URL:

http://d.agkn.com/pixel/4102/?che=&col=71700000032316354,700000001706839,58700003837477746,,,CLHEu8

Full analysis: https://app.any.run/tasks/b51c43e0-cf2b-4914-9b26-55e444ab2a66
Verdict: No threats detected
Analysis date: August 27, 2018, 22:15:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C319D8F365AF8B601C513C68517D3818

SHA1:

DBB5DA8F954E2B3B529480A3E76DAC5A755485E9

SHA256:

2B36B311FFDAFD41DA8D231C096627034A6874CDC742ECB2D1DECC8194576996

SSDEEP:

3:N1KaLrkLGGVMdslKaGWGJ/GvRkXj5z18d4RzJeh:CaLrCGGmdsQNWGxGvu9zi4RzJeh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 1648)

    • Creates files in the user directory

      • iexplore.exe (PID: 3552)

    • Dropped object may contain URL's

      • iexplore.exe (PID: 1648)
      • iexplore.exe (PID: 3552)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3552)
      • iexplore.exe (PID: 1648)

    • Application launched itself

      • iexplore.exe (PID: 3552)

    • Changes internet zones settings

      • iexplore.exe (PID: 3552)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1648"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3552 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3552"C:\Program Files\Internet Explorer\iexplore.exe" http://d.agkn.com/pixel/4102/?che=&col=71700000032316354,700000001706839,58700003837477746,,,CLHEu8C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
446
Read events
357
Write events
86
Delete events
3

Modification events

(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000048000000010000000000000000000000000000000000000000000000B096B68868EBD301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000D8BFD602040000000000000000000000000000000000000000000000F4BFD602040000000000000000000000000000000000000000000000D8372A0000000000FFFFFFFF000000000000000000000000010000002E00000000000000000000000000000002000000C0A801640000000000000000D84ED505AC02000005000000010000000000000000000000010000000000000000000000BF060000000000000000000000000000000000001000000088C0D60204000000000000000000000000000000000000000000000000000000C8E40C00000000000C0000000000000000000000
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{D1B9D1B1-AA46-11E8-ACE5-5254004AAD11}
Value:
0
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
10
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E207080001001B001600100013004200
Executable files
0
Suspicious files
5
Text files
21
Unknown types
3

Dropped files

PID
Process
Filename
Type
3552iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUFVP8I9\favicon[1].ico
MD5:
SHA256:
3552iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1648iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018082720180828\index.datdat
MD5:
SHA256:
3552iexplore.exeC:\Users\admin\AppData\Local\Temp\StructuredQuery.logtext
MD5:
SHA256:
3552iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018082720180828\index.datdat
MD5:
SHA256:
1648iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DATsmt
MD5:
SHA256:
3552iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF8AEBC582914738D5.TMP
MD5:
SHA256:
1648iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MJG226QK\http_404[1]html
MD5:4CD84A1B063BF6DEA53E06755EF9E24D
SHA256:988CC4B451673F847D823C9D9BA14AD50D3CA1141BC1E17C6415B8F64B6E1C22
3552iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF54CDFE1EC867A821.TMP
MD5:
SHA256:
1648iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XBSSZHSR\ErrorPageTemplate[1]text
MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
SHA256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
3
DNS requests
3
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1648
iexplore.exe
GET
200
52.31.188.95:80
http://d.agkn.com/pixel/4102/?che=&col=71700000032316354,700000001706839,58700003837477746,,,CLHEu8
IE
image
43 b
shared
1648
iexplore.exe
GET
302
52.31.188.95:80
http://d.agkn.com/
IE
image
43 b
shared
3552
iexplore.exe
GET
200
52.31.188.95:80
http://d.agkn.com/favicon.ico
IE
image
1.12 Kb
shared
1648
iexplore.exe
GET
404
52.31.188.95:80
http://d.agkn.com/pixel/4102i
IE
image
43 b
shared
3552
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1648
iexplore.exe
52.31.188.95:80
d.agkn.com
Amazon.com, Inc.
IE
unknown
3552
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3552
iexplore.exe
52.31.188.95:80
d.agkn.com
Amazon.com, Inc.
IE
unknown

DNS requests

Domain
IP
Reputation
d.agkn.com
  • 52.31.188.95
  • 34.249.187.31
  • 54.76.212.226
  • 54.171.47.36
  • 52.51.101.246
  • 52.18.250.145
shared
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.404.html
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://d.agkn.com/pixel/4102/?che=&col=71700000032316354,700000001706839,58700003837477746,,,CLHEu8