analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.dl.dropboxusercontent.com

Full analysis: https://app.any.run/tasks/4a2f31ae-bc36-4559-bc52-04766afe115b
Verdict: Malicious activity
Analysis date: October 04, 2022, 20:48:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

F3EDF64CD6F95377E1B31F697B5B85C5

SHA1:

10325995301B08EBAA7CA8A87AAE0F30EEF218A5

SHA256:

11C233F3D2813694EA7175F49B2714563944070EE53B8AC88A3B35AAFEEB9457

SSDEEP:

3:N8DSLDcvALtGTn:2OLDFGT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2656)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 2656)
      • iexplore.exe (PID: 3556)
    • Changes internet zones settings

      • iexplore.exe (PID: 3556)
    • Application launched itself

      • iexplore.exe (PID: 3556)
    • Reads the computer name

      • iexplore.exe (PID: 3556)
      • iexplore.exe (PID: 2656)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3556)
      • iexplore.exe (PID: 2656)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3556)
      • iexplore.exe (PID: 2656)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2656)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3556)
    • Creates files in the user directory

      • iexplore.exe (PID: 3556)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3556"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.dl.dropboxusercontent.com"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2656"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3556 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
9 784
Read events
9 652
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
9
Text files
19
Unknown types
10

Dropped files

PID
Process
Filename
Type
2656iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04der
MD5:E1817D34D647D15C961327938AA58C4A
SHA256:CA2D2DB19D9A688484F592397EBC22270DC2B6F653C583B8DFDF27CFF24E0E07
3556iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442binary
MD5:5DAE103C20FE1EF83F003ECEC29665F9
SHA256:639CCA6CEF32BAD1B1198CA2FDD84D503CD870E70ABB3EC3FC89882FE2CEF556
3556iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:AFC3E2584B32E1E7C23C33E9534089A5
SHA256:61597F5F937DA250A5ED7B4B82867BEBC546A5A35C0029982A003B1E9CBD2E7E
3556iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\AX36R17O.txttext
MD5:B65DDF892644F85BA680092536A37A96
SHA256:C620B05F015ECCE0E9FD3F6008EFBF7A57D6592B21D304A18D5ECC2C51A17B2C
2656iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:C1CFCF034DB9ED28EC6DE4E8796072D3
SHA256:C8E9C65C7C803FAD13AD8455AD745FBC0495E436ACD990C473DBBF9BC587D109
3556iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
3556iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:556BBD78C6164B1BB8B32F79691C9E4B
SHA256:469B17AD39873DCCEE8F49F5229FD5885A7A96A66B26FF09207A1EDC2FD45EF3
3556iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:B8BDA0B382A7D056A4241B388338B778
SHA256:7BAA967F6686CCE471826B20FFA5CB7FEB4BF3C5C0BF43F51F08E84EB5850DD2
3556iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:A25527F8014D03F101105308B710A9F0
SHA256:38A7EF5FB6566E231B395AB8282EA8197E563543E73CC83B7DE39ADD036A5594
2656iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_16F43E8B56B77AEC163DA06E330C2C4Dbinary
MD5:110A20C7ABE136E813400CED220DBF7B
SHA256:1AB9025F5D7E2DB79DA1AD1F476DF07E25AB9E71CBC145B661701583D4F80755
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
27
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2656
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
2656
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEApVT8jRl9rbU8mwm6DBt7k%3D
US
der
471 b
whitelisted
3556
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3556
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
3556
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?aa57270e216a86ed
US
compressed
4.70 Kb
whitelisted
3556
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3556
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3556
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
3556
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
3556
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted
3556
iexplore.exe
13.107.21.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2656
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
2656
iexplore.exe
162.125.66.15:443
www.dl.dropboxusercontent.com
DROPBOX
DE
malicious
3556
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3556
iexplore.exe
204.79.197.203:443
www.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2656
iexplore.exe
104.16.100.29:443
cfl.dropboxstatic.com
CLOUDFLARENET
shared
3556
iexplore.exe
96.16.143.41:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
www.dl.dropboxusercontent.com
  • 162.125.66.15
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
cfl.dropboxstatic.com
  • 104.16.100.29
  • 104.16.99.29
shared
ieonline.microsoft.com
  • 204.79.197.200
whitelisted
go.microsoft.com
  • 96.16.143.41
whitelisted

Threats

PID
Process
Class
Message
2656
iexplore.exe
Misc activity
ET INFO DropBox User Content Download Access over SSL M2
No debug info