URL:

https://www.pcapanalysis.com

Full analysis: https://app.any.run/tasks/ec26429d-81d7-4e90-9cf3-00aafbc1d888
Verdict: Malicious activity
Analysis date: July 12, 2020, 19:45:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D61F7F2303517F6F1738391B89CD2069

SHA1:

EDB00A2A6CE8240B351B3B2F4FDAC992180F84A4

SHA256:

14ED2A9F1D38197178EBA2C5017CDA5B1A733B4A98B7A9F996B9B88B2E58ACCC

SSDEEP:

3:N8DSLPiZWMMGT:2OLabT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2192)
      • iexplore.exe (PID: 664)

    • Changes internet zones settings

      • iexplore.exe (PID: 2192)

    • Application launched itself

      • iexplore.exe (PID: 2192)

    • Creates files in the user directory

      • iexplore.exe (PID: 664)

    • Reads internet explorer settings

      • iexplore.exe (PID: 664)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2192)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2192)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2192)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
664"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2192 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2192"C:\Program Files\Internet Explorer\iexplore.exe" https://www.pcapanalysis.comC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
5 766
Read events
567
Write events
3 481
Delete events
1 718

Modification events

(PID) Process:(2192) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
445849524
(PID) Process:(2192) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30824581
(PID) Process:(2192) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2192) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2192) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2192) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2192) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2192) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2192) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2192) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
0
Suspicious files
79
Text files
58
Unknown types
48

Dropped files

PID
Process
Filename
Type
664iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabCF5F.tmp
MD5:
SHA256:
664iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarCF60.tmp
MD5:
SHA256:
664iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691der
MD5:
SHA256:
664iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bbinary
MD5:
SHA256:
664iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3der
MD5:
SHA256:
664iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bder
MD5:
SHA256:
664iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:
SHA256:
664iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:
SHA256:
664iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_EB771176F2674C237F245D92D01EDD3Cder
MD5:
SHA256:
664iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDAbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
74
DNS requests
29
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
664
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEGfe9D7xe9riT%2FWUBgbSwIQ%3D
US
der
471 b
whitelisted
664
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D
US
der
1.48 Kb
whitelisted
664
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDAzsRMUU8VGKNFi01w%3D%3D
US
der
1.49 Kb
whitelisted
664
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDRWV%2BNyD7WkwIAAAAAbwew
US
der
472 b
whitelisted
664
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
664
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY
US
der
728 b
whitelisted
664
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D
US
der
1.48 Kb
whitelisted
664
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D
US
der
1.48 Kb
whitelisted
664
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
664
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDAzsRMUU8VGKNFi01w%3D%3D
US
der
1.49 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
664
iexplore.exe
213.203.221.29:80
creative.metalyzer.com
PlusServer GmbH
DE
unknown
664
iexplore.exe
198.46.93.183:443
www.pcapanalysis.com
InMotion Hosting, Inc.
US
unknown
664
iexplore.exe
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious
664
iexplore.exe
172.217.23.106:443
fonts.googleapis.com
Google Inc.
US
whitelisted
664
iexplore.exe
104.22.52.65:443
secure.statcounter.com
Cloudflare Inc
US
unknown
664
iexplore.exe
172.217.23.99:80
ocsp.pki.goog
Google Inc.
US
whitelisted
664
iexplore.exe
104.18.21.226:80
ocsp2.globalsign.com
Cloudflare Inc
US
shared
104.18.20.226:80
ocsp2.globalsign.com
Cloudflare Inc
US
shared
664
iexplore.exe
104.18.20.226:80
ocsp2.globalsign.com
Cloudflare Inc
US
shared
664
iexplore.exe
172.67.38.97:443
secure.statcounter.com
US
suspicious

DNS requests

Domain
IP
Reputation
www.pcapanalysis.com
  • 198.46.93.183
whitelisted
ocsp.comodoca.com
  • 151.139.128.14
whitelisted
fonts.googleapis.com
  • 172.217.23.106
whitelisted
www.lduhtrp.net
  • 89.207.16.72
malicious
www.tqlkg.com
  • 89.207.16.72
whitelisted
www.awltovhc.com
  • 89.207.16.72
malicious
secure.statcounter.com
  • 104.22.52.65
  • 104.22.53.65
  • 172.67.38.97
whitelisted
ocsp.pki.goog
  • 172.217.23.99
whitelisted
ocsp2.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
ocsp.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.pcapanalysis.com