URL:

https://managerplus.pl/top-5-malwareu-w-polsce-69920

Full analysis: https://app.any.run/tasks/cc67a2e9-e871-4a2a-be9f-1548ea04cd3b
Verdict: Malicious activity
Analysis date: March 16, 2024, 15:39:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

1721BFB89FB8A2CAFEABD391DE011B9D

SHA1:

A88076A55D0C09D8A8D65571C87022EF3C7DA338

SHA256:

13C773E49C4A747104CBEDB87B70373286094F799E4712E780E6A64F72689618

SSDEEP:

3:N8ELVJFERnQlEBXUIJFn:2ELVvCEi5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Disables Form Suggestion in Internet Explorer

      • iexplore.exe (PID: 1696)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 1696)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1696 CREDAT:3020047 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1696"C:\Program Files\Internet Explorer\iexplore.exe" "https://managerplus.pl/top-5-malwareu-w-polsce-69920"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2836"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1696 CREDAT:1316144 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4000"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1696 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
79 656
Read events
79 338
Write events
187
Delete events
131

Modification events

(PID) Process:(1696) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(1696) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
818001248
(PID) Process:(1696) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31094712
(PID) Process:(1696) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(1696) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31094712
(PID) Process:(1696) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1696) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1696) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1696) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1696) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
75
Text files
516
Unknown types
43

Dropped files

PID
Process
Filename
Type
4000iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:BBFCA178E16705D18200E537EC088123
SHA256:2AD14F04A7BDA4B80EDC1DE3B22B31769EBC7D3EC280C756BFD201A7B810EBD0
4000iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464der
MD5:8202A1CD02E7D69597995CABBE881A12
SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
4000iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\email-decode.min[1].jshtml
MD5:9E8F56E8E1806253BA01A95CFC3D392C
SHA256:2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
4000iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_D43244EFD1C762203B2FCB221936BF98der
MD5:B8C31549C86FFC2266D6F8CC96F65CFF
SHA256:658BBAF270881B65CE009CFE9311E2E5B595CE84F5D393853166202D082EAE4F
4000iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAder
MD5:AC89A852C2AAA3D389B2D2DD312AD367
SHA256:0B720E19270C672F9B6E0EC40B468AC49376807DE08A814573FE038779534F45
4000iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\screen.min[1].csstext
MD5:14E1BA7BC29BFAE4538D5D720BEE50DC
SHA256:E37BA86536F9A12D450390901292AF30F4393D4FE3E06B907D351EF876264301
4000iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:8FABDA9B1F0C2137E81A13C77E514DD5
SHA256:76B8952CBF7D15CD6E8E398F9EBE9E01699A7F419730ABF0D609449234217C8D
4000iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\font-awesome.min[1].csstext
MD5:9873222853EA422D109B75C4FCBD52AD
SHA256:56AFCAC5475077DA5798D3C58F8135CDD3C73DC8E0A452B3EB252B8AA054EDE8
4000iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\style.min[1].csstext
MD5:0234D0A7685AEFA6FD06041FBD602928
SHA256:0085ADFD2D08A45F62A06D8F3F969DDC4A94EBE8D226511DB90AA038F11ED180
4000iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style[1].csstext
MD5:177CE3195E063DF497ABEF93F207A317
SHA256:60CA9C0B9E446CA209D558F3793F84EA10CFFE6C9B10FAAB41D4F15400013048
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
195
DNS requests
99
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4000
iexplore.exe
GET
304
88.221.110.104:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?36ca310eb28aaa33
unknown
unknown
4000
iexplore.exe
GET
304
88.221.110.65:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b150b552b216e1f4
unknown
unknown
4000
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
4000
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
unknown
binary
724 b
unknown
4000
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
4000
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC%2BP0iGO7o7nQoIudW3BwdU
unknown
binary
472 b
unknown
4000
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCRd4hKrA6aBAnnS3UYBsso
unknown
binary
472 b
unknown
4000
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCimReIRyQtphKmdTNhBzaE
unknown
binary
472 b
unknown
4000
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCimReIRyQtphKmdTNhBzaE
unknown
binary
472 b
unknown
4000
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCGXFtW%2BmD7fgro46rB%2F0k5
unknown
binary
472 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
4000
iexplore.exe
188.114.97.3:443
managerplus.pl
CLOUDFLARENET
NL
unknown
4000
iexplore.exe
88.221.110.104:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
4000
iexplore.exe
88.221.110.65:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
4000
iexplore.exe
216.58.206.67:80
ocsp.pki.goog
GOOGLE
US
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4000
iexplore.exe
142.250.184.226:443
pagead2.googlesyndication.com
GOOGLE
US
whitelisted
4000
iexplore.exe
142.250.186.142:443
fundingchoicesmessages.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
managerplus.pl
  • 188.114.97.3
  • 188.114.96.3
unknown
ctldl.windowsupdate.com
  • 88.221.110.104
  • 88.221.110.59
  • 88.221.110.80
  • 88.221.110.65
  • 88.221.110.105
  • 2.16.100.179
  • 2.16.100.177
  • 88.221.110.64
  • 88.221.110.72
  • 88.221.110.120
  • 88.221.110.115
  • 88.221.110.122
  • 2.16.100.152
  • 88.221.110.121
  • 88.221.110.112
  • 2.19.126.163
  • 2.19.126.137
whitelisted
ocsp.pki.goog
  • 216.58.206.67
whitelisted
www.googletagmanager.com
  • 172.217.16.136
whitelisted
pagead2.googlesyndication.com
  • 142.250.184.226
whitelisted
fundingchoicesmessages.google.com
  • 142.250.186.142
whitelisted
region1.analytics.google.com
  • 216.239.34.36
  • 216.239.32.36
whitelisted
stats.g.doubleclick.net
  • 142.251.168.154
  • 142.251.168.156
  • 142.251.168.155
  • 142.251.168.157
whitelisted
www.google.dk
  • 142.250.74.195
whitelisted
region1.google-analytics.com
  • 216.239.32.36
  • 216.239.34.36
whitelisted

Threats

PID
Process
Class
Message
1080
svchost.exe
Misc activity
ET INFO File Sharing Related Domain in DNS Lookup (mega .nz)
124
iexplore.exe
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
124
iexplore.exe
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
1080
svchost.exe
Misc activity
ET INFO Observed DNS Query to Filesharing Service (mega .co .nz)
1696
iexplore.exe
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
1696
iexplore.exe
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://managerplus.pl/top-5-malwareu-w-polsce-69920