analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://links.mail.quotevista.com/u/click?_t=ddf7d292dc214d15a4fa0605b12fd48d&_m=7a14aa3bb80044ab9d8c012db4a61edf&_e=0kjP0r53ltRkz1iEk76ipJl_gPOLOtWz3OhzdQeihJwJCKOBu9S7TQfwyHpDz8dt7aH-eGmZFjy9UKQ3JZixaAM9gVuU8nQZZ5ZaOCbfgx1WqTIT4Mhuwmt4139r4nRrvOOCea5uPEiIakHdjEJlhnMyN_O_LbYMSey6oJrp7min0I1BJicBKtYgG8m7fdiRetLOgWIauBpJAYmgaDQqkXLPQyIUCOMaU_1WzP2Feg_ybKW9SjgbV-QEQiB8aMQiVYsgbqbpdkWieO_U7vBlsKDJWnDo9sZnfVtWUU0LeMgyLUJVpjcT3HukVtH8vgw0G7h2hdGTis4wrueyt4LIP1eYw8m5XL1ybfTd-lzXC3v-913cPRZoT9c9_kkeHH8YB5rcWX_rBzAzE6nVOeqeww%3D%3D

Full analysis: https://app.any.run/tasks/6fc8f528-e3fb-440e-b2f8-1c46bf304d0b
Verdict: Malicious activity
Analysis date: January 14, 2022, 21:35:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
Indicators:
MD5:

ACD3F24B31F7CD8D9FCFE9A542BBFB42

SHA1:

4968A89B9CB4DB68BCDB067F741F26C5262E2405

SHA256:

227BE9044AB0002C9578841F0926BD2F86D73F382B655ED89CB3C736AC28E1C2

SSDEEP:

12:Vy5I3amUyPf0AYFZBFUv2mlg/o0Y5ccaJebODUJQ/BAm:VwKamz0AYFyv21/o0UaSxwBAm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 1940)
      • iexplore.exe (PID: 888)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 3740)
      • iexplore.exe (PID: 1940)
      • hh.exe (PID: 3948)
      • iexplore.exe (PID: 888)
    • Reads the computer name

      • iexplore.exe (PID: 3740)
      • iexplore.exe (PID: 1940)
      • hh.exe (PID: 3948)
      • iexplore.exe (PID: 888)
    • Changes internet zones settings

      • iexplore.exe (PID: 3740)
    • Application launched itself

      • iexplore.exe (PID: 3740)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 1940)
      • iexplore.exe (PID: 3740)
      • iexplore.exe (PID: 888)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1940)
      • iexplore.exe (PID: 3740)
      • iexplore.exe (PID: 888)
    • Reads internet explorer settings

      • iexplore.exe (PID: 1940)
      • iexplore.exe (PID: 888)
    • Creates files in the user directory

      • iexplore.exe (PID: 1940)
      • iexplore.exe (PID: 888)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3740)
    • Manual execution by user

      • hh.exe (PID: 3948)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe hh.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3740"C:\Program Files\Internet Explorer\iexplore.exe" "http://links.mail.quotevista.com/u/click?_t=ddf7d292dc214d15a4fa0605b12fd48d&_m=7a14aa3bb80044ab9d8c012db4a61edf&_e=0kjP0r53ltRkz1iEk76ipJl_gPOLOtWz3OhzdQeihJwJCKOBu9S7TQfwyHpDz8dt7aH-eGmZFjy9UKQ3JZixaAM9gVuU8nQZZ5ZaOCbfgx1WqTIT4Mhuwmt4139r4nRrvOOCea5uPEiIakHdjEJlhnMyN_O_LbYMSey6oJrp7min0I1BJicBKtYgG8m7fdiRetLOgWIauBpJAYmgaDQqkXLPQyIUCOMaU_1WzP2Feg_ybKW9SjgbV-QEQiB8aMQiVYsgbqbpdkWieO_U7vBlsKDJWnDo9sZnfVtWUU0LeMgyLUJVpjcT3HukVtH8vgw0G7h2hdGTis4wrueyt4LIP1eYw8m5XL1ybfTd-lzXC3v-913cPRZoT9c9_kkeHH8YB5rcWX_rBzAzE6nVOeqeww%3D%3D"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
1940"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3740 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3948"C:\Windows\hh.exe" C:\Windows\hh.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft� HTML Help Executable
Exit code:
4294967295
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\hh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\hhctrl.ocx
c:\windows\system32\user32.dll
888"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3740 CREDAT:595215 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
25 890
Read events
25 469
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
43
Text files
165
Unknown types
189

Dropped files

PID
Process
Filename
Type
1940iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:C8142EBEE6B2863AD6F3D72B5CB36382
SHA256:7066DD8C95D7A4336065224263595E58AB7483C60BE77A3977F466FEF004EDA3
1940iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:54E9306F95F32E50CCD58AF19753D929
SHA256:45F94DCEB18A8F738A26DA09CE4558995A4FE02B971882E8116FC9B59813BB72
1940iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCYMIAJA.txttext
MD5:1784F1D76C3A700F95E05730BF729008
SHA256:612266AB23192EAAEB0E900AC0046464285283CA41D754E9E71C497C9EAC635A
1940iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\xxc3xx[1].htmhtml
MD5:14AC68983B7286BEFB29DB753A1382A3
SHA256:73D76B7CEFC771D9D8307C308F43641F3736101069DF57E2CBA944327431CA53
1940iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:C08B45A604EF79F58D8D0A197127A79B
SHA256:7B375CBCAD7690FC6CF0864C3D1871F8CDA5303DD12D73653D4A0BD55BEA6BDA
1940iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\NUFVLZQ1.txttext
MD5:7E67722295C7215F1AC81E9CDE13142C
SHA256:04415613D0B174CE67940C4E6E517D8F0F017B54A0C44DF6950250D8B7573D99
1940iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\JRHR970M.txttext
MD5:AF15CBEF68D561030D799678BAE4FA90
SHA256:CB0AF82A3C5C84A3F7D69B4898A3412922FC21CC56DB928E02D1F0DF5D71F2C4
1940iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\392KGMB0.txttext
MD5:6A94786E01E869DA5F6951F4AE6C5A76
SHA256:8F84F3E642D965455B8E8E58F85A26DF9A133BECB564C86691F4047669E223A0
1940iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BF9051E61AC4938A2069463AEEE50E9Dbinary
MD5:34482DDD22F291CDF7EC756789E1B6E5
SHA256:CF6C33C5E47BA0E287B15F5E781DBC0B80E0265F2358AE7AA6960BE1ABCDA8B8
1940iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarCEA3.tmpcat
MD5:D99661D0893A52A0700B8AE68457351A
SHA256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
139
DNS requests
57
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1940
iexplore.exe
GET
303
35.153.212.150:80
http://links.mail.quotevista.com/u/click?_t=ddf7d292dc214d15a4fa0605b12fd48d&_m=7a14aa3bb80044ab9d8c012db4a61edf&_e=0kjP0r53ltRkz1iEk76ipJl_gPOLOtWz3OhzdQeihJwJCKOBu9S7TQfwyHpDz8dt7aH-eGmZFjy9UKQ3JZixaAM9gVuU8nQZZ5ZaOCbfgx1WqTIT4Mhuwmt4139r4nRrvOOCea5uPEiIakHdjEJlhnMyN_O_LbYMSey6oJrp7min0I1BJicBKtYgG8m7fdiRetLOgWIauBpJAYmgaDQqkXLPQyIUCOMaU_1WzP2Feg_ybKW9SjgbV-QEQiB8aMQiVYsgbqbpdkWieO_U7vBlsKDJWnDo9sZnfVtWUU0LeMgyLUJVpjcT3HukVtH8vgw0G7h2hdGTis4wrueyt4LIP1eYw8m5XL1ybfTd-lzXC3v-913cPRZoT9c9_kkeHH8YB5rcWX_rBzAzE6nVOeqeww%3D%3D
US
unknown
1940
iexplore.exe
GET
200
104.18.30.182:80
http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY
US
der
728 b
whitelisted
1940
iexplore.exe
GET
200
23.45.105.185:80
http://x1.c.lencr.org/
NL
der
717 b
whitelisted
1940
iexplore.exe
GET
200
2.16.186.120:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNkv9aAdnzB%2B%2BZvkNNTS8NLIw%3D%3D
unknown
der
503 b
shared
1940
iexplore.exe
GET
200
193.239.87.59:80
http://usawildseafood.com/wp-content/uploads/2020/07/dsc01652-2-498-2-1024x683.jpg
unknown
image
77.7 Kb
unknown
3740
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
1940
iexplore.exe
GET
200
104.18.30.182:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEGfe9D7xe9riT%2FWUBgbSwIQ%3D
US
der
471 b
whitelisted
1940
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCAnDacZA1UWwoAAAABJ9nq
US
der
472 b
whitelisted
1940
iexplore.exe
GET
200
2.16.106.186:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c7e1f7930a058e5f
unknown
compressed
59.9 Kb
whitelisted
1940
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1940
iexplore.exe
193.239.87.59:443
usawildseafood.com
unknown
1940
iexplore.exe
104.18.30.182:80
Cloudflare Inc
US
suspicious
1940
iexplore.exe
2.16.106.186:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
1940
iexplore.exe
2.16.186.120:80
r3.o.lencr.org
Akamai International B.V.
whitelisted
1940
iexplore.exe
35.153.212.150:80
links.mail.quotevista.com
US
unknown
1940
iexplore.exe
199.167.130.114:443
www.phiturtip.com
Media-Hosts Inc.
CA
unknown
1940
iexplore.exe
23.45.105.185:80
x1.c.lencr.org
Akamai International B.V.
NL
unknown
1940
iexplore.exe
142.250.185.238:443
www.googleoptimize.com
Google Inc.
US
whitelisted
3740
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3740
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
links.mail.quotevista.com
  • 35.153.212.150
  • 54.144.163.158
  • 52.6.165.74
unknown
www.phiturtip.com
  • 199.167.130.114
unknown
ctldl.windowsupdate.com
  • 2.16.106.186
  • 2.16.106.171
whitelisted
x1.c.lencr.org
  • 23.45.105.185
whitelisted
r3.o.lencr.org
  • 2.16.186.120
  • 2.16.186.65
  • 2.16.186.114
  • 2.16.186.82
  • 2.16.186.43
  • 2.16.186.57
  • 2.16.186.59
  • 2.16.186.74
  • 2.16.186.66
  • 2.16.186.8
  • 2.16.186.27
  • 2.16.186.9
shared
usawildseafood.com
  • 193.239.87.59
unknown
ocsp.comodoca.com
  • 34.120.103.20
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted

Threats

No threats detected
No debug info