analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| URL: | http://re75.info/share/ |
| Full analysis: | https://app.any.run/tasks/eeabd359-1d12-4cf8-a4f0-12185024763b |
| Verdict: | Malicious activity |
| Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
| Analysis date: | December 06, 2019, 14:36:22 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MD5: | C41A86EA38F78D4CA4064CD6632F136D |
| SHA1: | 791B8F1DCDFD7582113E46F8D0C37639786381D7 |
| SHA256: | 230DF5E811E4AE684A047098F0E00CE767988463FAB8082BB3E9BC9A0D55EC19 |
| SSDEEP: | 3:N1KMg46K3n:CMgTK |
MALICIOUS
Application was dropped or rewritten from another process
- exe[1].exe (PID: 2344)
Downloads executable files from the Internet
- iexplore.exe (PID: 1916)
Loads dropped or rewritten executable
- exe[1].exe (PID: 2344)
SUSPICIOUS
Executable content was dropped or overwritten
- iexplore.exe (PID: 3340)
- iexplore.exe (PID: 1916)
- exe[1].exe (PID: 2344)
Starts CMD.EXE for commands execution
- exe[1].exe (PID: 2344)
INFO
Changes internet zones settings
- iexplore.exe (PID: 3340)
Application launched itself
- iexplore.exe (PID: 3340)
Reads internet explorer settings
- iexplore.exe (PID: 1916)
Reads Internet Cache Settings
- iexplore.exe (PID: 3340)
- iexplore.exe (PID: 1916)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
181
Monitored processes
143
Malicious processes
2
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 3340 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://re75.info/share/" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
| 1916 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3340 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
| 2344 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\exe[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\exe[1].exe | iexplore.exe | |
User: admin Integrity Level: MEDIUM Exit code: 1 Version: 1.0.0.0 | ||||
| 3980 | cmd.exe /x/d/c "copy mal.exe mal5.exe" | C:\Windows\system32\cmd.exe | — | exe[1].exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
| 496 | cmd.exe /x/d/c mal5.exe | C:\Windows\system32\cmd.exe | — | exe[1].exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
| 1448 | cmd.exe /x/d/c "copy mal.exe mal6.exe" | C:\Windows\system32\cmd.exe | — | exe[1].exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
| 1956 | cmd.exe /x/d/c mal6.exe | C:\Windows\system32\cmd.exe | — | exe[1].exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
| 2740 | cmd.exe /x/d/c "copy mal.exe mal7.exe" | C:\Windows\system32\cmd.exe | — | exe[1].exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
| 3752 | cmd.exe /x/d/c "copy mal.exe mal8.exe" | C:\Windows\system32\cmd.exe | — | exe[1].exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
| 3416 | cmd.exe /x/d/c mal7.exe | C:\Windows\system32\cmd.exe | — | exe[1].exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
Total events
1 501
Read events
1 440
Write events
0
Delete events
0
Modification events
Executable files
3
Suspicious files
0
Text files
22
Unknown types
5
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3340 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
| 3340 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
| 1916 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2DC86P30\share[1].txt | — | |
MD5:— | SHA256:— | |||
| 1916 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:6FB5BA0AA18A975A7106ABD73EAF8A30 | SHA256:E4D876B974138A4B47884523EF7ECBD5C84A4334377D2DF7937141E090437BDA | |||
| 1916 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2DC86P30\share[1].htm | html | |
MD5:CE9FAF0F7ABB0D88EF771A85A28A97F1 | SHA256:08BE923884D4434FB80162108EA85B28B34B70B23ED3EC3B4C27C86BADDDFCE5 | |||
| 1916 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:B407F0F7BC2FC763D7C8658E9E51512D | SHA256:81F80890643E4512145900787FA08D4D48D5FF13001457BA81E8F1D6C5C9FB48 | |||
| 1916 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62OMCEEE\seccon[1].txt | — | |
MD5:— | SHA256:— | |||
| 1916 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XYMQHFZ6\blank[1].gif | image | |
MD5:19517FB39A31BE6B8D7CCF53AD84908F | SHA256:3CB0E54BABF019703FE671A32FCC3947AAB9079EC2871CF0F9639245CC12D878 | |||
| 1916 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120620191207\index.dat | dat | |
MD5:0A4C3F63C87F4766C5009E256D5AAB28 | SHA256:0D16B8266BA109FD0C23F4677F44C6B92377502988A58CE666B4FC06E1A16DF0 | |||
| 3340 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
14
DNS requests
2
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
1916 | iexplore.exe | GET | — | 153.126.158.65:80 | http://re75.info/share/pfp.zip | JP | — | — | malicious |
1916 | iexplore.exe | GET | 200 | 153.126.158.65:80 | http://re75.info/share/ | JP | html | 3.85 Kb | malicious |
1916 | iexplore.exe | GET | — | 153.126.158.65:80 | http://re75.info/share/tweet.exe | JP | — | — | malicious |
1916 | iexplore.exe | GET | 200 | 153.126.158.65:80 | http://re75.info/share/seccon/tmp.jpg | JP | image | 11.3 Kb | malicious |
1916 | iexplore.exe | GET | 200 | 153.126.158.65:80 | http://re75.info/share/malset/exe.exe | JP | executable | 2.00 Mb | malicious |
1916 | iexplore.exe | GET | 200 | 153.126.158.65:80 | http://re75.info/share/seccon/ | JP | html | 457 b | malicious |
1916 | iexplore.exe | GET | 200 | 153.126.158.65:80 | http://re75.info/share/malset/ | JP | html | 572 b | malicious |
1916 | iexplore.exe | GET | 200 | 153.126.158.65:80 | http://re75.info/icons/layout.gif | JP | image | 276 b | malicious |
3340 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
1916 | iexplore.exe | GET | 200 | 153.126.158.65:80 | http://re75.info/icons/image2.gif | JP | image | 309 b | malicious |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
3340 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1916 | iexplore.exe | 153.126.158.65:80 | re75.info | SAKURA Internet Inc. | JP | malicious |
3340 | iexplore.exe | 153.126.158.65:80 | re75.info | SAKURA Internet Inc. | JP | malicious |
DNS requests
Domain | IP | Reputation |
|---|---|---|
re75.info |
| malicious |
www.bing.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
1916 | iexplore.exe | A Network Trojan was detected | ET TROJAN Suspicious exe.exe request - possible downloader/Oficla |
1916 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
1916 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |