analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://ec2-54-189-84-127.us-west-2.compute.amazonaws.com/x/d?c=17485376&l=ce10663c-febf-473c-9e15-31082f25fe97&r=31948223-d945-44ad-bf7a-2863fd39c177

Full analysis: https://app.any.run/tasks/94b79f6f-461f-49ba-8c78-81442357334d
Verdict: Malicious activity
Analysis date: January 24, 2022, 20:07:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

051944CB50015450B863D97D2D93C426

SHA1:

5362A34A6A5B074B9CDA92A60AA1E02482EC0D37

SHA256:

0C4A7761EEAB6FF3A98A43CA0C1A9B2D39F7DF4C5F863F279E47151F5DA34A62

SSDEEP:

3:N1KbiuEcPLAWuium9Eo7WtdKBNYu+Yz+xBM5QD5SLJRdvrsRUrTWdbGUhn:CP1cPiztBV3B5QD5iJMqrXUh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3644)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 3644)
      • iexplore.exe (PID: 2984)
    • Reads the computer name

      • iexplore.exe (PID: 3644)
      • iexplore.exe (PID: 2984)
    • Application launched itself

      • iexplore.exe (PID: 2984)
    • Changes internet zones settings

      • iexplore.exe (PID: 2984)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2984)
      • iexplore.exe (PID: 3644)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3644)
    • Creates files in the user directory

      • iexplore.exe (PID: 3644)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2984)
      • iexplore.exe (PID: 3644)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2984"C:\Program Files\Internet Explorer\iexplore.exe" "http://ec2-54-189-84-127.us-west-2.compute.amazonaws.com/x/d?c=17485376&l=ce10663c-febf-473c-9e15-31082f25fe97&r=31948223-d945-44ad-bf7a-2863fd39c177"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3644"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
20 434
Read events
20 218
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
34
Text files
149
Unknown types
39

Dropped files

PID
Process
Filename
Type
3644iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:49639B4124119DFEB7616D8DD50F9BB7
SHA256:7F935C9D0A9BD17558459D5A6387B61452011BEA4589AD94A6F2435540A373B5
2984iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:FC990EAA7247546FB67C18916A4CAC9B
SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993
3644iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:95981783FA41285C05D9D1C01F1B9401
SHA256:A0B7C15CD83282DCEF16AE7E3816506C27E21C32E36149B1452EEEBA9442EA3D
2984iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:94C547F975797837ED612672B8E987C2
SHA256:7133BBBBA8C48D60C8ACE87642C5DA5D55FF09E8B370734D86A9734569A927B6
3644iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\X1ZNBCNF.htmhtml
MD5:9AD8208F21DA7E1AF5141EA8F8CFDBC1
SHA256:390A6EBA8BEDBE998F20ED088BAA35513706F4D5A119E457E60CDC84A4F38892
3644iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\ai[1].jstext
MD5:F3D7E7DB1FDF36C97EEFEBAAEDC116E9
SHA256:C9E3FA3AAD7F7D5D3BB2CBE10F959A6FB6E768F58D3ADC606C3D7057DB6BB953
3644iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:3764883055DA6FFC81E4A929CA5072C1
SHA256:7FF45E2195491FA6A2F3CECEE4B52D9E964CB6719448431B1C7B702E98076920
3644iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:97CC26CC554A93C67076C003C1A7C4AF
SHA256:BA5CFD50B42ADF59FE920FF23F0C9F7CEB8CB8F3596694294301CF24EF6BE75E
2984iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3644iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\9ESR5212text
MD5:FDA44910DEB1A460BE4AC5D56D61D837
SHA256:933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
138
DNS requests
55
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3644
iexplore.exe
GET
200
104.18.31.182:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
3644
iexplore.exe
GET
200
104.18.31.182:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
3644
iexplore.exe
GET
200
23.45.105.185:80
http://x1.c.lencr.org/
NL
der
717 b
whitelisted
3644
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
3644
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC2PrP09fGo%2BgoAAAABK3x6
US
der
472 b
whitelisted
3644
iexplore.exe
GET
302
54.189.84.127:80
http://ec2-54-189-84-127.us-west-2.compute.amazonaws.com/x/d?c=17485376&l=ce10663c-febf-473c-9e15-31082f25fe97&r=31948223-d945-44ad-bf7a-2863fd39c177
US
html
208 b
shared
3644
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCNSku3hulioQoAAAABK4BF
US
der
472 b
whitelisted
3644
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDgAde1VeKYIQoAAAABK4GI
US
der
472 b
whitelisted
3644
iexplore.exe
GET
200
18.66.242.45:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
3644
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCQK%2BuAklrlLAoAAAABK4BB
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2984
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3644
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2984
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3644
iexplore.exe
23.32.238.201:80
ctldl.windowsupdate.com
XO Communications
US
suspicious
3644
iexplore.exe
142.250.184.200:443
www.googletagmanager.com
Google Inc.
US
suspicious
104.21.53.87:443
ai4retail2021.com
Cloudflare Inc
US
unknown
3644
iexplore.exe
54.189.84.127:80
ec2-54-189-84-127.us-west-2.compute.amazonaws.com
Amazon.com, Inc.
US
shared
3644
iexplore.exe
104.21.53.87:443
ai4retail2021.com
Cloudflare Inc
US
unknown
3644
iexplore.exe
188.114.97.7:443
aiconferences.co
Cloudflare Inc
US
malicious
3644
iexplore.exe
69.16.175.10:443
code.jquery.com
Highwinds Network Group, Inc.
US
malicious

DNS requests

Domain
IP
Reputation
ec2-54-189-84-127.us-west-2.compute.amazonaws.com
  • 54.189.84.127
shared
ai4retail2021.com
  • 104.21.53.87
  • 172.67.211.8
malicious
ctldl.windowsupdate.com
  • 23.32.238.201
  • 23.32.238.208
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
aiconferences.co
  • 188.114.97.7
  • 188.114.96.7
malicious
www.googletagmanager.com
  • 142.250.184.200
whitelisted
code.jquery.com
  • 69.16.175.10
  • 69.16.175.42
whitelisted
ocsp.comodoca.com
  • 104.18.31.182
  • 104.18.30.182
whitelisted

Threats

No threats detected
No debug info