analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://somosmodigitalizados.digital/04/vv.xsl

Full analysis: https://app.any.run/tasks/cc78b448-d4a3-4227-b59b-3a37174c72ea
Verdict: Malicious activity
Analysis date: August 13, 2019, 22:28:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C9D9909A807AAA171BAAC179571E99E6

SHA1:

99FC97A83D3F2DEDF319259210EA022C05C07D9C

SHA256:

265B31C8CAF9481FF06812090D738BD0516D368D14FF86B21A7AE3FC5FC9605B

SSDEEP:

3:N8H3ypMRE1Vt4Jn:2HRiIn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2632)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3076)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2632)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2632)
      • iexplore.exe (PID: 3076)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2632"C:\Program Files\Internet Explorer\iexplore.exe" "https://somosmodigitalizados.digital/04/vv.xsl"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3076"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2632 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
478
Read events
394
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
18
Unknown types
5

Dropped files

PID
Process
Filename
Type
2632iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K7ZQOTXL\invalidcert[2]text
MD5:B525B5B56443DA423CA00841C1C06979
SHA256:81742EB16BC5D08B785E0569E1588616D81EE8E923E72243E553D14B503326A7
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1Q66UIZQ\vv[1].xslxml
MD5:BCB80D7A404AC516DB927AADCADBFE06
SHA256:8382DC50C9112F4AB7972A28534B7FB00497BB9B6902B70B8860F79AC585CA4E
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K7ZQOTXL\invalidcert[1]html
MD5:E2817FEBFEDE77B8CC498C4833098742
SHA256:AAB4F5B4BDD02B66B46643B0BBD40761C694B14857E6943F3AC03B692FD08047
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DATsmt
MD5:8DC137CA01D53E3B8CFBB6980B69ED54
SHA256:146DA72B60685A1E2F991C814572C8742900039A16F907AD66034301F6F21CF7
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019081320190814\index.datdat
MD5:9A649E7E0ED96960F38B7D3678983CF6
SHA256:3557FC45816E6BB62B944806997ABB0F4FD6B8B8A7E8AE88A155B73860871BB2
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:37408A9B2D89EDF17FC453F4005995AF
SHA256:F6C2B5592FD614A721D45B36D877811E7543E44CCD26AFC399F202E47F6FBC95
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NJMAA30Q\green_shield[1]image
MD5:254D388CE19D84A54FD44571E049E6A6
SHA256:C686BABC034F53A24A1206019E958BA8FC879216FD7B6A4B972F188535341227
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:541E43625A055D12D62E2FBBA8562680
SHA256:C62AF8CD78EA2F248A7D2A8D2F1E3ED24764B6114C6C04E97063A13B0D6D3445
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
7
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3076
iexplore.exe
GET
200
192.99.166.244:80
http://somosmodigitalizados.digital/04/vv.xsl
CA
xml
9.94 Kb
malicious
2632
iexplore.exe
GET
404
192.99.166.244:80
http://somosmodigitalizados.digital/favicon.ico
CA
html
303 b
malicious
2632
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2632
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2632
iexplore.exe
192.99.166.244:80
somosmodigitalizados.digital
OVH SAS
CA
malicious
3076
iexplore.exe
192.99.166.244:80
somosmodigitalizados.digital
OVH SAS
CA
malicious
2632
iexplore.exe
192.99.166.244:443
somosmodigitalizados.digital
OVH SAS
CA
malicious
3076
iexplore.exe
192.99.166.244:443
somosmodigitalizados.digital
OVH SAS
CA
malicious

DNS requests

Domain
IP
Reputation
somosmodigitalizados.digital
  • 192.99.166.244
malicious
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted

Threats

PID
Process
Class
Message
3076
iexplore.exe
A Network Trojan was detected
MALWARE [PTsecurity] ActiveXObject.Shell
1 ETPRO signatures available at the full report
No debug info