analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

z.htm

Full analysis: https://app.any.run/tasks/6fac9324-8529-42a3-9e73-2aa1405b5a3a
Verdict: Malicious activity
Analysis date: December 06, 2019, 12:20:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with no line terminators
MD5:

263FBB1919FF93B840A987CEB1190C84

SHA1:

3E5BA0A6D9BD46495EE935924743D8BE78E1A5FB

SHA256:

2DF7700FB4DC5B8188E9D88A41D62CC418FFE4CD9E54ADE1E54442895D6F9BF7

SSDEEP:

3:nmNjJMzVJu+1i+mTYwWKMGhHsKb:GMRJVi+mUYHP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 2740)
      • iexplore.exe (PID: 3316)
    • Changes internet zones settings

      • iexplore.exe (PID: 2172)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2740)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2172)
    • Application launched itself

      • iexplore.exe (PID: 2172)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2172"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\z.htmC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3316"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2172 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2740"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2172 CREDAT:137473C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
621
Read events
511
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
1
Text files
17
Unknown types
4

Dropped files

PID
Process
Filename
Type
2172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2172iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2172iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF45F960BB6183BE30.TMP
MD5:
SHA256:
2740iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:5B232087B9DEF1EC56025F279153E8E3
SHA256:3D0E4A7BB75EE5555796D011F9D9BCDD27DE7D47D362E8D5DB52717C92115C47
2740iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:8E202E988A71FE373C4B9ABDB9BF71A1
SHA256:E93C3EAFBA240464EAB2BD49C7F92FC63F5A19F0D30684A93B0B6FEC381F74E8
2740iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z6L0G31N\login[1].htmhtml
MD5:DE8E35DD44D07668CA4C90788552BE91
SHA256:10E238B87390D3664E6EAB979928AD2E36D836E4812EFA310E9C9BA5A52C07B4
3316iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120620191207\index.datdat
MD5:CB76F209E92479B4740C00BDF59ADA45
SHA256:5C6E63F39A7E0028B9E3EF1A4BE9E7A0B6ADA9612B71F208C6F3125F4E572211
2172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{DD424E2E-1822-11EA-AB41-5254004A04AF}.datbinary
MD5:FF02BC1C818119FDCACAFE220999481D
SHA256:002DB465A1E9F01DB3E689E235D8856FB26D92D22A0D11FEBC10BF20DADFA727
2172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].pngimage
MD5:9FB559A691078558E77D6848202F6541
SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
2740iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120620191207\index.datdat
MD5:2B24FED68EF9A8352763D48BCB121A1F
SHA256:B53653054CD3E841F8A50CB757F733CCCC690A80F4427E90CCE29D247F563DF5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
5
DNS requests
4
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2172
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2740
iexplore.exe
103.43.46.23:80
magabut.com
PT Infinys System Indonesia
ID
malicious
2172
iexplore.exe
3.234.120.183:443
mail.zimbra.com
US
unknown
2740
iexplore.exe
3.234.120.183:443
mail.zimbra.com
US
unknown
2172
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
magabut.com
  • 103.43.46.23
malicious
mail.zimbra.com
  • 3.234.120.183
  • 34.226.184.141
unknown

Threats

PID
Process
Class
Message
2740
iexplore.exe
A Network Trojan was detected
MALWARE [PTsecurity] Google Drive Phishing Landing
No debug info