analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://boucherie-a-la-campagne.com

Full analysis: https://app.any.run/tasks/81b863da-1bb7-4a26-8bcd-65d3c3d7e080
Verdict: Malicious activity
Analysis date: June 27, 2022, 09:16:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

976CF0BDC75925ED8AA2095D799F715F

SHA1:

53E36BFB3D81D6A2EBFA9F83985B4F5EA9050863

SHA256:

1730404F96A6DED0C16C64A331700726CE051879AEBF4C3C35AF8B46D8001614

SSDEEP:

3:N1KcfcAOQYCNn:CcAQYY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 4088)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 2952)
      • iexplore.exe (PID: 4088)
    • Reads the computer name

      • iexplore.exe (PID: 2952)
      • iexplore.exe (PID: 4088)
    • Changes internet zones settings

      • iexplore.exe (PID: 2952)
    • Application launched itself

      • iexplore.exe (PID: 2952)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2952)
      • iexplore.exe (PID: 4088)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2952)
      • iexplore.exe (PID: 4088)
    • Reads internet explorer settings

      • iexplore.exe (PID: 4088)
    • Creates files in the user directory

      • iexplore.exe (PID: 4088)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2952"C:\Program Files\Internet Explorer\iexplore.exe" "http://boucherie-a-la-campagne.com"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
4088"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2952 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
18 349
Read events
18 212
Write events
101
Delete events
0

Modification events

(PID) Process:(2952) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2952) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(2952) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30968326
(PID) Process:(2952) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(2952) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30968326
(PID) Process:(2952) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2952) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2952) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2952) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2952) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
14
Text files
34
Unknown types
11

Dropped files

PID
Process
Filename
Type
2952iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.datbinary
MD5:FF35F5BA0827719FE81372C3C1ACFB83
SHA256:63A78EC622B70906FE56ECD5BA393147D9F5F1106C57F80E26F986972C6FF34D
2952iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342
SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E
2952iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:4C9D94581C0B43873FEB2173318B6A1B
SHA256:1F81F8E21F896CB8B9F62C6562A0DA4112E6F110B4B570057F4E345F0945BC98
4088iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\EGHXM3ON.htmhtml
MD5:A8FD03DE0A80F8FE28E346088C3552B0
SHA256:762A1D7A4BB4376A0B91882A856DBCDC60CB3032E419DC1C56FA43ACE06C6E4E
2952iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:790E40386A5478B54787C28956E029D7
SHA256:2A14CA44FA89C53F53111C7CAAE9155A460FA162BD822CCEAF7B7F74B8390557
2952iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:45885960656CE76348C8EA903540C2A9
SHA256:D9147543AFCA0DA6F8B8BEC1E7601A638D9CD1DC738656CD533DD201AB5961E0
4088iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style[2].csstext
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5
SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B
4088iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\F9XLN80J.htmhtml
MD5:E930194BED4E025A13399839A844E683
SHA256:20F0A20DF4A64181A5CF89450545ADA0DA3CA40278DF2E2F2A766698F538E577
4088iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style[1].csstext
MD5:8A6AC41C4CD1120C9D01C26F839389FC
SHA256:73C8B1941A2A223B487245530177D98CAB9AC48B1CE903A48B29C76C96C1FDA4
4088iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LW5O4960.txttext
MD5:71415D2336DF0DCEF603779059F7A2DF
SHA256:11A5E911EC337DCD19F7AAFC801A2671B93F64E41770F9EADA503793AC779432
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
61
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2952
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
4088
iexplore.exe
GET
302
72.14.178.174:80
http://boucherie-a-la-campagne.com/mtm/direct/.eJwljEsKwzAMBa9StEzjet_LBEW8xgb_UBQwlN69NtnNDI_3pUsjvcnTSqzHOXCQ4gOF3hLqaVvhjKF7vSRAIxy7xE44Nz4KXlLzPBBBszEzdPPBclof3FqKwhZr8X2mZ5958Qv9_sFfKPw:1o5krY:oI06m8Ci0_4wB7h2PIuoAOhfF0o/0
US
malicious
4088
iexplore.exe
GET
200
45.33.30.197:80
http://boucherie-a-la-campagne.com/
US
html
6.84 Kb
malicious
4088
iexplore.exe
GET
200
75.2.73.197:80
http://www1.boucherie-a-la-campagne.com/?tm=1&subid4=1656321452.0121570000&kw=Butcher+Shop&KW1=Livraison%20de%20viande&KW2=Paniers%20Cadeaux%20Boucherie%20Gourmande&KW3=Commander%20de%20la%20viande%20en%20gros&searchbox=0&domainname=0&backfill=0
US
html
5.32 Kb
suspicious
4088
iexplore.exe
GET
200
143.204.101.79:80
http://d1lxhc4jvstzrp.cloudfront.net/themes/regnitz_0f823431/style.css
US
text
539 b
shared
2952
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
4088
iexplore.exe
GET
200
142.250.186.132:80
http://www.google.com/adsense/domains/caf.js
US
text
51.5 Kb
whitelisted
4088
iexplore.exe
GET
200
143.204.101.79:80
http://d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js
US
text
6.84 Kb
shared
4088
iexplore.exe
GET
200
185.53.178.30:80
http://c.parkingcrew.net/scripts/sale_form.js
DE
text
761 b
whitelisted
2952
iexplore.exe
GET
200
45.33.30.197:80
http://boucherie-a-la-campagne.com/favicon.ico
US
image
43 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2952
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
4088
iexplore.exe
45.33.30.197:80
boucherie-a-la-campagne.com
Linode, LLC
US
malicious
45.33.30.197:80
boucherie-a-la-campagne.com
Linode, LLC
US
malicious
2952
iexplore.exe
8.241.11.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
2952
iexplore.exe
45.33.30.197:80
boucherie-a-la-campagne.com
Linode, LLC
US
malicious
2952
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2952
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
72.14.178.174:80
boucherie-a-la-campagne.com
Linode, LLC
US
malicious
4088
iexplore.exe
72.14.178.174:80
boucherie-a-la-campagne.com
Linode, LLC
US
malicious
4088
iexplore.exe
142.250.186.132:80
www.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
boucherie-a-la-campagne.com
  • 45.33.30.197
  • 72.14.178.174
  • 72.14.185.43
  • 45.33.20.235
  • 45.33.23.183
  • 45.33.2.79
  • 96.126.123.244
  • 45.56.79.23
  • 173.255.194.134
  • 198.58.118.167
  • 45.79.19.196
  • 45.33.18.44
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ctldl.windowsupdate.com
  • 8.241.11.254
  • 8.248.133.254
  • 8.253.207.120
  • 8.241.9.254
  • 8.238.189.126
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
www1.boucherie-a-la-campagne.com
  • 75.2.73.197
  • 99.83.136.84
suspicious
www.google.com
  • 142.250.186.132
whitelisted
d1lxhc4jvstzrp.cloudfront.net
  • 143.204.101.79
  • 143.204.101.183
  • 143.204.101.169
  • 143.204.101.13
shared

Threats

No threats detected
No debug info