URL:

https://cch.sharefileu873access.live/?

Full analysis: https://app.any.run/tasks/ce98a79c-c246-44cc-afb3-1fb1adbd41f1
Verdict: Malicious activity
Analysis date: December 05, 2022, 16:49:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

E6135B0E98A32293A57B1F7A8C89B847

SHA1:

855351F05E40AE3D67C7E0610F0C34371D1F08F2

SHA256:

187264A794C0156FB641D27189C1BB89687A70CC290C65DF0D822B9703C91482

SSDEEP:

3:N8bZIQ4DGGAWMCun:2yQ4DRgCu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2796)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2796"C:\Program Files\Internet Explorer\iexplore.exe" "https://cch.sharefileu873access.live/?"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2972"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2796 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
15 564
Read events
15 431
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
16
Text files
81
Unknown types
16

Dropped files

PID
Process
Filename
Type
2796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8Fder
MD5:406B3F4C3DCB12AC7EE515803CDBACCF
SHA256:824B08BB5371B3583F45B4C08037EDC08B30860079D8A6EA5DBEE813BC7625CA
2972iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4Fder
MD5:673EBC6BD420C2311ED712DEAFC5E744
SHA256:7E2C61C3A97760BB147863EF5B32476E7AD40281C49F88F96B626987CF87DAA8
2796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:76C9F5816A03AF573FCE6ABFC69480B2
SHA256:420FAD3AD9262A6BB0F8D32D30699ADF2233E699EFE388319FF2BAE3667775C0
2972iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62der
MD5:EB19CBFE637C0A59949CA807857597E5
SHA256:00405163103E7DB1F69EF767175401AA85B0D855C2BC4D9FFFD452F7C4A553EA
2972iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DD67A6ACEDD9C8CE0EAB2D2546FA1D77der
MD5:82034DF19D2D808AEC1B4363C9430839
SHA256:7DAE8D42F02D2E03EE6937E9973E3160BD6080E4998D463897F8F2D22D6FF7B1
2796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8Fbinary
MD5:987829AA50510AE1D3C60E2D65FDD7A5
SHA256:52B190E8AC60A6A11B63C3AB125D472B034D1E3D5D1DD0D8ABB0DF88AEB88233
2972iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:675798D86EA3F2491C5EDD32BCB1573E
SHA256:BC69467B31BB802921362C5424BB31F8A5496512E838A4F58A4484C10E4D1FE5
2972iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894der
MD5:EAA4DCE3EAE1609F49EBAE7323D80FEF
SHA256:DF398498CCD10951E5B64A54A0D10547E36A78D1CBCA6369EE8AABC83363AD83
2796iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2972iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DD67A6ACEDD9C8CE0EAB2D2546FA1D77binary
MD5:6731E55A8BD2193800EE4B2FAC8FCC28
SHA256:E854ED36EFFB62C733D24D7635F93821AEFA0A460C15237E7F9ADB75F09239B8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
49
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2972
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?1b946f80c2af1f78
US
compressed
61.4 Kb
whitelisted
2972
iexplore.exe
GET
200
23.55.163.48:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRJ4Cej5rMIxLrrBzOr%2FTmzzA%3D%3D
US
der
503 b
shared
2796
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/Omniroot2025.crl
US
der
7.78 Kb
whitelisted
2972
iexplore.exe
GET
200
13.32.23.69:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
2972
iexplore.exe
GET
200
13.225.84.97:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
2972
iexplore.exe
GET
200
52.222.250.174:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
2796
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
2972
iexplore.exe
GET
200
184.24.9.54:80
http://x1.c.lencr.org/
DE
der
717 b
whitelisted
2796
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?54d1ef69a06bc672
US
compressed
4.70 Kb
whitelisted
2796
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2796
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
2972
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
2972
iexplore.exe
172.81.41.166:443
DEDIPATH-LLC
US
unknown
2796
iexplore.exe
131.253.33.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2796
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
2972
iexplore.exe
184.24.9.54:80
x1.c.lencr.org
AKAMAI-AS
DE
unknown
2972
iexplore.exe
23.55.163.48:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
2796
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted
2972
iexplore.exe
13.32.23.69:80
ocsp.rootg2.amazontrust.com
AMAZON-02
US
whitelisted
2972
iexplore.exe
143.204.55.34:443
brave.com
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
crl3.digicert.com
  • 93.184.220.29
whitelisted
x1.c.lencr.org
  • 184.24.9.54
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
r3.o.lencr.org
  • 23.55.163.48
  • 23.55.163.58
shared
brave.com
  • 143.204.55.34
  • 143.204.55.40
  • 143.204.55.85
  • 143.204.55.116
whitelisted

Threats

No threats detected
No debug info