analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| download: | index.html |
| Full analysis: | https://app.any.run/tasks/51d980ac-c7dd-4f35-a300-e10b2030895a |
| Verdict: | Malicious activity |
| Analysis date: | November 08, 2019, 14:54:45 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | text/html |
| File info: | HTML document, ASCII text, with very long lines, with CRLF, LF line terminators |
| MD5: | 57AD1EC9D3036FE8EB6A6DF04FA53D9B |
| SHA1: | FBD9EF3C96E62B3BA6B1EAB89B5735961577BF94 |
| SHA256: | 2776B4230845A14F5CA4BE9B5AC170AE3AA9EB389B2E3B238B2B125864C177C5 |
| SSDEEP: | 768:l2/fDYSzpvnW5vLkApmfJuTPEEZGiwi+K3y+9clyv+CWWxcIPgUerG0:l2/9NvnW5vLkApmfJuTPEEZGiwi+KCAK |
MALICIOUS
No malicious indicators.SUSPICIOUS
No suspicious indicators.INFO
Reads settings of System Certificates
- iexplore.exe (PID: 2132)
- iexplore.exe (PID: 392)
Adds / modifies Windows certificates
- iexplore.exe (PID: 2132)
- iexplore.exe (PID: 392)
Changes internet zones settings
- iexplore.exe (PID: 392)
Reads internet explorer settings
- iexplore.exe (PID: 2132)
- iexplore.exe (PID: 1516)
Application launched itself
- iexplore.exe (PID: 392)
Reads Internet Cache Settings
- iexplore.exe (PID: 2132)
- iexplore.exe (PID: 1516)
Creates files in the user directory
- iexplore.exe (PID: 1516)
- iexplore.exe (PID: 2132)
- iexplore.exe (PID: 392)
Changes settings of System certificates
- iexplore.exe (PID: 2132)
- iexplore.exe (PID: 392)
Dropped object may contain Bitcoin addresses
- iexplore.exe (PID: 1516)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
EXIF
HTML
| Title: | IT |
|---|---|
| Robots: | noindex |
| viewport: | width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no |
| HTTPEquivXUACompatible: | IE=edge |
Total processes
37
Monitored processes
3
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 392 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
| 2132 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:392 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
| 1516 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:392 CREDAT:203009 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
Total events
672
Read events
554
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
6
Text files
53
Unknown types
10
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\init[1].js | — | |
MD5:— | SHA256:— | |||
| 392 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
| 392 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
| 2132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019110820191109\index.dat | dat | |
MD5:44C289F0EEA4C4192DA537E5C78D10D0 | SHA256:1C42C9D8F995C99F28B52F4E7512280E49B535D19A160ADD81CD50ECE3D86635 | |||
| 2132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\strings[1].js | text | |
MD5:3EFAA3264E926EE33E9938D93ADB61A8 | SHA256:EE9D97E9B7E8D0997C6C0C14131E0893340953DC4DE234310153AA791C356A15 | |||
| 1516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:DFF34D23D762532AED791F664243F6D5 | SHA256:9A2935138415CB2B3AED136D6BDCA0B6E33C5F2BB2747AA87CD9E40E5D8DACBA | |||
| 2132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\core[1].js | text | |
MD5:A221FAD380C948BDFACEAC7AB4CDE0E8 | SHA256:7F43E965E991AAA47CF1D3F50754AD689506A5494202BBB1AF44DFB648D31531 | |||
| 2132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\blank[1].js | text | |
MD5:FA3AFF22FA140F2F9BB48E1CC0F2FB25 | SHA256:6C63CBA1838A503735FD0427E67F8759717B0D053DCA38F3C6396F9D194AE5C5 | |||
| 2132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\sp.res[1].js | text | |
MD5:13F04B7CD95261BCB241ACDD46215471 | SHA256:C5E91D5AAF60AB2D1A7BABDF63AC4C824427DB9E6EE8D5622206ADB4B1211A1F | |||
| 2132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\sp.wopimessagehandler[1].js | text | |
MD5:F5020D5A963A4DA7F4042E9EEA9093A9 | SHA256:04D0ABA9E1CBF816D6980F59805F68C900405FB27CCC6B67734A69C1AA8E17C5 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
28
DNS requests
13
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
392 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
392 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 2.19.34.64:443 | static.sharepointonline.com | Akamai International B.V. | — | whitelisted |
2132 | iexplore.exe | 13.107.6.171:443 | onenote.officeapps.live.com | Microsoft Corporation | US | whitelisted |
392 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2132 | iexplore.exe | 2.19.34.64:443 | static.sharepointonline.com | Akamai International B.V. | — | whitelisted |
1516 | iexplore.exe | 172.227.168.22:443 | go.microsoft.com | Akamai International B.V. | US | whitelisted |
1516 | iexplore.exe | 152.199.19.160:443 | az725175.vo.msecnd.net | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1516 | iexplore.exe | 184.31.82.79:443 | support.office.com | Akamai International B.V. | NL | whitelisted |
1516 | iexplore.exe | 2.16.186.27:443 | statics-marketingsites-neu-ms-com.akamaized.net | Akamai International B.V. | — | whitelisted |
1516 | iexplore.exe | 104.109.56.54:443 | mem.gfx.ms | Akamai International B.V. | NL | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
static.sharepointonline.com |
| whitelisted |
www.bing.com |
| whitelisted |
onenote.officeapps.live.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
support.office.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
statics-marketingsites-neu-ms-com.akamaized.net |
| whitelisted |
az725175.vo.msecnd.net |
| whitelisted |
img-prod-cms-rt-microsoft-com.akamaized.net |
| whitelisted |
ajax.aspnetcdn.com |
| whitelisted |