analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://khfullhd.net

Full analysis: https://app.any.run/tasks/db8609ac-c327-4915-b692-ab0b07d0f71d
Verdict: Malicious activity
Analysis date: August 12, 2022, 20:19:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

DF99C9595F47B0D7E797FAC7964E1B00

SHA1:

FE91A7AE2897CD4D34B7F702F031879F93F6FE4A

SHA256:

15227BA7C045CAB30597AB437F0B3237E5D2C594CF5D118EB530425FD05EC1A3

SSDEEP:

3:N8ID4Hon:2ID4Hon

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2956)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 2460)
      • iexplore.exe (PID: 2956)
    • Reads the computer name

      • iexplore.exe (PID: 2956)
      • iexplore.exe (PID: 2460)
    • Application launched itself

      • iexplore.exe (PID: 2460)
    • Changes internet zones settings

      • iexplore.exe (PID: 2460)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2956)
      • iexplore.exe (PID: 2460)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2956)
      • iexplore.exe (PID: 2460)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2956)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2460"C:\Program Files\Internet Explorer\iexplore.exe" "https://khfullhd.net"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2956"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2460 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
11 945
Read events
11 828
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
6
Text files
11
Unknown types
3

Dropped files

PID
Process
Filename
Type
2956iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:6F3BF1E79F20C353F4322C71856CA4F3
SHA256:9061ABB617E11FDFD323F1E6380E2E00DF618BBEA91073B19664445CCD7E0EBB
2956iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\cf-errors[1].csstext
MD5:9682BC48194EDAF87639A730EA3AAE4E
SHA256:99B37EAC8BF1EF9921A79A59B78893F8630CEB0B232F82A800E568FB7AFD363F
2956iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:953BBBF2C62EB6DFC48AAC1AA78AA47F
SHA256:FB2030E7F3083D281DA52246BD5AD19971B1A2A7B9FA91F8ACDD1C4E0F43AF3C
2956iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\WJF3TYQR.txttext
MD5:EC952E86D5F0A6A14EC0F84E328D3523
SHA256:4F17BB81C6354F79F6A7C319EE310DDDB8C4FFA3261A2AC4874E3CAB2AF764CF
2460iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:EE87BB11E233C12009CC11725035DBDC
SHA256:D82930A5B051B3C3F1639C24E83BDDF41D5AA66E467A0944D1AC3D59AE6330C5
2956iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\v1[1].jstext
MD5:5D61B0B2D468E1ADDBCB413E2A41C8C4
SHA256:1DA4C98AD95215ECC8F80F68BC9D18A2303AB069251B9F358A795370388481F8
2460iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:BAD0F77BF6DDF79A05CA61C9A5301E0E
SHA256:159AC500FC82C49D151AD4BF2FA3EF0F4DD0E3E15A3066E082AD03F4EF80F8FE
2956iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TSGOMLF3.txttext
MD5:77D686704E154EA9FB4BCE8C891E17EA
SHA256:5F594B83EBCF76CADCE91CDC37BC0DF21E065977F58A41BD1F2CDDBA22FF5340
2956iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:36F9B7B5A0CA45FFE4B288007D081E49
SHA256:5B9683B73F38694C3CF63DE0E2D7F60D16784489F7A1E9594185DAEF41C3DCFE
2460iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:290A85BD3E7285CDEDA1602A9E12A7DF
SHA256:17AE86541BE373B2DB8A4B77D7E7626966637E5A6052F290A3B598A56F5123C9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
24
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2956
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2460
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2956
iexplore.exe
GET
200
23.216.77.69:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f443ad68667e6b58
US
compressed
4.70 Kb
whitelisted
2956
iexplore.exe
GET
200
23.216.77.80:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?684e7b3ad5972330
US
compressed
4.70 Kb
whitelisted
2460
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2956
iexplore.exe
188.114.97.3:443
khfullhd.net
Cloudflare Inc
US
malicious
2460
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2460
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2956
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2956
iexplore.exe
23.216.77.80:80
ctldl.windowsupdate.com
NTT DOCOMO, INC.
US
suspicious
188.114.97.3:443
khfullhd.net
Cloudflare Inc
US
malicious
2460
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2460
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2956
iexplore.exe
23.216.77.69:80
ctldl.windowsupdate.com
NTT DOCOMO, INC.
US
suspicious

DNS requests

Domain
IP
Reputation
khfullhd.net
  • 188.114.97.3
  • 188.114.96.3
malicious
ctldl.windowsupdate.com
  • 23.216.77.80
  • 23.216.77.69
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info