URL:

https://drive.google.com/file/d/1PPQeNkQdK0YV0P4UFQ6An0lELRil-FGO/view?usp=drivesdk

Full analysis: https://app.any.run/tasks/553620b1-26fe-4ca0-91aa-ae38d0f2bd04
Verdict: Malicious activity
Analysis date: December 06, 2022, 06:09:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
phishing
Indicators:
MD5:

CBFEBC95758776051B4619344D72993D

SHA1:

8ACB6AB27CD2EC792F59566D2F6C9E18885B9CA0

SHA256:

1B6B1A1A216B5E81D6FF499C9EABC2E5000FEDB59CD5B8C926829905968E12F9

SSDEEP:

3:N8PMMtZJuloP10ObBaSoVm8GqrMZ:2A6W3ro

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2884"C:\Program Files\Internet Explorer\iexplore.exe" "https://drive.google.com/file/d/1PPQeNkQdK0YV0P4UFQ6An0lELRil-FGO/view?usp=drivesdk"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
404"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2884 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3060"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2884 CREDAT:2233606 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
21 666
Read events
21 495
Write events
169
Delete events
2

Modification events

(PID) Process:(2884) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2884) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(2884) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31000889
(PID) Process:(2884) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(2884) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31000889
(PID) Process:(2884) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2884) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2884) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2884) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2884) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
19
Text files
23
Unknown types
23

Dropped files

PID
Process
Filename
Type
2884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:57EC3AFCD752C50EB3FD0687309DE7EB
SHA256:8E7020CE8F966A288DB68A3AF57AA558DB7DBBBB761B11E7590BC4BB3B11A72B
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAder
MD5:F569E1D183B84E8078DC456192127536
SHA256:287BC80237497EB8681DBF136A56CC3870DD5BD12D48051525A280AE62AAB413
2884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442binary
MD5:2FAAD7B19F4CECF5CB0AE294DA4765E6
SHA256:A82E23C8881210C558D577300DD479880285DEF8AEAAE9C252EFE347138C42CB
404iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\view[1].htmhtml
MD5:644702FF79B21ABE5E144214386E43B4
SHA256:9D709D737347C4DBEF5763AD32793652E40D67BB8BDDBBE7CB573A09E81234BE
2884iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
404iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ENUKEW6Z.txttext
MD5:49A3D9A1618135AFF7A42C23912AD673
SHA256:ECC336307224239595884697E80726B8F4C812F76B62FFD9D444B12C6D8BC694
2884iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:8AEBB4D1B0643B1E98360CA771A0751C
SHA256:AE5B157D56DD464FF42D50F16975F742D8EF4CE254C1511BAD4206A613120AA0
2884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:503AD061073A29CEE4CB12D552F6A5B3
SHA256:D2A97423F8B71CA1DAAC39F8A037DCA022303C1ADFBD49995EFF3B36AFFF33F9
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_DD5E18651A85E635F184F73BE6D3DB70binary
MD5:E9B065C0F80DA91B1531BF9F101AC44A
SHA256:2D05D12AAEB313F56B5D68EDCA5C705308D46D1C6A5E77108F38C9C111887A35
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
63
DNS requests
21
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2884
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?eb41329bbe76b0ca
US
compressed
4.70 Kb
whitelisted
2884
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
404
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
404
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDuZCz4OZecyRJCVianxG0K
US
der
472 b
whitelisted
2884
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4f887d6c890572aa
US
compressed
4.70 Kb
whitelisted
404
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
404
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDUF49VMilPuBJwnl%2BfiT%2F2
US
der
472 b
whitelisted
404
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDreCS75DAIaRKqvCi%2FvL9c
US
der
472 b
whitelisted
404
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEDejdAQ7UBE6Ct8fg%2B1yUio%3D
US
der
471 b
whitelisted
404
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCd7DNOyxVl1ArVUrrIgf3k
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2884
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
2884
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2884
iexplore.exe
13.107.21.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
404
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
404
iexplore.exe
142.250.185.227:80
ocsp.pki.goog
GOOGLE
US
whitelisted
404
iexplore.exe
172.217.23.99:443
www.gstatic.com
GOOGLE
US
whitelisted
404
iexplore.exe
142.250.185.131:443
fonts.gstatic.com
GOOGLE
US
whitelisted
404
iexplore.exe
142.250.186.138:443
fonts.googleapis.com
GOOGLE
US
whitelisted
404
iexplore.exe
142.250.186.174:443
play.google.com
GOOGLE
US
whitelisted
404
iexplore.exe
142.250.185.174:443
apis.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
ocsp.pki.goog
  • 142.250.185.227
whitelisted
fonts.googleapis.com
  • 142.250.186.138
whitelisted
www.gstatic.com
  • 172.217.23.99
whitelisted
fonts.gstatic.com
  • 142.250.185.131
whitelisted
apis.google.com
  • 142.250.185.174
whitelisted
play.google.com
  • 142.250.186.174
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Suspicious Netlify Hosted DNS Request - Possible Phishing Landing
3060
iexplore.exe
Misc activity
ET INFO Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
3060
iexplore.exe
Misc activity
ET INFO Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
2884
iexplore.exe
Misc activity
ET INFO Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
2884
iexplore.exe
Misc activity
ET INFO Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
No debug info