File name:

Net-Worm.Win32.Sasser

Full analysis: https://app.any.run/tasks/13e89c2d-23e7-4402-8d4c-114d4ee1420f
Verdict: Malicious activity
Analysis date: February 04, 2024, 15:09:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1A2C0E6130850F8FD9B9B5309413CD00

SHA1:

D0DE44BCF3CA6553307C77DA8699DBC9B5E9D56A

SHA256:

09398D3F5CC102F7D932B765036E1AC1FF5DC27405D7357B81EAF48CA8EC71B8

SSDEEP:

192:5LQQpqTnBW/OyBooSpbBdbnr9w/lhUYobpCtqOjVzg9ZsAXb1r5FSfhVWdzP5eOh:yQqTBNNrbSHhqONghZrGG5LWadp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Net-Worm.Win32.Sasser.exe (PID: 1392)

  • SUSPICIOUS

    • Application launched itself

      • Net-Worm.Win32.Sasser.exe (PID: 1392)

  • INFO

    • Checks supported languages

      • Net-Worm.Win32.Sasser.exe (PID: 1392)
      • Net-Worm.Win32.Sasser.exe (PID: 2168)
      • Net-Worm.Win32.Sasser.exe (PID: 2596)
      • Net-Worm.Win32.Sasser.exe (PID: 2756)
      • Net-Worm.Win32.Sasser.exe (PID: 1112)
      • Net-Worm.Win32.Sasser.exe (PID: 2384)
      • Net-Worm.Win32.Sasser.exe (PID: 3616)
      • Net-Worm.Win32.Sasser.exe (PID: 2516)

    • Reads the computer name

      • Net-Worm.Win32.Sasser.exe (PID: 1392)
      • Net-Worm.Win32.Sasser.exe (PID: 2756)
      • Net-Worm.Win32.Sasser.exe (PID: 2596)
      • Net-Worm.Win32.Sasser.exe (PID: 2168)
      • Net-Worm.Win32.Sasser.exe (PID: 1112)
      • Net-Worm.Win32.Sasser.exe (PID: 2384)
      • Net-Worm.Win32.Sasser.exe (PID: 3616)
      • Net-Worm.Win32.Sasser.exe (PID: 2516)

    • Application launched itself

      • iexplore.exe (PID: 4040)

    • Manual execution by a user

      • iexplore.exe (PID: 4040)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (43.5)
.exe | Win32 Executable (generic) (29.8)
.exe | Generic Win/DOS Executable (13.2)
.exe | DOS Executable Generic (13.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2004:05:01 13:39:48+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 15872
InitializedDataSize: 8704
UninitializedDataSize: -
EntryPoint: 0x283e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
51
Monitored processes
11
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start net-worm.win32.sasser.exe iexplore.exe iexplore.exe no specs iexplore.exe net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1112C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.137.117.86C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
1192"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4040 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1392"C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe" C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2168C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.116.133.26C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2384C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.222.232.189C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2516C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.122.170.216C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2596C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.10.72.185C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2756C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.23.12.208C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
3616C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.36.96.23C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
3656"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4040 CREDAT:3872012 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
22 664
Read events
22 552
Write events
106
Delete events
6

Modification events

(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
43
Text files
65
Unknown types
0

Dropped files

PID
Process
Filename
Type
4040iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:2FF41D7C83540121349A0C5FF7A50EA9
SHA256:C0AB0C6F661E077BAC715743B9656996ED77A1A20876DCC23A7663754E8F69E8
4040iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
4040iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3656iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64Abinary
MD5:1356948AF30DC20D2032C739AFCFD2E3
SHA256:F7FB4B0F5CEFC9307C3A163F409D69C0FDB4F70E058B8002815804BC1050683D
4040iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3656iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53binary
MD5:9274EB9E18101868D26D247A83ACC1B8
SHA256:F2B0A2EAAFCD830D16B36A67CB077983B49B6ABCB6356CF9FDC3E1B157BB2006
3656iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\microsoft.afc9b4502f5cf6f88cca[1].jstext
MD5:095130BBC3EEC571FCE0F8B59513E250
SHA256:F834D3999811C38EACD96A27AFC0B913B38E84BB68D14D3F6DDF815C7D1ECB3D
3656iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\de-de[1].htmhtml
MD5:84EB791491D7BDFAD2C78061A9FDC9AE
SHA256:068E7EE55475DFC6C402709D0AFC54F4178D9E98B8585EF5DF591360F60F48F4
3656iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_5C1009244D39FCE23AF8F277537F2613binary
MD5:7F9A4F834A298B2686709B209317C77D
SHA256:75FA570BEF6630C7EB22823A48E367FDF1A9053531B3814C1961EBFDA46B5E85
3656iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_5C1009244D39FCE23AF8F277537F2613binary
MD5:EC392952D7D9D5480EFECDFC5C1724AF
SHA256:E6124539F61D327FFFDAAAFE78548405700F84FDC2284613E35B7FFC697E84B3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
2 045
DNS requests
28
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4040
iexplore.exe
GET
304
184.24.77.203:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4c4bae6a1643aa04
unknown
unknown
4040
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
unknown
4040
iexplore.exe
GET
304
184.24.77.203:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?07cc7cc09e2ddc37
unknown
unknown
3656
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
binary
471 b
unknown
3656
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D
unknown
binary
471 b
unknown
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAZuec12JMYxMMd6vraou5Q%3D
unknown
binary
313 b
unknown
3656
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
binary
1.42 Kb
unknown
3656
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
binary
2.18 Kb
unknown
3656
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
unknown
binary
2.18 Kb
unknown
3656
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1392
Net-Worm.Win32.Sasser.exe
116.199.42.49:445
China Unicom Guangzhou network
CN
unknown
1392
Net-Worm.Win32.Sasser.exe
101.242.128.98:445
BEIJING GEHUA CATV NETWORK CO.LTD
CN
unknown
1392
Net-Worm.Win32.Sasser.exe
192.168.119.134:445
unknown
1392
Net-Worm.Win32.Sasser.exe
204.108.32.133:445
US
unknown
1392
Net-Worm.Win32.Sasser.exe
192.139.79.40:445
FIBRENOIRE-INTERNET
CA
unknown
1392
Net-Worm.Win32.Sasser.exe
192.168.213.21:445
unknown
1392
Net-Worm.Win32.Sasser.exe
192.178.229.167:445
GOOGLE
US
unknown
1392
Net-Worm.Win32.Sasser.exe
192.168.206.38:445
unknown
1392
Net-Worm.Win32.Sasser.exe
152.178.89.122:445
UUNET
US
unknown

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 92.122.215.60
  • 92.122.215.56
  • 2.20.142.187
  • 2.20.142.4
  • 2.20.142.186
  • 2.20.142.155
  • 2.20.142.251
  • 92.122.215.95
  • 92.122.215.74
  • 2.20.142.3
  • 2.20.142.138
  • 2.20.142.180
  • 2.20.142.154
whitelisted
ctldl.windowsupdate.com
  • 184.24.77.203
  • 184.24.77.194
  • 184.24.77.172
  • 184.24.77.199
  • 184.24.77.186
  • 184.24.77.205
  • 184.24.77.189
  • 184.24.77.200
  • 184.24.77.209
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
autos.msn.com
  • 204.79.197.203
whitelisted
www.msn.com
  • 204.79.197.203
whitelisted
assets.msn.com
  • 23.53.42.177
  • 23.53.42.179
  • 23.53.42.211
  • 23.53.42.186
  • 23.53.42.194
  • 23.53.42.155
  • 23.53.42.187
  • 23.53.42.209
  • 23.53.42.169
whitelisted
c.msn.com
  • 68.219.88.97
whitelisted
sb.scorecardresearch.com
  • 18.245.60.107
  • 18.245.60.72
  • 18.245.60.76
  • 18.245.60.53
shared

Threats

PID
Process
Class
Message
1392
Net-Worm.Win32.Sasser.exe
Misc activity
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
1392
Net-Worm.Win32.Sasser.exe
Misc activity
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
3656
iexplore.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code.jquery .com)
1392
Net-Worm.Win32.Sasser.exe
Misc activity
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
1392
Net-Worm.Win32.Sasser.exe
Misc activity
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
1392
Net-Worm.Win32.Sasser.exe
Misc activity
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Net-Worm.Win32.Sasser