File name:

CVE-2024-38143 poc.exe

Full analysis: https://app.any.run/tasks/c6e30036-c6da-4632-bdc2-4ebef84fd224
Verdict: Malicious activity
Analysis date: August 18, 2024, 08:04:55
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

0C5A47D387A5EC1BDB9B4BCBEF89DC79

SHA1:

FD9117FA7B4A12875655AE574FF207FA1A0E3AA8

SHA256:

0DFA551E2B12AF0991714A3E5BE26C9A4C00F7663F065DBF4D8B84C9ABC7B97A

SSDEEP:

98304:2rqpPiR0LJI03XMAEbV6ggvpot5hOKZhlmi3WYll6+rS3bqij5ELAdEYDMaQ9+S0:DS6dtYOGG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Known privilege escalation attack

      • dllhost.exe (PID: 1420)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • CVE-2024-38143 poc.exe (PID: 6528)
      • 3dsystem.exe (PID: 6568)
      • winver.exe (PID: 6484)
      • BNZY1O1PB.exe (PID: 368)

    • Drops the executable file immediately after the start

      • CVE-2024-38143 poc.exe (PID: 6528)
      • 3dsystem.exe (PID: 6568)
      • BNZY1O1PB.exe (PID: 368)

    • Creates file in the systems drive root

      • explorer.exe (PID: 6592)

    • The process creates files with name similar to system file names

      • BNZY1O1PB.exe (PID: 368)

    • Executes as Windows Service

      • DirectX.exe (PID: 7020)

    • Creates or modifies Windows services

      • winver.exe (PID: 6484)

    • Connects to unusual port

      • BNZY1O1PB.exe (PID: 368)
      • iexplore.exe (PID: 6952)
      • winver.exe (PID: 6484)
      • 3dsystem.exe (PID: 6568)

    • Executes application which crashes

      • CVE-2024-38143 poc.exe (PID: 6528)

  • INFO

    • Reads the computer name

      • CVE-2024-38143 poc.exe (PID: 6528)
      • 3dsystem.exe (PID: 6568)
      • DirectX.exe (PID: 6988)
      • iexplore.exe (PID: 6952)
      • DirectX.exe (PID: 7020)
      • BNZY1O1PB.exe (PID: 368)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 6592)
      • dllhost.exe (PID: 1420)
      • winver.exe (PID: 6484)

    • Checks supported languages

      • CVE-2024-38143 poc.exe (PID: 6528)
      • 3dsystem.exe (PID: 6568)
      • DirectX.exe (PID: 6988)
      • DirectX.exe (PID: 7020)
      • iexplore.exe (PID: 6952)
      • BNZY1O1PB.exe (PID: 368)

    • Creates files in the program directory

      • 3dsystem.exe (PID: 6568)
      • winver.exe (PID: 6484)

    • Reads the machine GUID from the registry

      • 3dsystem.exe (PID: 6568)
      • BNZY1O1PB.exe (PID: 368)

    • Checks proxy server information

      • WerFault.exe (PID: 5152)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 5152)

    • Manual execution by a user

      • Taskmgr.exe (PID: 7160)
      • Taskmgr.exe (PID: 4060)

    • Reads the software policy settings

      • WerFault.exe (PID: 5152)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:11:11 03:37:53+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 2303488
InitializedDataSize: 705536
UninitializedDataSize: -
EntryPoint: 0x152ea3
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.0.1.1031
ProductVersionNumber: 2.0.1.1031
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: 360.cn
FileDescription: 看图
FileVersion: 2.0.1.1031
InternalName: 360AblumViewer
LegalCopyright: (C) 360.cn Inc., All Rights Reserved.
OriginalFileName: 360AblumViewer.exe
ProductName: 看图
ProductVersion: 2.0.1.1031
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
15
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start cve-2024-38143 poc.exe explorer.exe no specs explorer.exe no specs rundll32.exe no specs werfault.exe bnzy1o1pb.exe CMSTPLUA 3dsystem.exe directx.exe no specs directx.exe no specs iexplore.exe winver.exe svchost.exe taskmgr.exe no specs taskmgr.exe

Process information

PID
CMD
Path
Indicators
Parent process
368"C:\Users\admin\3389\BNZY1O1PB.exe" /f at.dllC:\Users\admin\3389\BNZY1O1PB.exe
explorer.exe
User:
admin
Company:
深圳市迅雷网络技术有限公司
Integrity Level:
MEDIUM
Description:
迅雷游戏
Exit code:
0
Version:
1.0.0.32
Modules
Images
c:\users\admin\3389\bnzy1o1pb.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1420C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}C:\Windows\SysWOW64\dllhost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ucrtbase.dll
c:\windows\syswow64\combase.dll
2256C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
4060"C:\WINDOWS\system32\taskmgr.exe" /4C:\Windows\System32\Taskmgr.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Manager
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\combase.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rpcrt4.dll
5152C:\WINDOWS\SysWOW64\WerFault.exe -u -p 6528 -s 928C:\Windows\SysWOW64\WerFault.exe
CVE-2024-38143 poc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
6484/f at.dllC:\Windows\SysWOW64\winver.exe
iexplore.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Version Reporter Applet
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\winver.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
6528"C:\Users\admin\AppData\Local\Temp\CVE-2024-38143 poc.exe" C:\Users\admin\AppData\Local\Temp\CVE-2024-38143 poc.exe
explorer.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
看图
Exit code:
3221225477
Version:
2.0.1.1031
Modules
Images
c:\users\admin\appdata\local\temp\cve-2024-38143 poc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6560explorer.exe C:\Users\admin\3389\C:\Windows\SysWOW64\explorer.exeCVE-2024-38143 poc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcp_win.dll
6568"C:\Users\admin\3389\3dsystem.exe" /f at.dllC:\Users\admin\3389\3dsystem.exe
dllhost.exe
User:
admin
Company:
深圳市迅雷网络技术有限公司
Integrity Level:
HIGH
Description:
迅雷游戏
Exit code:
0
Version:
1.0.0.32
Modules
Images
c:\users\admin\3389\3dsystem.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6592C:\WINDOWS\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingC:\Windows\explorer.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\aepic.dll
Total events
27 874
Read events
27 804
Write events
68
Delete events
2

Modification events

(PID) Process:(6592) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(6592) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
04000000030000000E0000000F000000000000000C0000000D0000000B000000050000000A000000090000000800000001000000070000000600000002000000FFFFFFFF
(PID) Process:(6592) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0
Operation:writeName:MRUListEx
Value:
0400000006000000050000000100000008000000020000000C0000000B0000000A00000009000000070000000000000003000000FFFFFFFF
(PID) Process:(6592) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Operation:writeName:Locked
Value:
1
(PID) Process:(6592) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Ribbon
Operation:writeName:MinimizedStateTabletModeOff
Value:
0
(PID) Process:(6592) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Ribbon
Operation:writeName:QatItems
Value:
3C7369713A637573746F6D554920786D6C6E733A7369713D22687474703A2F2F736368656D61732E6D6963726F736F66742E636F6D2F77696E646F77732F323030392F726962626F6E2F716174223E3C7369713A726962626F6E206D696E696D697A65643D2266616C7365223E3C7369713A71617420706F736974696F6E3D2230223E3C7369713A736861726564436F6E74726F6C733E3C7369713A636F6E74726F6C206964513D227369713A3136313238222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3136313239222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333532222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333834222076697369626C653D22747275652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333336222076697369626C653D22747275652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333537222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C2F7369713A736861726564436F6E74726F6C733E3C2F7369713A7161743E3C2F7369713A726962626F6E3E3C2F7369713A637573746F6D55493E
(PID) Process:(6592) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser
Operation:writeName:ITBar7Layout
Value:
13000000000000000000000020000000100000000000000001000000010700005E01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6592) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\4\0
Operation:writeName:2
Value:
4E003100000000001259A24012003333383900003A0009000400EFBE1259A2401259A2402E0000003539000000000E0000000000000000000000000000006915F0003300330038003900000014000000
(PID) Process:(6592) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\4\0\2
Operation:delete valueName:MRUList
Value:
(PID) Process:(6592) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\4\0
Operation:writeName:MRUListEx
Value:
020000000000000001000000FFFFFFFF
Executable files
8
Suspicious files
9
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
5152WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_CVE-2024-38143 p_4c5afbcc4887b5a8ba19bfbf9093e6a4ea8b1ba8_c0e1a1d8_9801a0aa-5cf3-4508-b478-d8c1dd74bf30\Report.wer
MD5:
SHA256:
6528CVE-2024-38143 poc.exeC:\Users\admin\3389\BNZY1O1PB.exeexecutable
MD5:BA7BA700C39C576330F18819E075D6BE
SHA256:13675A7BC3274837F9E53C192646180B98B57AC9CDC675FC67C2CF2BF14DF053
6528CVE-2024-38143 poc.exeC:\Users\admin\3389\`BNZY1O1PB.lnklnk
MD5:7BAF62423146BC11132FBFC178835889
SHA256:E6F4C233DC0D83E1CE2C4E133076D94C8B771840FF1FBD450BD7FC888165D182
368BNZY1O1PB.exeC:\Users\Public\Redeqw.logtext
MD5:705FD2A9A8B908AF0522075783B0FE07
SHA256:9D1042D6EB0B11F76F9EC91C64A312CF567DDA9BEADD6E5C1998A802FA986599
368BNZY1O1PB.exeC:\Users\admin\3389\3dsystem.exeexecutable
MD5:BA7BA700C39C576330F18819E075D6BE
SHA256:13675A7BC3274837F9E53C192646180B98B57AC9CDC675FC67C2CF2BF14DF053
6528CVE-2024-38143 poc.exeC:\Users\admin\3389\at.dllbinary
MD5:4D203806F4AE0355B490BA538794A686
SHA256:5DAF973EB400FC29AE151AEF633DED1097C9F30575DB222879D903A9BE5C1D61
5152WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER76F2.tmp.WERInternalMetadata.xmlxml
MD5:620784F203AA32A6C54F06909A8921B3
SHA256:628D5F6DC8E2F704471573CDE46EF39AD9970597556ADD7F09899FB0C7E52BBB
5152WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER757A.tmp.dmpbinary
MD5:281C58256132CEB41DD9BA06FABDB31D
SHA256:42E4015A59D733335690A690BD5765DE63CFB81560184CDCDB235375DF16075D
5152WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER7722.tmp.xmlxml
MD5:C51C38C55FC6466222222D9C654047FA
SHA256:84083347C74446079BA591E19B6C0CC0B680D4F5F5D8B8AE88CFC03ED08D9394
6528CVE-2024-38143 poc.exeC:\Users\admin\3389\libexpat.dllexecutable
MD5:3C6D7543F7DA78D10F33DB5CECF99F63
SHA256:21E45345242F87FB1889919ED47DA370FFA72907126C5FE4C54B3476B8ACAC51
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
37
DNS requests
15
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6484
winver.exe
GET
200
113.31.103.132:80
http://www.cip.cc/
unknown
unknown
2208
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6164
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5796
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
192.168.100.255:138
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1344
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
login.live.com
  • 20.190.159.0
  • 20.190.159.73
  • 40.126.31.69
  • 40.126.31.67
  • 20.190.159.4
  • 20.190.159.75
  • 20.190.159.71
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
watson.events.data.microsoft.com
  • 52.182.143.212
whitelisted
abc.masktable.com
  • 38.147.172.126
unknown
www.cip.cc
  • 113.31.103.132
  • 113.31.111.142
unknown
slscr.update.microsoft.com
  • 20.114.59.183
whitelisted

Threats

PID
Process
Class
Message
2256
svchost.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
6484
winver.exe
Generic Protocol Command Decode
SURICATA HTTP URI terminated by non-compliant character
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CVE-2024-38143 poc.exe