URL:

http://d.agkn.com/pixel/4102/?che=&col=71700000032316354,700000001706839,58700003837477746,,,CLHEu8

Full analysis: https://app.any.run/tasks/b51c43e0-cf2b-4914-9b26-55e444ab2a66
Verdict: No threats detected
Analysis date: August 27, 2018, 22:15:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C319D8F365AF8B601C513C68517D3818

SHA1:

DBB5DA8F954E2B3B529480A3E76DAC5A755485E9

SHA256:

2B36B311FFDAFD41DA8D231C096627034A6874CDC742ECB2D1DECC8194576996

SSDEEP:

3:N1KaLrkLGGVMdslKaGWGJ/GvRkXj5z18d4RzJeh:CaLrCGGmdsQNWGxGvu9zi4RzJeh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 3552)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3552)
      • iexplore.exe (PID: 1648)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1648)

    • Application launched itself

      • iexplore.exe (PID: 3552)

    • Dropped object may contain URL's

      • iexplore.exe (PID: 1648)
      • iexplore.exe (PID: 3552)

    • Creates files in the user directory

      • iexplore.exe (PID: 3552)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1648"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3552 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3552"C:\Program Files\Internet Explorer\iexplore.exe" http://d.agkn.com/pixel/4102/?che=&col=71700000032316354,700000001706839,58700003837477746,,,CLHEu8C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
446
Read events
357
Write events
86
Delete events
3

Modification events

(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000048000000010000000000000000000000000000000000000000000000B096B68868EBD301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000D8BFD602040000000000000000000000000000000000000000000000F4BFD602040000000000000000000000000000000000000000000000D8372A0000000000FFFFFFFF000000000000000000000000010000002E00000000000000000000000000000002000000C0A801640000000000000000D84ED505AC02000005000000010000000000000000000000010000000000000000000000BF060000000000000000000000000000000000001000000088C0D60204000000000000000000000000000000000000000000000000000000C8E40C00000000000C0000000000000000000000
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{D1B9D1B1-AA46-11E8-ACE5-5254004AAD11}
Value:
0
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
10
(PID) Process:(3552) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E207080001001B001600100013004200
Executable files
0
Suspicious files
5
Text files
21
Unknown types
3

Dropped files

PID
Process
Filename
Type
3552iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUFVP8I9\favicon[1].ico
MD5:
SHA256:
3552iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3552iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018082720180828\index.datdat
MD5:
SHA256:
1648iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018082720180828\index.datdat
MD5:
SHA256:
1648iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DATsmt
MD5:
SHA256:
1648iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSILEDM7\background_gradient[1]image
MD5:20F0110ED5E4E0D5384A496E4880139B
SHA256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
3552iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF8AEBC582914738D5.TMP
MD5:
SHA256:
1648iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSILEDM7\httpErrorPagesScripts[1]text
MD5:E7CA76A3C9EE0564471671D500E3F0F3
SHA256:58268CA71A28973B756A48BBD7C9DC2F6B87B62AE343E582CE067C725275B63C
3552iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF54CDFE1EC867A821.TMP
MD5:
SHA256:
1648iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XBSSZHSR\ErrorPageTemplate[2]text
MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
SHA256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
3
DNS requests
3
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1648
iexplore.exe
GET
200
52.31.188.95:80
http://d.agkn.com/pixel/4102/?che=&col=71700000032316354,700000001706839,58700003837477746,,,CLHEu8
IE
image
43 b
shared
1648
iexplore.exe
GET
404
52.31.188.95:80
http://d.agkn.com/pixel/4102i
IE
image
43 b
shared
1648
iexplore.exe
GET
302
52.31.188.95:80
http://d.agkn.com/
IE
image
43 b
shared
3552
iexplore.exe
GET
200
52.31.188.95:80
http://d.agkn.com/favicon.ico
IE
image
1.12 Kb
shared
3552
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3552
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1648
iexplore.exe
52.31.188.95:80
d.agkn.com
Amazon.com, Inc.
IE
unknown
3552
iexplore.exe
52.31.188.95:80
d.agkn.com
Amazon.com, Inc.
IE
unknown

DNS requests

Domain
IP
Reputation
d.agkn.com
  • 52.31.188.95
  • 34.249.187.31
  • 54.76.212.226
  • 54.171.47.36
  • 52.51.101.246
  • 52.18.250.145
shared
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.404.html
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://d.agkn.com/pixel/4102/?che=&col=71700000032316354,700000001706839,58700003837477746,,,CLHEu8