URL:

http://proxad.net

Full analysis: https://app.any.run/tasks/1a0e435a-2086-4c7c-a5e6-5cf0bef33572
Verdict: Malicious activity
Analysis date: February 13, 2022, 08:50:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C839A06D199D500D145842A3838C9C51

SHA1:

E5BB2D2591402CF4C64761A643631408C0F36D3B

SHA256:

1F8A02B76F0C65E9BACB65F965A414DFC7EEB10B49831A6712F4D4658F0427DA

SSDEEP:

3:N1KOXGW0Rn:COXKR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3860)

  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 3860)
      • iexplore.exe (PID: 1256)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3860)
      • iexplore.exe (PID: 1256)

    • Reads the computer name

      • iexplore.exe (PID: 3860)
      • iexplore.exe (PID: 1256)

    • Changes internet zones settings

      • iexplore.exe (PID: 1256)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3860)

    • Application launched itself

      • iexplore.exe (PID: 1256)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1256)
      • iexplore.exe (PID: 3860)

    • Creates files in the user directory

      • iexplore.exe (PID: 3860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1256"C:\Program Files\Internet Explorer\iexplore.exe" "http://proxad.net"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3860"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1256 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
14
Text files
78
Unknown types
10

Dropped files

PID
Process
Filename
Type
1256iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:1BE9041F6DB1EC0B306FEAA9B82A4979
SHA256:DFCCDBB22670BF243EF4C23CD89CC77EF4E1C3E671777642801EA9F758CA1975
3860iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\cb1608f2-f6700b83bbb828afdecf[1].jstext
MD5:5E639C5E54DEAEB786230F7B8B2EFA6A
SHA256:3678A79036714235513C5A648C4A0F15E2D35AE2E3777DB0EDE7120C551BE1C5
3860iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\fonts[1].csstext
MD5:8D7980011B129D55717310FE9393C1EC
SHA256:273BC52088B714E24D1361B5C139E35D889A273B1956CEEA1EB0799BC0C73E8B
3860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\709A8EC0F6D3194AD001E9041914421F_189395B0E38EF700EAC61AE123067D12der
MD5:1F9E8ED3996C695CB01BDC6F58B76057
SHA256:D187B4D1CE10D5355F4109753CD809A219CAA851569559B417E17D03C1AC7991
3860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_86C2A03C133240EC4C95180B9FD368BBder
MD5:081DA8F50C7AA5662C127A93F316E45E
SHA256:D324084A6B7D6BB061440758EE14DFD7820CB7DEBA0042AF145D779F1D2979B3
3860iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\freebox[1].htmhtml
MD5:F1732BAE493D63233EEB50699778E7EB
SHA256:F9891B88758E4381B3FF624120673F68B373AC1BF509BD4075A28ADC121A65A1
1256iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:3706587C87BD23802140BD98B3075606
SHA256:5366513638555B719EE6690167094B4A2D7176A49ED5E0AB32225E0329EA44E0
1256iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:F0FE839B95E1D0765EE6D67E8502B8F4
SHA256:EFC5A991A48B6EECBC838D4337C68DC07391CF87B511C43D12C462454B5A5D3C
3860iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\4cc9c5d6534bb9235beb[1].csstext
MD5:20DA437E6D4DE22C6E1033322953DDB6
SHA256:5FC00DDB3CEB3E9518471D33D61427C029A3C90CD7B41FD19CC045342D8B4021
3860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\709A8EC0F6D3194AD001E9041914421F_189395B0E38EF700EAC61AE123067D12binary
MD5:94B0F130B460BB8AD9437B08125A240B
SHA256:056317253D0020F09CB645C44B452FAA8692B24AF139194FF23CD70840142871
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
31
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3860
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0tOcjGcdlkhVARHvHzj6Qwhh26wQUpI3lvnx55HAjbS4pNK0jWNz1MX8CEAJ0Uzb9GD2gBINyTaScpZQ%3D
US
der
471 b
whitelisted
3860
iexplore.exe
GET
200
99.86.1.226:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
3860
iexplore.exe
GET
200
65.9.58.56:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
3860
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAeYNgOt45kIIZygDCe8imw%3D
US
der
471 b
whitelisted
3860
iexplore.exe
GET
200
104.18.30.182:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
1256
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3860
iexplore.exe
GET
200
104.18.30.182:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
3860
iexplore.exe
GET
200
99.86.1.91:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
1256
iexplore.exe
GET
200
92.123.195.114:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?827d66014578e129
unknown
compressed
4.70 Kb
whitelisted
3860
iexplore.exe
GET
301
212.27.48.10:80
http://proxad.net/
FR
html
185 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3860
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1256
iexplore.exe
92.123.195.114:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
3860
iexplore.exe
104.18.30.182:80
ocsp.comodoca.com
Cloudflare Inc
US
suspicious
1256
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3860
iexplore.exe
212.27.48.10:80
proxad.net
Free SAS
FR
malicious
3860
iexplore.exe
212.27.48.10:443
proxad.net
Free SAS
FR
malicious
3860
iexplore.exe
212.27.48.21:443
analytics.proxad.net
Free SAS
FR
unknown
3860
iexplore.exe
143.204.215.108:443
sdk.privacy-center.org
US
suspicious
1256
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
99.86.1.91:80
ocsp.rootg2.amazontrust.com
AT&T Services, Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
proxad.net
  • 212.27.48.10
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 92.123.195.114
  • 92.123.195.57
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
www.free.fr
  • 212.27.48.10
unknown
analytics.proxad.net
  • 212.27.48.21
unknown
ocsp.comodoca.com
  • 104.18.30.182
  • 104.18.31.182
whitelisted
ocsp.usertrust.com
  • 104.18.30.182
  • 104.18.31.182
whitelisted
sdk.privacy-center.org
  • 143.204.215.108
  • 143.204.215.29
  • 143.204.215.81
  • 143.204.215.37
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://proxad.net