analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://mea.aconex.com/Logon?Action=Logon&userName=tabdulla&key=8bcea7107cb38b1f%2026058c57b19503fdc20ba32dadebb70fa2a9a8f6df5eecd649aa66c41227526fc52311b2c5a17d8f%2011d378fe92fd8e093c73cc7aff7e53e7&expiry=1577686244468&utm_campaign=ACX_ac_detail%20s&utm_source=app

Full analysis: https://app.any.run/tasks/a9c1391d-f7ac-49fd-a9e2-d7e3104c6f49
Verdict: No threats detected
Analysis date: December 23, 2019, 08:49:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

695ECF28DA93ACB5689B093925AA5AA6

SHA1:

4A68153518171657CF9D2292986F286034793185

SHA256:

1327FF15F351EAB99115A34F1A9CD093413EF95E6849DFD372D899B46F40BB22

SSDEEP:

6:2NLR3SvohoH+FnVSDFalnRZ0ZL4jeWBBoW8IW8mZZmo8GWfW2:2Zh+oaH+JVEFenxaWBNG3Zmo8G2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3408)

  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 912)
      • iexplore.exe (PID: 3324)
      • iexplore.exe (PID: 3908)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2480)

    • Changes internet zones settings

      • iexplore.exe (PID: 2480)

    • Creates files in the user directory

      • iexplore.exe (PID: 2480)
      • iexplore.exe (PID: 912)
      • iexplore.exe (PID: 3908)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3408)
      • iexplore.exe (PID: 3324)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2480)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 912)
      • iexplore.exe (PID: 3908)
      • iexplore.exe (PID: 3324)

    • Application launched itself

      • iexplore.exe (PID: 2480)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2480)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2480"C:\Program Files\Internet Explorer\iexplore.exe" "https://mea.aconex.com/Logon?Action=Logon&userName=tabdulla&key=8bcea7107cb38b1f%2026058c57b19503fdc20ba32dadebb70fa2a9a8f6df5eecd649aa66c41227526fc52311b2c5a17d8f%2011d378fe92fd8e093c73cc7aff7e53e7&expiry=1577686244468&utm_campaign=ACX_ac_detail%20s&utm_source=app"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3324"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2480 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
912"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2480 CREDAT:203009C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3908"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2480 CREDAT:203010C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3408C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version:
26,0,0,131
Total events
1 069
Read events
888
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
9
Text files
133
Unknown types
16

Dropped files

PID
Process
Filename
Type
2480iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2480iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BIAA76ME\Logon[1].txt
MD5:
SHA256:
3324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QYKR2NVJ\aconex-ui[1].csstext
MD5:EA672167FE2B9EC12441D4547E46524A
SHA256:EE1A76336002964621703D35CCE247B7D32862C6382C68201E04436E130FB5B2
3324iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:DCC7DD8190960D188957EE2DB8FACD0A
SHA256:E9388571AE96695AF504B34C83D58241B9CEACB1E2B3D1D6D47AEFF71A0FBFF8
3324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:16E3F00A32E22816AF5218170D1E508E
SHA256:60A1385F5E317913DF09BD721EF02A80D7095CB0D8F6E99F49F07E7974D0EBED
3324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QYKR2NVJ\page[1].csstext
MD5:CEE351E0F90AAB1B77D53D3F487BB83A
SHA256:96353CCF6129FDF4EFB6369D19FC86CDDB800A062CE30EC49C2B4244A2FA2F83
3324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UZE3E9DS\reset.css[1].jsptext
MD5:8FF9604E586CB2FCCDC12BED727FDDCB
SHA256:DDEFB2C29BDCD55D3B9E8E6B352C4E409A27518AB041681BE387554EB7E4BACB
3324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BIAA76ME\data[1].csstext
MD5:3EAF3D846F2C72F0F678F4F6B556DBA6
SHA256:70CB99DA2F7F7B265D951C90940E268017C8034B98B700C3109C0A5033B29BF6
3324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UZE3E9DS\walkmeService[1].jstext
MD5:A9BB5090DE27FA949BE6566CF3BA077F
SHA256:A7CAFC082703B4EF658F4E489DB6806173A79A4F85D4D940AEFA1866406788BD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
60
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3908
iexplore.exe
GET
301
156.151.59.19:80
http://www.aconex.com/aconex-global-policies
US
suspicious
3324
iexplore.exe
GET
200
205.185.216.10:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.4 Kb
whitelisted
2480
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
3324
iexplore.exe
GET
200
104.18.11.39:80
http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt
US
der
1.15 Kb
whitelisted
3324
iexplore.exe
GET
200
143.204.208.222:80
http://x.ss2.us/x.cer
US
der
1.27 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2480
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3324
iexplore.exe
143.204.208.222:80
x.ss2.us
US
suspicious
3324
iexplore.exe
3.91.254.236:443
heapanalytics.com
US
unknown
3324
iexplore.exe
23.210.248.97:443
mea.aconex.com
Akamai International B.V.
NL
unknown
3324
iexplore.exe
3.104.91.81:443
www.aconex-status.com
US
unknown
3324
iexplore.exe
205.185.216.10:80
www.download.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2480
iexplore.exe
23.210.248.97:443
mea.aconex.com
Akamai International B.V.
NL
unknown
23.210.248.97:443
mea.aconex.com
Akamai International B.V.
NL
unknown
912
iexplore.exe
209.197.3.15:443
netdna.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
912
iexplore.exe
23.210.248.97:443
mea.aconex.com
Akamai International B.V.
NL
unknown

DNS requests

Domain
IP
Reputation
mea.aconex.com
  • 23.210.248.97
unknown
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.aconex-status.com
  • 3.104.91.81
  • 13.239.130.190
unknown
cacerts.digicert.com
  • 104.18.11.39
  • 104.18.10.39
whitelisted
cdn.heapanalytics.com
  • 13.35.255.17
shared
x.ss2.us
  • 143.204.208.222
  • 143.204.208.42
  • 143.204.208.196
  • 143.204.208.228
whitelisted
www.download.windowsupdate.com
  • 205.185.216.10
  • 205.185.216.42
whitelisted
heapanalytics.com
  • 3.91.254.236
  • 54.84.75.185
whitelisted
www.aconex.com
  • 156.151.59.19
suspicious
help.aconex.com
  • 23.210.248.97
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://mea.aconex.com/Logon?Action=Logon&userName=tabdulla&key=8bcea7107cb38b1f%2026058c57b19503fdc20ba32dadebb70fa2a9a8f6df5eecd649aa66c41227526fc52311b2c5a17d8f%2011d378fe92fd8e093c73cc7aff7e53e7&expiry=1577686244468&utm_campaign=ACX_ac_detail%20s&utm_source=app