analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.ruedas.cc/

Full analysis: https://app.any.run/tasks/1a701d64-e148-4fea-be5e-4ff35d079097
Verdict: Malicious activity
Analysis date: October 20, 2020, 09:31:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

A599D22C1F8FDA700717CFBBEE56C224

SHA1:

68C8F59244763AFADCD5FB1A7C4E8E10C59D4523

SHA256:

125929E710C25DD742ECE7328DA50270BEB8A678F06E92B2CDD5D656006D074B

SSDEEP:

3:N8DSLAcK:2OLAcK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2328)
      • iexplore.exe (PID: 2064)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2064)
      • iexplore.exe (PID: 2328)

    • Application launched itself

      • iexplore.exe (PID: 2064)

    • Changes internet zones settings

      • iexplore.exe (PID: 2064)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2328)

    • Creates files in the user directory

      • iexplore.exe (PID: 2064)
      • iexplore.exe (PID: 2328)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2064)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2064)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2064"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.ruedas.cc/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2328"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2064 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
780
Read events
702
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
36
Text files
81
Unknown types
18

Dropped files

PID
Process
Filename
Type
2064iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2328iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabA201.tmp
MD5:
SHA256:
2328iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarA202.tmp
MD5:
SHA256:
2328iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\H0TWSWK9.htmhtml
MD5:EEC09E71B40F64F9D09225CC61F5A3C6
SHA256:C4E69730903825D6741C99D83BED131367E3BDE1EE6424C96A872D0A7622FEAA
2328iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:893046EDA010A41142EACCAE2F44E059
SHA256:413AC60A8A627251D6A4CE8736A9C50C94CF828EC9B6B14ACA769A99B6EEAFE2
2328iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\PR3LYQZZ.txttext
MD5:3AE3D4B3211766B4BF58A35861898CF8
SHA256:5515DEE5A47FCEC16F5E20C9FB78838113641AC90A834D6887ADA1723A4F2DB1
2328iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:728C425EE21D3445912DDB071597332A
SHA256:B003F1FB627734F8050F724055723A2DC40017DDE9263BEFC7CC1FBE04029FBF
2328iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\logotipo[1].gifimage
MD5:E421658977E02C3AB19A53D67F7AE196
SHA256:16D60C585BB53DAFA0EB3C663BCFDE852AA037433A687F67177600EF60494E65
2328iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:866A3AF33259662132E1CB154240A496
SHA256:FA7F1F8ABAB3D9C93196F3B2B0CFC890CF6E6025F65CEB179E0ED4F560D18235
2328iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6binary
MD5:60792C88CF10E6C024D0755EF24911FD
SHA256:0C7AD2D75AD8CD297D735E95761F77349D75E80D582BF59E2703C1DF0B519653
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
50
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2328
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2328
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
2328
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
2328
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2328
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
2328
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
2328
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
2328
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
2064
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2328
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2328
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
209.197.3.15:443
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
2064
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2328
iexplore.exe
54.192.205.222:443
images-na.ssl-images-amazon.com
Amazon.com, Inc.
US
unknown
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious
2328
iexplore.exe
104.18.57.131:443
www.ruedas.cc
Cloudflare Inc
US
shared
2328
iexplore.exe
172.67.194.164:443
www.ruedas.cc
US
malicious
2328
iexplore.exe
216.58.205.238:443
www.google-analytics.com
Google Inc.
US
whitelisted
216.58.205.227:80
ocsp.pki.goog
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.ruedas.cc
  • 104.18.57.131
  • 172.67.194.164
  • 104.18.56.131
malicious
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
maxcdn.bootstrapcdn.com
  • 209.197.3.15
whitelisted
images-na.ssl-images-amazon.com
  • 54.192.205.222
shared
ocsp.comodoca.com
  • 151.139.128.14
whitelisted
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
www.google-analytics.com
  • 216.58.205.238
whitelisted
ocsp.pki.goog
  • 216.58.205.227
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query for .cc TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.ruedas.cc/