File name:

Net-Worm.Win32.Sasser

Full analysis: https://app.any.run/tasks/13e89c2d-23e7-4402-8d4c-114d4ee1420f
Verdict: Malicious activity
Analysis date: February 04, 2024, 15:09:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1A2C0E6130850F8FD9B9B5309413CD00

SHA1:

D0DE44BCF3CA6553307C77DA8699DBC9B5E9D56A

SHA256:

09398D3F5CC102F7D932B765036E1AC1FF5DC27405D7357B81EAF48CA8EC71B8

SSDEEP:

192:5LQQpqTnBW/OyBooSpbBdbnr9w/lhUYobpCtqOjVzg9ZsAXb1r5FSfhVWdzP5eOh:yQqTBNNrbSHhqONghZrGG5LWadp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Net-Worm.Win32.Sasser.exe (PID: 1392)

  • SUSPICIOUS

    • Application launched itself

      • Net-Worm.Win32.Sasser.exe (PID: 1392)

  • INFO

    • Checks supported languages

      • Net-Worm.Win32.Sasser.exe (PID: 1392)
      • Net-Worm.Win32.Sasser.exe (PID: 2756)
      • Net-Worm.Win32.Sasser.exe (PID: 2168)
      • Net-Worm.Win32.Sasser.exe (PID: 2596)
      • Net-Worm.Win32.Sasser.exe (PID: 1112)
      • Net-Worm.Win32.Sasser.exe (PID: 2384)
      • Net-Worm.Win32.Sasser.exe (PID: 3616)
      • Net-Worm.Win32.Sasser.exe (PID: 2516)

    • Reads the computer name

      • Net-Worm.Win32.Sasser.exe (PID: 1392)
      • Net-Worm.Win32.Sasser.exe (PID: 2168)
      • Net-Worm.Win32.Sasser.exe (PID: 2756)
      • Net-Worm.Win32.Sasser.exe (PID: 2596)
      • Net-Worm.Win32.Sasser.exe (PID: 1112)
      • Net-Worm.Win32.Sasser.exe (PID: 2384)
      • Net-Worm.Win32.Sasser.exe (PID: 3616)
      • Net-Worm.Win32.Sasser.exe (PID: 2516)

    • Application launched itself

      • iexplore.exe (PID: 4040)

    • Manual execution by a user

      • iexplore.exe (PID: 4040)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (43.5)
.exe | Win32 Executable (generic) (29.8)
.exe | Generic Win/DOS Executable (13.2)
.exe | DOS Executable Generic (13.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2004:05:01 13:39:48+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 15872
InitializedDataSize: 8704
UninitializedDataSize: -
EntryPoint: 0x283e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
51
Monitored processes
11
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start net-worm.win32.sasser.exe iexplore.exe iexplore.exe no specs iexplore.exe net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs net-worm.win32.sasser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1112C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.137.117.86C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
1192"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4040 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1392"C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe" C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2168C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.116.133.26C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2384C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.222.232.189C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2516C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.122.170.216C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2596C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.10.72.185C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2756C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.23.12.208C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
3616C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exe 127.36.96.23C:\Users\admin\AppData\Local\Temp\Net-Worm.Win32.Sasser.exeNet-Worm.Win32.Sasser.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\net-worm.win32.sasser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
3656"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4040 CREDAT:3872012 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
22 664
Read events
22 552
Write events
106
Delete events
6

Modification events

(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4040) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
43
Text files
65
Unknown types
0

Dropped files

PID
Process
Filename
Type
4040iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:61A21C853E9A51D596D86471BECCBC41
SHA256:8DABE49312071907D742DFE14B1E73BE576416744A16B1D155EC0FDCCF0C86A7
3656iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64Abinary
MD5:60FA7A8FA6002F0379CEC98C08D84C39
SHA256:51588A6C351C0AB5A4B622CF463CC991DD7B9E0181F111406186034576B8E57C
3656iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53binary
MD5:9274EB9E18101868D26D247A83ACC1B8
SHA256:F2B0A2EAAFCD830D16B36A67CB077983B49B6ABCB6356CF9FDC3E1B157BB2006
4040iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:2FF41D7C83540121349A0C5FF7A50EA9
SHA256:C0AB0C6F661E077BAC715743B9656996ED77A1A20876DCC23A7663754E8F69E8
4040iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3656iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64Abinary
MD5:1356948AF30DC20D2032C739AFCFD2E3
SHA256:F7FB4B0F5CEFC9307C3A163F409D69C0FDB4F70E058B8002815804BC1050683D
4040iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3656iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\O8EVLR9S.txttext
MD5:1D3B7FA5913A77368798EE3BFCED2624
SHA256:06F719D3FA7BA140A6EB9421232FBB7FDE551F0C93D6870D70F55D478CEBCE67
3656iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\U72RQAU7.txttext
MD5:60973AEF9A4D5CE56FA2C555C459B100
SHA256:57F8AD5C92FC659AD43F3A23314A3A82E43B6A590ED53DCDA4A5810395BC2E37
3656iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\G3F8EL4Z.txttext
MD5:A1D02CC2E696F8C348186774378C5D73
SHA256:2E28A9CAF70390BF6BC50DD2EE4946FC7886248D377A515A71F90DD074E8807D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
2 045
DNS requests
28
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4040
iexplore.exe
GET
304
184.24.77.203:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?07cc7cc09e2ddc37
unknown
unknown
4040
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
unknown
4040
iexplore.exe
GET
304
184.24.77.203:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4c4bae6a1643aa04
unknown
unknown
3656
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
binary
471 b
unknown
3656
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D
unknown
binary
471 b
unknown
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAZuec12JMYxMMd6vraou5Q%3D
unknown
binary
313 b
unknown
3656
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D
unknown
binary
471 b
unknown
3656
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
binary
1.42 Kb
unknown
3656
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
binary
2.18 Kb
unknown
3656
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
unknown
binary
2.18 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1392
Net-Worm.Win32.Sasser.exe
116.199.42.49:445
China Unicom Guangzhou network
CN
unknown
1392
Net-Worm.Win32.Sasser.exe
101.242.128.98:445
BEIJING GEHUA CATV NETWORK CO.LTD
CN
unknown
1392
Net-Worm.Win32.Sasser.exe
192.168.119.134:445
unknown
1392
Net-Worm.Win32.Sasser.exe
204.108.32.133:445
US
unknown
1392
Net-Worm.Win32.Sasser.exe
192.139.79.40:445
FIBRENOIRE-INTERNET
CA
unknown
1392
Net-Worm.Win32.Sasser.exe
192.168.213.21:445
unknown
1392
Net-Worm.Win32.Sasser.exe
192.178.229.167:445
GOOGLE
US
unknown
1392
Net-Worm.Win32.Sasser.exe
192.168.206.38:445
unknown
1392
Net-Worm.Win32.Sasser.exe
152.178.89.122:445
UUNET
US
unknown

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 92.122.215.60
  • 92.122.215.56
  • 2.20.142.187
  • 2.20.142.4
  • 2.20.142.186
  • 2.20.142.155
  • 2.20.142.251
  • 92.122.215.95
  • 92.122.215.74
  • 2.20.142.3
  • 2.20.142.138
  • 2.20.142.180
  • 2.20.142.154
whitelisted
ctldl.windowsupdate.com
  • 184.24.77.203
  • 184.24.77.194
  • 184.24.77.172
  • 184.24.77.199
  • 184.24.77.186
  • 184.24.77.205
  • 184.24.77.189
  • 184.24.77.200
  • 184.24.77.209
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
autos.msn.com
  • 204.79.197.203
whitelisted
www.msn.com
  • 204.79.197.203
whitelisted
assets.msn.com
  • 23.53.42.177
  • 23.53.42.179
  • 23.53.42.211
  • 23.53.42.186
  • 23.53.42.194
  • 23.53.42.155
  • 23.53.42.187
  • 23.53.42.209
  • 23.53.42.169
whitelisted
c.msn.com
  • 68.219.88.97
whitelisted
sb.scorecardresearch.com
  • 18.245.60.107
  • 18.245.60.72
  • 18.245.60.76
  • 18.245.60.53
shared

Threats

PID
Process
Class
Message
1392
Net-Worm.Win32.Sasser.exe
Misc activity
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
1392
Net-Worm.Win32.Sasser.exe
Misc activity
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
3656
iexplore.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code.jquery .com)
1392
Net-Worm.Win32.Sasser.exe
Misc activity
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
1392
Net-Worm.Win32.Sasser.exe
Misc activity
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
1392
Net-Worm.Win32.Sasser.exe
Misc activity
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Net-Worm.Win32.Sasser