analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.pornhub.com/

Full analysis: https://app.any.run/tasks/79ec8af0-c277-454e-9ff8-46c0c26ae781
Verdict: Malicious activity
Analysis date: January 24, 2022, 15:32:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

6DB16373FF33BFC03409F1CBF059E1E6

SHA1:

70B4A907CF37FDEF8B5F2001836CB5AFCF0E41D0

SHA256:

1577AC071E21E37C4DCF244A1E2F73FFF7C236557A25D060E58F49F1F7124B1C

SSDEEP:

3:N8DSLNt:2OLX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Checks supported languages

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 2156)
    • Reads the computer name

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 2156)
    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3576)
    • Executed via COM

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 2156)
    • Creates files in the user directory

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 2156)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 3576)
      • iexplore.exe (PID: 3560)
    • Reads the computer name

      • iexplore.exe (PID: 3576)
      • iexplore.exe (PID: 3560)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3576)
      • iexplore.exe (PID: 3560)
    • Application launched itself

      • iexplore.exe (PID: 3560)
    • Changes internet zones settings

      • iexplore.exe (PID: 3560)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3576)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3560)
      • iexplore.exe (PID: 3576)
    • Creates files in the user directory

      • iexplore.exe (PID: 3576)
    • Reads CPU info

      • iexplore.exe (PID: 3576)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_32_0_0_453_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3560"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.pornhub.com/"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3576"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3560 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
2156C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe
Integrity Level:
MEDIUM
Description:
Adobe� Flash� Player Installer/Uninstaller 32.0 r0
Version:
32,0,0,453
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_32_0_0_453_activex.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
22 779
Read events
22 536
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
32
Text files
488
Unknown types
89

Dropped files

PID
Process
Filename
Type
3576iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\H5EQYYKN.txttext
MD5:2F1EBBD53E088336CFFEF22E74B01E3B
SHA256:56EFE786B5DAC0D3CB3B78888A9375965B1AAC2FF6814C79D276DE89C9223652
3576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\front-index-pc[1].csstext
MD5:D49FD6B19CB45D14AACEA55BEE068494
SHA256:99B086F7EE8B955C82926CD5E35240D07E17F790E2AE0B3F8930FBBCF870A811
3576iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FSXZAE2.txttext
MD5:FFE3A4FD40DAE72E55F2823F34C09CB7
SHA256:73D14480274BA1ABDB107520386881A67A5AC4CDAAB76886396BA6C0FDDBA19B
3576iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\M0Y5JYLU.txttext
MD5:A3BE8780B05CF65B78FFCB2384EAB61D
SHA256:DB21B528C6952DEDB2960B381CCEA52403E982627159D51DF0E759C2E3A497E4
3560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:973957317EB4D57CA4F3013E492A0F52
SHA256:A8FD8D92A4B3AB43F6B5023353C9B1DDF573C3CDF1295C10B33A8837AEA07009
3576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B9C0457FE8FDF881D9EA458DAD3D4142_79C09928C2DEED6D69E117D673E3388Bder
MD5:76639CCD1F18AB4189CE797E4E4FCAD7
SHA256:CA753796FB346A57E5B09DA25765A59513C877F453EA311EF479F6CE86A976F2
3576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_B514E3306E9B5CC22C1D3DB90570477Abinary
MD5:B2A57FED639282ADBD3F7938A6CE8248
SHA256:510A29D5F2212F9CE6654F9480041B53069541E0C0B7557F5B5A076881DC4500
3576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_B514E3306E9B5CC22C1D3DB90570477Ader
MD5:E6BD9134E8374E70C307E15CA5C5BA8F
SHA256:B6C9F4FC32D25638BFAC7BDAD3F5E2DEF1F3EB91140F15C0DE6548D7DC4D85F2
3576iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\L4SO5AJU.txttext
MD5:9FD16863EFE7CF1143B9A39754CFA95F
SHA256:ABB5756C9209B3A94E1AEC6284ABC1665119F827B097A1B82553601ACA63953D
3560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:FC990EAA7247546FB67C18916A4CAC9B
SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
33
TCP/UDP connections
150
DNS requests
45
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3576
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
3560
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3576
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
3576
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEA3AWA%2Frpyg2P6f4%2FJg%2FBjI%3D
US
der
313 b
whitelisted
3576
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAonX%2BcE1u7LI9XNW0saTgQ%3D
US
der
471 b
whitelisted
3576
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D
US
der
471 b
whitelisted
3576
iexplore.exe
GET
200
104.18.31.182:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
3576
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
3576
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEAd3SBjpSMd4ojHOUsfJYh8%3D
US
der
313 b
whitelisted
3576
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gts1d4/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQCGFNnHjnVYegkAAAAA69dM
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3560
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3560
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3576
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3560
iexplore.exe
8.248.115.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
3576
iexplore.exe
205.185.208.79:443
static.trafficjunky.com
Highwinds Network Group, Inc.
US
unknown
3576
iexplore.exe
66.254.114.41:443
www.pornhub.com
Reflected Networks, Inc.
US
malicious
3576
iexplore.exe
205.185.208.142:443
di.phncdn.com
Highwinds Network Group, Inc.
US
suspicious
3560
iexplore.exe
8.253.95.249:80
ctldl.windowsupdate.com
Global Crossing
US
suspicious
3576
iexplore.exe
66.254.122.21:443
ei.phncdn.com
Reflected Networks, Inc.
US
suspicious
3576
iexplore.exe
172.217.18.110:443
www.google-analytics.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.pornhub.com
  • 66.254.114.41
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 8.248.115.254
  • 67.27.158.126
  • 67.27.159.126
  • 67.27.233.254
  • 8.253.95.249
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
di.phncdn.com
  • 205.185.208.142
whitelisted
static.trafficjunky.com
  • 205.185.208.79
whitelisted
ei.phncdn.com
  • 66.254.122.21
  • 66.254.122.22
  • 66.254.122.23
  • 66.254.122.16
  • 66.254.122.17
  • 66.254.122.18
  • 66.254.122.19
  • 66.254.122.20
whitelisted
hubt.pornhub.com
  • 66.254.114.32
whitelisted
ss.phncdn.com
  • 66.254.122.22
  • 66.254.122.23
  • 66.254.122.16
  • 66.254.122.17
  • 66.254.122.18
  • 66.254.122.19
  • 66.254.122.20
  • 66.254.122.21
whitelisted

Threats

No threats detected
No debug info