analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://32530.xc.chuairan.com/xiaz/HPColorLaserJetCP1025@311_11441.exe

Full analysis: https://app.any.run/tasks/bc71a315-e3ab-43e3-85df-1680a20c2a21
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: September 19, 2019, 08:41:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
loader
Indicators:
MD5:

C2728549EEA2E46776C6CBDDAF71754A

SHA1:

EA0CBBABEE0161FF2348DF2AC0F202124137F2D8

SHA256:

23311C270469A0888D43272CF01ECE81F7876290C799609636C9DE721B446AAB

SSDEEP:

3:N1KFQ60KIKdM221rKC/dXu2C:CATKOdZ/Zur

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • HPColorLaserJetCP1025@311_11441[1].exe (PID: 2144)
      • HPColorLaserJetCP1025@311_11441[1].exe (PID: 2872)

    • Downloads executable files from the Internet

      • iexplore.exe (PID: 3844)

    • Connects to CnC server

      • HPColorLaserJetCP1025@311_11441[1].exe (PID: 2144)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3844)
      • iexplore.exe (PID: 3540)

    • Low-level read access rights to disk partition

      • HPColorLaserJetCP1025@311_11441[1].exe (PID: 2144)

    • Creates files in the user directory

      • HPColorLaserJetCP1025@311_11441[1].exe (PID: 2144)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 3540)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3844)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start iexplore.exe iexplore.exe hpcolorlaserjetcp1025@311_11441[1].exe no specs hpcolorlaserjetcp1025@311_11441[1].exe

Process information

PID
CMD
Path
Indicators
Parent process
3540"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3844"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3540 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2872"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\HPColorLaserJetCP1025@311_11441[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\HPColorLaserJetCP1025@311_11441[1].exeiexplore.exe
User:
admin
Integrity Level:
MEDIUM
Description:
智能下载器
Exit code:
3221226540
Version:
4.0.0.910
2144"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\HPColorLaserJetCP1025@311_11441[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\HPColorLaserJetCP1025@311_11441[1].exe
iexplore.exe
User:
admin
Integrity Level:
HIGH
Description:
智能下载器
Version:
4.0.0.910
Total events
645
Read events
574
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
1
Text files
9
Unknown types
4

Dropped files

PID
Process
Filename
Type
3540iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
3540iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3540iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFE6BC816429016DB2.TMP
MD5:
SHA256:
3540iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFB905C82E2BF6882F.TMP
MD5:
SHA256:
3540iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3F4A7543-DAB9-11E9-B86F-5254004A04AF}.dat
MD5:
SHA256:
3540iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{3F4A7544-DAB9-11E9-B86F-5254004A04AF}.datbinary
MD5:86723C7D28EFACDEB1EE229207194599
SHA256:2A46D2867F3E20EBFB81C66C6A412E09B69AFB4D5584158534C2814BCA4C2A60
3844iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019091920190920\index.datdat
MD5:08881E8B09574AD9F151388F69164EB4
SHA256:2AD8D849796DDC1F067315E0A649FF838E550E1084BCB270AFC36ADCA265D936
2144HPColorLaserJetCP1025@311_11441[1].exeC:\Users\admin\AppData\Roaming\GlobalMgr.dbtext
MD5:583BA5AA3F6EC3DF8E58DB6AA6AEB789
SHA256:BF9D9B1B0AA4F9EF5D775F4BA409BF3D69556E77EADFBA20E371B980ED77C8AA
3844iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:BB119D88F010417833D201A85D376499
SHA256:352A69770D8C2FD55918EFF52AB3A70DADB0159E48681FCDC060A482F8B12C98
3844iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:2DC2C1C1E3122D3F1CA1BE2E4EA718D1
SHA256:86EFFEFC82165AC0548DBCF470D190B81EE5431FA914D95A6002C9720C885C74
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
14
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2144
HPColorLaserJetCP1025@311_11441[1].exe
GET
116.211.183.218:80
http://cdn.zry97.com/logo/logo-xin-putong-jua.zip
CN
suspicious
2144
HPColorLaserJetCP1025@311_11441[1].exe
POST
39.97.130.28:80
http://x.93ne.com/qy/gl
CN
malicious
2144
HPColorLaserJetCP1025@311_11441[1].exe
POST
39.97.130.28:80
http://x.93ne.com/qy/gl
CN
malicious
2144
HPColorLaserJetCP1025@311_11441[1].exe
POST
39.97.130.28:80
http://x.93ne.com/qy/gl
CN
malicious
2144
HPColorLaserJetCP1025@311_11441[1].exe
POST
39.97.130.28:80
http://x.93ne.com/qy/gl
CN
malicious
2144
HPColorLaserJetCP1025@311_11441[1].exe
POST
39.97.130.28:80
http://x.93ne.com/qy/gl
CN
malicious
2144
HPColorLaserJetCP1025@311_11441[1].exe
POST
39.97.130.28:80
http://x.93ne.com/qy/gl
CN
malicious
2144
HPColorLaserJetCP1025@311_11441[1].exe
POST
39.97.130.28:80
http://x.93ne.com/qy/gl
CN
malicious
2144
HPColorLaserJetCP1025@311_11441[1].exe
POST
39.97.130.28:80
http://x.93ne.com/qy/gi
CN
malicious
3540
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3540
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3844
iexplore.exe
120.27.186.114:80
32530.xc.chuairan.com
Hangzhou Alibaba Advertising Co.,Ltd.
CN
suspicious
2144
HPColorLaserJetCP1025@311_11441[1].exe
116.211.183.218:80
cdn.zry97.com
CHINANET Hubei province network
CN
suspicious
2144
HPColorLaserJetCP1025@311_11441[1].exe
39.97.130.28:80
x.93ne.com
Hangzhou Alibaba Advertising Co.,Ltd.
CN
malicious
3844
iexplore.exe
106.14.48.83:80
32530.xc.chuairan.com
Hangzhou Alibaba Advertising Co.,Ltd.
CN
suspicious

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
32530.xc.chuairan.com
  • 106.14.48.83
  • 120.27.186.114
  • 114.55.188.114
  • 101.201.62.45
  • 139.224.39.0
suspicious
dns.msftncsi.com
  • 131.107.255.255
shared
x.93ne.com
  • 39.97.130.28
  • 39.108.27.173
  • 47.102.38.15
malicious
cdn.zry97.com
  • 116.211.183.218
  • 116.211.183.216
  • 116.211.183.213
  • 116.211.183.212
  • 116.211.183.211
  • 116.211.183.215
  • 116.211.183.214
  • 116.211.183.217
unknown

Threats

PID
Process
Class
Message
3844
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3844
iexplore.exe
Misc activity
ET INFO EXE - Served Attached HTTP
2144
HPColorLaserJetCP1025@311_11441[1].exe
Misc activity
ADWARE [PTsecurity] Qjwmonkey Check-in
2144
HPColorLaserJetCP1025@311_11441[1].exe
Misc activity
ADWARE [PTsecurity] Qjwmonkey Check-in
2144
HPColorLaserJetCP1025@311_11441[1].exe
Misc activity
ADWARE [PTsecurity] Qjwmonkey Check-in
2144
HPColorLaserJetCP1025@311_11441[1].exe
Misc activity
ADWARE [PTsecurity] Qjwmonkey Check-in
2144
HPColorLaserJetCP1025@311_11441[1].exe
Misc activity
ADWARE [PTsecurity] Qjwmonkey Check-in
2144
HPColorLaserJetCP1025@311_11441[1].exe
Misc activity
ADWARE [PTsecurity] Qjwmonkey Check-in
2144
HPColorLaserJetCP1025@311_11441[1].exe
Misc activity
ADWARE [PTsecurity] Qjwmonkey Check-in
2144
HPColorLaserJetCP1025@311_11441[1].exe
Misc activity
ADWARE [PTsecurity] Qjwmonkey Check-in
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://32530.xc.chuairan.com/xiaz/HPColorLaserJetCP1025@311_11441.exe