getapp.com
CLOUDFLARENET
US
unknown
2928
iexplore.exe
18.245.60.30:443
assets.capterra.com
US
unknown
2928
iexplore.exe
172.217.18.99:80
ocsp.pki.goog
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
ipinfo.io
  • 34.117.186.192
shared
ctldl.windowsupdate.com
  • 72.247.176.112
  • 2.17.113.50
whitelisted
x1.c.lencr.org
  • 173.223.56.243
whitelisted
r3.o.lencr.org
  • 95.100.108.49
  • 2.16.199.49
shared
website-cdn.ipinfo.io
  • 34.160.152.12
unknown
www.getapp.com
  • 172.64.146.187
  • 104.18.41.69
unknown
ocsp.pki.goog
  • 172.217.18.99
whitelisted
www.g2.com
  • 104.16.186.41
  • 104.16.190.41
  • 104.16.187.41
  • 104.16.188.41
  • 104.16.189.41
whitelisted
assets.capterra.com
  • 18.245.60.30
  • 18.245.60.68
  • 18.245.60.67
  • 18.245.60.42
shared
api.bing.com
  • 13.107.5.80
whitelisted

Threats

PID
Process
Class
Message
2928
iexplore.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
2928
iexplore.exe
Device Retrieving External IP Address Detected
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
2928
iexplore.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup SSL Cert Observed (ipinfo .io)
1316
iexplore.exe
Device Retrieving External IP Address Detected
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
1316
iexplore.exe
Device Retrieving External IP Address Detected
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
1316
iexplore.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup SSL Cert Observed (ipinfo .io)
1316
iexplore.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup SSL Cert Observed (ipinfo .io)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ipinfo.io