analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&adHeight=167&adWidth=220&adType=live&autoplay=false&showvideo=false&hn=fap247.com&AFNO=1-332

Full analysis: https://app.any.run/tasks/21cc3da6-cb9e-4fe1-bb4b-eff88594330f
Verdict: Malicious activity
Analysis date: April 11, 2022, 10:22:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

E05470D315C0C2FA0D0B0DBF96632C1C

SHA1:

B049E516D706752B30BD6F18643CF62C2F4070EA

SHA256:

1A998A092469FC3AF2A8EE93E65BEBBFFE7BD3EC336702F5DC9E9055EECD5990

SSDEEP:

3:N8IPIRfrVYDoQSYUD7JdtsHxBpwrvEEz2JWmKKSA2DDEYmZuEVX0yKxWWX:2IAlrVjQA5gpwrvEEzuj34CZL+yKxWQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 1260)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 1260)
      • iexplore.exe (PID: 2940)

    • Checks supported languages

      • iexplore.exe (PID: 2940)
      • iexplore.exe (PID: 1260)

    • Application launched itself

      • iexplore.exe (PID: 2940)

    • Changes internet zones settings

      • iexplore.exe (PID: 2940)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1260)
      • iexplore.exe (PID: 2940)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2940)

    • Creates files in the user directory

      • iexplore.exe (PID: 1260)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1260)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2940)
      • iexplore.exe (PID: 1260)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2940"C:\Program Files\Internet Explorer\iexplore.exe" "https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&adHeight=167&adWidth=220&adType=live&autoplay=false&showvideo=false&hn=fap247.com&AFNO=1-332"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
1260"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2940 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
16 581
Read events
16 451
Write events
128
Delete events
2

Modification events

(PID) Process:(2940) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2940) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
549205584
(PID) Process:(2940) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30952846
(PID) Process:(2940) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
849206834
(PID) Process:(2940) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30952846
(PID) Process:(2940) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2940) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2940) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2940) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2940) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
17
Text files
20
Unknown types
11

Dropped files

PID
Process
Filename
Type
1260iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab719D.tmpcompressed
MD5:637481DF32351129E60560D5A5C100B5
SHA256:1F1029D94CA4656A577D554CEDD79D447658F475AF08620084897A5523587052
1260iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab720C.tmpcompressed
MD5:637481DF32351129E60560D5A5C100B5
SHA256:1F1029D94CA4656A577D554CEDD79D447658F475AF08620084897A5523587052
1260iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\I0FWDLN9.txttext
MD5:5443D15C85A29FCE2868578FA5328935
SHA256:EB3BD5C53E233600C9F67403BCBCCC15FEF5B7F39EF1B009A5B210E9A8CC533F
1260iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:637481DF32351129E60560D5A5C100B5
SHA256:1F1029D94CA4656A577D554CEDD79D447658F475AF08620084897A5523587052
1260iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:D2EB7EBB8E7F20376062EC307666D057
SHA256:86E61E34ABA41A6E86E62F8AE136261558EA3FD23CA8A92CB866614EC1C7F713
1260iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar719E.tmpcat
MD5:30644DA711C99BE812B06023C163B751
SHA256:96DBA3D67364C1E75DAB241D4A023B48F4D6453F495175B210F525E930CF144B
2940iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:76339F659D85EFF131A4EA4176C1D516
SHA256:4066793693E0C47453C0AA60EB8476CB63A95C57260EC1C63A7E58FEA44311C2
1260iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\if[1].htmhtml
MD5:054A5320B7498A2D26D9E332B9BD34C1
SHA256:AA3E9EA3F5853F329F492C6E486A68DA9F4BB200E5A11EB5F469A5ECA8347131
1260iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZAAGPZK7.txttext
MD5:F10A4ADAE128C76C3119CB42CEEDC82A
SHA256:AC97EF15DFF19116BAF3AF9CD8F95063DA8F63806AFBE986794D956D910E9EDA
1260iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar720D.tmpcat
MD5:30644DA711C99BE812B06023C163B751
SHA256:96DBA3D67364C1E75DAB241D4A023B48F4D6453F495175B210F525E930CF144B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
34
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1260
iexplore.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGYpOxyatdouCgAAAAE7fWo%3D
US
der
471 b
whitelisted
2940
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
1260
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
1260
iexplore.exe
GET
200
96.16.145.230:80
http://x1.c.lencr.org/
US
der
717 b
whitelisted
1260
iexplore.exe
GET
200
13.107.4.50:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?850bb0a6b3598978
US
compressed
59.5 Kb
whitelisted
2940
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
1260
iexplore.exe
GET
200
13.107.4.50:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f83adfe78db3b9c4
US
compressed
59.5 Kb
whitelisted
1260
iexplore.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
1260
iexplore.exe
GET
200
13.107.4.50:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ee9ae75bb11ca33f
US
compressed
4.70 Kb
whitelisted
1260
iexplore.exe
GET
200
13.107.4.50:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c64db0a27a6e4333
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2940
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2940
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
1260
iexplore.exe
13.107.4.50:80
ctldl.windowsupdate.com
Microsoft Corporation
US
whitelisted
1260
iexplore.exe
96.16.145.230:80
x1.c.lencr.org
Akamai Technologies, Inc.
US
suspicious
1260
iexplore.exe
216.127.52.242:443
as.sexad.net
Accretive Networks
US
unknown
1260
iexplore.exe
69.16.175.42:443
m.sancdn.net
Highwinds Network Group, Inc.
US
malicious
1260
iexplore.exe
172.64.155.188:80
ocsp.comodoca.com
US
suspicious
1260
iexplore.exe
207.178.0.89:443
m1.nsimg.net
Accretive Networks
US
unknown
1260
iexplore.exe
142.250.185.174:443
www.google-analytics.com
Google Inc.
US
whitelisted
2940
iexplore.exe
96.16.145.230:80
x1.c.lencr.org
Akamai Technologies, Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
as.sexad.net
  • 216.127.52.242
  • 216.127.52.241
unknown
ctldl.windowsupdate.com
  • 13.107.4.50
whitelisted
x1.c.lencr.org
  • 96.16.145.230
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
m.sancdn.net
  • 69.16.175.42
  • 69.16.175.10
whitelisted
m1.nsimg.net
  • 207.178.0.89
  • 207.178.0.91
  • 207.178.0.87
  • 207.178.0.86
whitelisted
code.jquery.com
  • 69.16.175.10
  • 69.16.175.42
whitelisted
ocsp.comodoca.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://as.sexad.net/as/if?p=reseller&w=1&h=1&v=5104&adHeight=167&adWidth=220&adType=live&autoplay=false&showvideo=false&hn=fap247.com&AFNO=1-332