analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://urldefense.com/v3/__https://a.insgly.net/api/trk?id=emailclick&i=728539&eid=136254895&url=http:**Afmtrack.s2mtraining.com*v1*clk*rDxCyCxeQc2N451FGA-XnA,69pDe2NrTb2BBhvNfbKJnw,0,aHR0cHM6Ly9vZmZpY2UtbWVzc2FnZXMuaW5mby8*ZT1mZXJuaWFueUB1YWIuZWR1__;Ly8vLy8v!!NoSwA-eRAg!UAYxuMWWSPCElw9Iw3Z70rUcuQJB6Wi00xo0gQlT181VBVWP-iAttOlyKapDiKLdRw$

Full analysis: https://app.any.run/tasks/e632374a-9df5-4ba3-af97-90485c6479ee
Verdict: Malicious activity
Analysis date: October 04, 2022, 19:40:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

377FCDAB41749227C893F609771A06E0

SHA1:

ECDD44A609A905EDAC128125DF9FC3F99EFDA629

SHA256:

1429E161A96EA8EFAA1F9A50847269EAD6590B52E225421C6A852C741EC332E8

SSDEEP:

6:2UJtIrhVTznMwKTUWTXQ7xRfIGsRRhL47RsjL1bX/rwI1sdla9lDdXYBy:2U0Pz27TkoRhs7W3NXsXdILdoI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3584)

  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 1968)
      • iexplore.exe (PID: 3584)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1968)
      • iexplore.exe (PID: 3584)

    • Reads the computer name

      • iexplore.exe (PID: 1968)
      • iexplore.exe (PID: 3584)

    • Changes internet zones settings

      • iexplore.exe (PID: 1968)

    • Application launched itself

      • iexplore.exe (PID: 1968)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1968)
      • iexplore.exe (PID: 3584)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3584)

    • Changes settings of System certificates

      • iexplore.exe (PID: 1968)

    • Creates files in the user directory

      • iexplore.exe (PID: 3584)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1968)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1968"C:\Program Files\Internet Explorer\iexplore.exe" "https://urldefense.com/v3/__https://a.insgly.net/api/trk?id=emailclick&i=728539&eid=136254895&url=http:**Afmtrack.s2mtraining.com*v1*clk*rDxCyCxeQc2N451FGA-XnA,69pDe2NrTb2BBhvNfbKJnw,0,aHR0cHM6Ly9vZmZpY2UtbWVzc2FnZXMuaW5mby8*ZT1mZXJuaWFueUB1YWIuZWR1__;Ly8vLy8v!!NoSwA-eRAg!UAYxuMWWSPCElw9Iw3Z70rUcuQJB6Wi00xo0gQlT181VBVWP-iAttOlyKapDiKLdRwf7f81a39-5f63-5b42-9efd-1f13b5431005quot;C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3584"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1968 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
15 367
Read events
15 246
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
14
Text files
11
Unknown types
11

Dropped files

PID
Process
Filename
Type
1968iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442binary
MD5:3D0ABB0030B8E7595E692C435A978218
SHA256:7EC3EEC6E589C172C1C57FD928E12D999C547B1C83C80396344944DF08E1016A
1968iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:7B23353FD1867378D1EA13B60B366E46
SHA256:7CC2E2FE1609A2F5E08F25C926ED55558A3C2CBD7C40C6821807100D04C5BE93
1968iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:B8BDA0B382A7D056A4241B388338B778
SHA256:7BAA967F6686CCE471826B20FFA5CB7FEB4BF3C5C0BF43F51F08E84EB5850DD2
3584iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833Bbinary
MD5:1939BC5E186651BE827917B96C514F63
SHA256:86BF22328F039411637A88C277DCD01A8F639B0651C7EA43539E16381B570463
3584iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833Bder
MD5:1104F2185FCB3E847529F1E03ABE029B
SHA256:4D07573E308F4A8D333AD2FD00021E76E2EB703629EA4F5F5B71D11074B4E4B7
3584iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:C066A79BA05C1222A8CED9A73C1B3B21
SHA256:9C8AE88088A6257C18918F3B567DE8EFEB96C4EC98DCD5279C14C2E532AA131A
1968iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3584iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:0318BB20CAC61FB45FD0F63E0A10DA33
SHA256:EF84DDB21C8FCACA16CAE18D1BFBE4A95ACA0F6D926DD7103AEDFBB6EEF2E3BE
3584iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:5CC2D72718470A95616E84A2E5D73CAC
SHA256:6C40A417D8C212667782EB32A6C54D7D7C33E403E85C467B23E2044FC739D871
3584iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_F0B960C3B1E522BB9772662759982F90der
MD5:27550BA7F664A237794C17EE90C6D67A
SHA256:9416C06A161827497DEEC3BEC640876BD66561C33D5F8159ED796BF53005568B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
39
DNS requests
23
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3584
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
1.42 Kb
whitelisted
3584
iexplore.exe
GET
200
13.225.84.13:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
3584
iexplore.exe
GET
302
13.234.200.109:80
http://fmtrack.s2mtraining.com/v1/clk/rDxCyCxeQc2N451FGA-XnA,69pDe2NrTb2BBhvNfbKJnw,0,aHR0cHM6Ly9vZmZpY2UtbWVzc2FnZXMuaW5mby8/ZT1mZXJuaWFueUB1YWIuZWR1
IN
html
140 b
unknown
3584
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEA2KFitLH9n0LY9WTWFSpcE%3D
US
der
471 b
whitelisted
3584
iexplore.exe
GET
200
13.225.84.88:80
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAJLG6jYk19jZUe48j76mSc%3D
US
der
471 b
whitelisted
1968
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d7c407faba1077b0
US
compressed
4.70 Kb
whitelisted
3584
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
US
der
2.18 Kb
whitelisted
3584
iexplore.exe
GET
200
13.225.84.175:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
1968
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
3584
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1968
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1968
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
3584
iexplore.exe
52.6.56.188:443
urldefense.com
AMAZON-AES
US
suspicious
1968
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
3584
iexplore.exe
172.64.155.188:80
ocsp.comodoca.com
CLOUDFLARENET
US
suspicious
3584
iexplore.exe
52.204.90.22:443
urldefense.com
AMAZON-AES
US
suspicious
3584
iexplore.exe
188.114.97.3:443
office-messages.info
CLOUDFLARENET
NL
malicious
13.225.84.13:80
ocsp.rootg2.amazontrust.com
AMAZON-02
US
whitelisted
13.234.200.109:80
fmtrack.s2mtraining.com
AMAZON-02
IN
unknown
3584
iexplore.exe
13.225.78.98:443
a.insgly.net
AMAZON-02
US
malicious

DNS requests

Domain
IP
Reputation
urldefense.com
  • 52.71.28.102
  • 52.204.90.22
  • 52.6.56.188
shared
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
ocsp.comodoca.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
ocsp.usertrust.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
ocsp.sectigo.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
a.insgly.net
  • 13.225.78.98
  • 13.225.78.3
  • 13.225.78.91
  • 13.225.78.104
shared
o.ss2.us
  • 13.225.84.97
  • 13.225.84.68
  • 13.225.84.66
  • 13.225.84.42
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://urldefense.com/v3/__https://a.insgly.net/api/trk?id=emailclick&i=728539&eid=136254895&url=http:**Afmtrack.s2mtraining.com*v1*clk*rDxCyCxeQc2N451FGA-XnA,69pDe2NrTb2BBhvNfbKJnw,0,aHR0cHM6Ly9vZmZpY2UtbWVzc2FnZXMuaW5mby8*ZT1mZXJuaWFueUB1YWIuZWR1__;Ly8vLy8v!!NoSwA-eRAg!UAYxuMWWSPCElw9Iw3Z70rUcuQJB6Wi00xo0gQlT181VBVWP-iAttOlyKapDiKLdRw$