URL:

younetu.org

Full analysis: https://app.any.run/tasks/5b57ded0-b58b-4cde-b74d-9600115b6c8a
Verdict: Malicious activity
Analysis date: July 22, 2024, 08:16:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

9C71C61F3D21812ECCC298813AE58ED8

SHA1:

25ECF3A089D1E714FD404CF7A6770715A11C0D1B

SHA256:

1931AFBBE23A888325098365C53F012EF34C73ADDD7A20CE5205B5948641C642

SSDEEP:

3:7QLA2oCn:XCn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • The process uses the downloaded file

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 3692)

    • Application launched itself

      • iexplore.exe (PID: 3424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_32_0_0_453_activex.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3268"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3396"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3424 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3424"C:\Program Files\Internet Explorer\iexplore.exe" "younetu.org"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3692C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -EmbeddingC:\Windows\System32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 32.0 r0
Version:
32,0,0,453
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_32_0_0_453_activex.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
25 616
Read events
25 507
Write events
91
Delete events
18

Modification events

(PID) Process:(3424) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3424) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3424) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31120399
(PID) Process:(3424) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3424) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31120399
(PID) Process:(3424) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3424) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3424) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3424) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3424) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
112
Text files
426
Unknown types
11

Dropped files

PID
Process
Filename
Type
3396iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:7827EE85D68481BB17F25FB002DAE97E
SHA256:CB5675E02FC794F8C9952289D795CED7C11CA6046FC5B7EA3778FEA58FCC1269
3396iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:1BFE0A81DB078EA084FF82FE545176FE
SHA256:5BA8817F13EEE00E75158BAD93076AB474A068C6B52686579E0F728FDA68499F
3396iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ZAEM00KA.htmtext
MD5:FDA44910DEB1A460BE4AC5D56D61D837
SHA256:933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
3396iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\0Y79UUO4.htmhtml
MD5:0104C301C5E02BD6148B8703D19B3A73
SHA256:446A6087825FA73EADB045E5A2E9E2ADF7DF241B571228187728191D961DDA1F
3396iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:8E557E85F5A050C0B82A61E50F538EE0
SHA256:2C4CA9525CDC64D586D4763A00C0B06DAB632F586243AFEDA75D7C5E544DC46F
3396iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4Fbinary
MD5:94BE0E859FE5F6EC0A3C2B8FACAD8DBC
SHA256:5C6AD7CBA9B5CE19CFE7465D631B1CE4DFEFB05A5EA09B905E1B38A28EF191F1
3396iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:7FB5FA1534DCF77F2125B2403B30A0EE
SHA256:33A39E9EC2133230533A686EC43760026E014A3828C703707ACBC150FE40FD6F
3396iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:F8B5ED3CB90D61B70BDEE64FCA22814F
SHA256:BA7AD7C0DA00FAF638EA1AAA49B930880707051529CC71C5E1688ACF36715DF7
3396iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\SM7BU39G.htmhtml
MD5:E0626CF525CDF26AEB076A46B90A5FDE
SHA256:28266EA85625E6C79444E00FE1086299074ED22ECB0F0D66645878BB54731D91
3396iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8F8712BCE78D28F9C5E3E950CD93EADA_88AC4858D0564F7F097CDB0BBCC4E4A9binary
MD5:FA5514DF64D58B32CAC8E94A290DD538
SHA256:AD5F6CDAE920C96C1B280D95C1B81F1E91D538996A85A411140303DAB52231CA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
93
TCP/UDP connections
185
DNS requests
53
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3396
iexplore.exe
GET
200
43.152.26.209:80
http://i3.itc.cn/20150824/34b0_5d2abeab_e780_9619_9848_f536757fed74_1.jpg
unknown
malicious
3396
iexplore.exe
GET
200
47.246.46.229:80
http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSmVYFXwi%2FRq9wx3PKhB8lC%2FFYUyAQUkZ9eMRWuEJ%2BtYMH3wcyqSDQvDCYCEA69iyPk48fwGvqgzK5aqeY%3D
unknown
whitelisted
3396
iexplore.exe
GET
200
101.33.20.163:80
http://i0.itc.cn/20151009/34b0_dca9af64_6242_1edd_4d43_ed75804abef5_1.jpg
unknown
malicious
3396
iexplore.exe
GET
301
188.114.96.3:80
http://younetu.org/
unknown
whitelisted
3396
iexplore.exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1948eae40a363731
unknown
whitelisted
3396
iexplore.exe
GET
200
172.217.16.131:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
3396
iexplore.exe
GET
200
172.217.16.131:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
3396
iexplore.exe
GET
200
47.246.46.229:80
http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAoEcNCWvIoSyJCm34Ju7Es%3D
unknown
whitelisted
3396
iexplore.exe
GET
200
47.246.46.229:80
http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSmVYFXwi%2FRq9wx3PKhB8lC%2FFYUyAQUkZ9eMRWuEJ%2BtYMH3wcyqSDQvDCYCEA%2FTTmkOYBcvKv8sd6BrFuM%3D
unknown
whitelisted
3396
iexplore.exe
GET
200
47.246.46.229:80
http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSmVYFXwi%2FRq9wx3PKhB8lC%2FFYUyAQUkZ9eMRWuEJ%2BtYMH3wcyqSDQvDCYCEAJ%2BYV%2FN5W2THg4NuR8pUi8%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3396
iexplore.exe
188.114.96.3:80
younetu.org
CLOUDFLARENET
NL
unknown
3396
iexplore.exe
188.114.96.3:443
younetu.org
CLOUDFLARENET
NL
unknown
3396
iexplore.exe
199.232.210.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
3396
iexplore.exe
172.217.16.131:80
c.pki.goog
GOOGLE
US
whitelisted
3396
iexplore.exe
52.175.9.163:443
www.56.com
MICROSOFT-CORP-MSN-AS-BLOCK
HK
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
whitelisted
younetu.org
  • 188.114.96.3
  • 188.114.97.3
unknown
ctldl.windowsupdate.com
  • 199.232.210.172
  • 199.232.214.172
  • 93.184.221.240
whitelisted
c.pki.goog
  • 172.217.16.131
whitelisted
www.56.com
  • 52.175.9.163
  • 13.75.75.123
whitelisted
ocsp.dcocsp.cn
  • 47.246.46.229
  • 47.246.46.231
  • 47.246.46.232
  • 47.246.46.230
  • 47.246.46.226
  • 47.246.46.225
  • 47.246.46.227
  • 47.246.46.228
whitelisted
s2.56img.com
  • 174.35.118.62
whitelisted
css.tv.itc.cn
  • 163.181.131.209
  • 163.181.131.210
  • 163.181.131.211
  • 163.181.131.212
  • 163.181.131.215
  • 163.181.131.216
  • 163.181.131.217
  • 163.181.131.208
whitelisted
js.tv.itc.cn
  • 174.35.118.62
  • 138.113.101.12
malicious
s1.56img.com
  • 174.35.118.62
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
younetu.org