analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://sourceforge.net/projects/maddstress/

Full analysis: https://app.any.run/tasks/07a9f62f-d57a-458c-8351-55ceb4870385
Verdict: Malicious activity
Analysis date: September 30, 2020, 08:49:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

063E9F1784F3BFA508CA57CD5EF19C35

SHA1:

A784FE71C295BB99B960D4EABF9C2660973BB538

SHA256:

157B97BF22E3C3DECD0237104FB1F0F7C5B63991ED0F14E43C1AF0899D0CA12A

SSDEEP:

3:N8HCGSuLAuUtP3WP:2iGnCt+P

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 1556)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1556)
      • iexplore.exe (PID: 2624)
      • iexplore.exe (PID: 2328)
    • Application launched itself

      • iexplore.exe (PID: 1556)
    • Creates files in the user directory

      • iexplore.exe (PID: 2624)
      • iexplore.exe (PID: 1556)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 1556)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2624)
      • iexplore.exe (PID: 2328)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1556)
    • Changes settings of System certificates

      • iexplore.exe (PID: 1556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1556"C:\Program Files\Internet Explorer\iexplore.exe" https://sourceforge.net/projects/maddstress/C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2624"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1556 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2328"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1556 CREDAT:1643809 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
959
Read events
850
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
42
Text files
44
Unknown types
16

Dropped files

PID
Process
Filename
Type
2624iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab8612.tmp
MD5:
SHA256:
2624iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar8613.tmp
MD5:
SHA256:
2624iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\maddstress[1].htmhtml
MD5:CA424AE105F62A385F3DC08F80C2747C
SHA256:F3C216D1C811247287E805F69893626DDD51A448618D78D0DB428F701D794B65
2624iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0866C9BDEA8439513B2B30A76FEB0F6Dder
MD5:3FF03A11CA1E96E936010D95CC7D10E2
SHA256:96C40EAF10C81BBA9424E60A58CF7846F8AF71D6D97A8C5F8A12062D9E6D41C8
2624iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\cmp[1].csstext
MD5:4B250691D1FF8CEFF9557E8B89E50122
SHA256:53660B188B8E19E9CEA29FB4C23449390AE83AB21DAD2A2E067B5B0597192EC6
2624iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08der
MD5:30142B9712DB3BF56074DDC675C257FD
SHA256:E097553550D5FC623C5EF334D0ED27BD29BEFEDD25927556D934364E56A22A69
2624iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0866C9BDEA8439513B2B30A76FEB0F6Dbinary
MD5:6FA53ADB36C51FC4C22D8386D8DF075C
SHA256:DA9749EBB5D6489278ACC8912E15F300B670EA24813CD78B9ED534FE3E15CE0A
2624iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\1[1].pngimage
MD5:56DD544AA0A7D836E6CBE893B788E2C0
SHA256:8DBAC44F4567753C842A101345C8245A4597B049FA4A8FC5A71FB0DA73C75F55
2624iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\sf.sandiego-head[1].jstext
MD5:9B08F44E035AE8394A67C278FCE81264
SHA256:B8D60040E3B6885276D678C14611531B872513928A6035C667C2D23CBD5CE625
2624iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\icon[1].jpgimage
MD5:FE3D3C73A00E08C660739849621A36C0
SHA256:9E3EAC33A8D7E946181CE969CCA4F7E1A648CA7007BF9F4D8AE18EBE6726ACA0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
63
DNS requests
25
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2624
iexplore.exe
GET
200
2.16.107.114:80
http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgTHARGArCpfTkokHR32QhOqmg%3D%3D
unknown
der
527 b
whitelisted
2624
iexplore.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCoziyTHasflwIAAAAAekur
US
der
472 b
whitelisted
2624
iexplore.exe
GET
200
2.16.107.114:80
http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgNi5wusdw27Wmbi806i3fyowA%3D%3D
unknown
der
527 b
whitelisted
2624
iexplore.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDqXuNQ97mPtAIAAAAAektt
US
der
472 b
whitelisted
1052
svchost.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
1556
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2624
iexplore.exe
GET
200
142.250.74.195:80
http://crl.pki.goog/gsr2/gsr2.crl
US
der
950 b
whitelisted
2624
iexplore.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDM8p7YwCDvUCAAAAABXoPk%3D
US
der
471 b
whitelisted
1052
svchost.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEA7yTSbUNi7CXXtef0luXqk%3D
US
der
279 b
whitelisted
2624
iexplore.exe
GET
200
2.16.107.114:80
http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgNi5wusdw27Wmbi806i3fyowA%3D%3D
unknown
der
527 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2624
iexplore.exe
172.217.16.132:443
www.google.com
Google Inc.
US
whitelisted
2624
iexplore.exe
2.16.107.114:80
ocsp.int-x3.letsencrypt.org
Akamai International B.V.
suspicious
2624
iexplore.exe
2.16.107.73:80
isrg.trustid.ocsp.identrust.com
Akamai International B.V.
suspicious
2624
iexplore.exe
216.105.38.13:443
sourceforge.net
American Internet Services, LLC.
US
malicious
2624
iexplore.exe
216.58.212.170:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2624
iexplore.exe
104.18.14.218:443
a.fsdn.com
Cloudflare Inc
US
unknown
1556
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2624
iexplore.exe
142.250.74.195:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2624
iexplore.exe
87.230.98.69:443
consentmanager.mgr.consensu.org
Host Europe GmbH
DE
unknown
1556
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
sourceforge.net
  • 216.105.38.13
whitelisted
isrg.trustid.ocsp.identrust.com
  • 2.16.107.73
  • 2.16.107.80
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.int-x3.letsencrypt.org
  • 2.16.107.114
  • 2.16.107.43
whitelisted
a.fsdn.com
  • 104.18.14.218
  • 104.18.15.218
whitelisted
fonts.googleapis.com
  • 216.58.212.170
whitelisted
www.google.com
  • 172.217.16.132
whitelisted
consentmanager.mgr.consensu.org
  • 87.230.98.69
whitelisted
cdn.consentmanager.mgr.consensu.org
  • 195.181.175.54
whitelisted

Threats

No threats detected
No debug info