analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/7c97695b-a49b-4b40-8302-e0504629f684
Verdict: Malicious activity
Analysis date: July 11, 2019, 12:59:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5:

E5808FD7F8E8C3BF08009E9D7D5AF6A7

SHA1:

730C65EB1B5B6A177C7E99441E2006B27620A3CA

SHA256:

21FF6CA3191AD68E3CDEF5A37C7C80FC8626901D303C6453CE58247D261DD206

SSDEEP:

1536:RmatWOMTe1Z4g5RcxoIt7KBG9LVK/RWQF0mCVk+Wd+zfDIl5lYlSdRwbcjp1UiEz:Mat4asg5RcxoI3NQ8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3220)
    • Changes internet zones settings

      • iexplore.exe (PID: 3220)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3640)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3640)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3640)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3640)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3640)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

msapplicationTileImage: https://www.monstersandcritics.com/wp-content/uploads/2019/05/cropped-monsters-critics-favicon-270x270.png
googleSiteVerification: W0V7_Td7mscUYxsJwzRBhIxHF4JB2PnzdGVKDImP54o
pDomain_verify: 9abcc0658f1dd4ad8d86a2c33eba0388
yandexVerification: 6815810b2d0860d5
msvalidate01: FC5F72F19A1E2E2C7CBE2DD4BE5D8177
Description: Entertainment news — TV, celebrity, anime, soap operas, true crime, movies, sport, music and more. Visit Monsters and Critics for all the latest!
Title: Monsters and Critics - Entertainment news
viewport: width=device-width, initial-scale=1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3220"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3640"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3220 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
473
Read events
395
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
71
Unknown types
4

Dropped files

PID
Process
Filename
Type
3220iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
MD5:
SHA256:
3220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3640iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\The-Flash-Killer-Frost-500x280[1].jpgimage
MD5:D6C14203EBB0E71B4D6FE302B83E7F0C
SHA256:342211CB350AFEF63B0CB5BE107D5962D1557E7422E66DB7C94EF6BC7CE1AB2A
3640iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\Jack-And-Analyse-On-BB21-500x280[1].jpgimage
MD5:8B3C9FC00B6D11A589821C63C51E9BA8
SHA256:4DB4C0FFAF2FC1779F01C71DA807C5CD5D37BC7908B2C1B84FB602083575CDFC
3640iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\style[1].csstext
MD5:5C74F607A2DC59FA17751484BE46FA23
SHA256:EAE99A45FBB7145ECD74293033610AFFA49CACDB7E75D2CC6BFDA0C98DBF85E7
3640iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\Angela-And-Tyler-On-BB20-1000x562[1].jpgimage
MD5:A092E3C6F9B6FAB2EF9D8E124A704967
SHA256:0CE743EABC31A1864598EDED69781AADFF228E5F7A35CBA28BD411F03D5268E9
3640iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\saswp-style[1].csstext
MD5:E222A88D73A0FDC591275F481B0F690A
SHA256:D969F26EFFA83C8DD142A2DC99BC87431FEB50C571BF6C080EC66062508D0038
3640iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\Tyler-Crispen-On-BB20-500x280[1].jpgimage
MD5:9939031920A86F7B062B7DD7DA01AEF1
SHA256:98C8DDF98FFC7246D2DB2DA2CD0CAF5944790DE80241E8FBF5943F64C3155578
3640iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\Jill-YR-500x280[1].jpgimage
MD5:97F786E12255376C2AE1D555EBDA7199
SHA256:7414B8210E37102713767FCF0F422B116D2F8B8BD79E1BCE684E0EA9C6F26672
3640iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\cv[1].csstext
MD5:81192634D2323AA8582B7B7EF4B1AE09
SHA256:125627D7101989249074FAC34B64348E685B31E1D9E6551ADCAC929A592800B7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
16
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3220
iexplore.exe
GET
200
13.107.21.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
151.139.128.10:137
cdn.intergi.com
Highwinds Network Group, Inc.
US
malicious
3640
iexplore.exe
151.139.237.11:443
cdn.rawgit.com
netDNA
US
suspicious
4
System
151.139.128.10:445
cdn.intergi.com
Highwinds Network Group, Inc.
US
malicious
3220
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3220
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3640
iexplore.exe
104.27.171.84:443
www.monstersandcritics.com
Cloudflare Inc
US
shared
3640
iexplore.exe
104.27.170.84:443
www.monstersandcritics.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
cdn.rawgit.com
  • 151.139.237.11
whitelisted
www.monstersandcritics.com
  • 104.27.171.84
  • 104.27.170.84
suspicious
cdn.intergi.com
  • 151.139.128.10
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted

Threats

No threats detected
No debug info