URL:

http://plascaembalagens.com/

Full analysis: https://app.any.run/tasks/8843d238-aa78-45af-85e9-87861b70351d
Verdict: Malicious activity
Analysis date: September 30, 2020, 14:27:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
phishing
Indicators:
MD5:

DC53AD2FF088AE443E2CFE01C3002F75

SHA1:

8BCCF8633FC007E4587BA052BD250DE06388A0C2

SHA256:

2F46EB6BB1D4AFCA90BB23E439588DA61C8D18CCBCD9F527A1ADF67C22FC69BA

SSDEEP:

3:N1KOJ/M65bK3:COJ/M6Q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3388)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3388)
      • iexplore.exe (PID: 2008)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2008)

    • Changes internet zones settings

      • iexplore.exe (PID: 3388)

    • Creates files in the user directory

      • iexplore.exe (PID: 2008)
      • iexplore.exe (PID: 3388)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2008)
      • iexplore.exe (PID: 3388)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3388)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 2008)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3388)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2008"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3388 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3388"C:\Program Files\Internet Explorer\iexplore.exe" http://plascaembalagens.com/C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
400
Read events
260
Write events
137
Delete events
3

Modification events

(PID) Process:(3388) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
3852587066
(PID) Process:(3388) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30840629
(PID) Process:(3388) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3388) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3388) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3388) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3388) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3388) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A5000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3388) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3388) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
0
Suspicious files
28
Text files
64
Unknown types
13

Dropped files

PID
Process
Filename
Type
3388iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\widgets_css[1].txttext
MD5:
SHA256:
2008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\sp-2.0.0-dm-0.1.min.js[1].jstext
MD5:81FF203C31C9A3E5C15C5A790EEBB460
SHA256:4737E970E7344D8BF4EE6760B4A0DD29C21C1899A7C34DBE1E10CB2893834F5A
2008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\a43ac19f_1.min[1].csstext
MD5:
SHA256:
2008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\B40GUO53.htmhtml
MD5:
SHA256:
2008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\d-css-runtime-desktop-one-package-new.min[1].csstext
MD5:
SHA256:
2008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\0.dc5bbd4bc334ffde42ef.js[1].jstext
MD5:
SHA256:
2008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\logo_footer[1].pngimage
MD5:
SHA256:
2008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\d-js-one-runtime-layouts-desktop.min.js[1].jstext
MD5:
SHA256:
2008iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\d-js-runtime-one-package.min.js[1].jstext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
74
TCP/UDP connections
92
DNS requests
31
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2008
iexplore.exe
GET
187.45.195.140:80
http://plascaembalagens.com/
BR
suspicious
2008
iexplore.exe
GET
187.45.195.140:80
http://plascaembalagens.com/Plasca%20Embalagens%20Flex%C3%ADveis_files/widgets_css
BR
suspicious
2008
iexplore.exe
GET
200
187.45.195.140:80
http://plascaembalagens.com/Plasca%20Embalagens%20Flex%C3%ADveis_files/logo.png
BR
image
5.77 Kb
suspicious
2008
iexplore.exe
GET
200
187.45.195.140:80
http://plascaembalagens.com/Plasca%20Embalagens%20Flex%C3%ADveis_files/0.dc5bbd4bc334ffde42ef.js.download
BR
text
24.1 Kb
suspicious
2008
iexplore.exe
GET
200
187.45.195.140:80
http://plascaembalagens.com/Plasca%20Embalagens%20Flex%C3%ADveis_files/logo_footer.png
BR
image
2.96 Kb
suspicious
2008
iexplore.exe
GET
200
187.45.195.140:80
http://plascaembalagens.com/Plasca%20Embalagens%20Flex%C3%ADveis_files/d-js-runtime-one-package.min.js.download
BR
text
406 Kb
suspicious
2008
iexplore.exe
GET
200
187.45.195.140:80
http://plascaembalagens.com/Plasca%20Embalagens%20Flex%C3%ADveis_files/css-font-package.min.css
BR
text
53.0 Kb
suspicious
2008
iexplore.exe
GET
200
187.45.195.140:80
http://plascaembalagens.com/Plasca%20Embalagens%20Flex%C3%ADveis_files/d-css-foundation.min.css
BR
text
10.6 Kb
suspicious
2008
iexplore.exe
GET
200
187.45.195.140:80
http://plascaembalagens.com/Plasca%20Embalagens%20Flex%C3%ADveis_files/a43ac19f_1.min.css
BR
text
318 Kb
suspicious
2008
iexplore.exe
GET
200
187.45.195.140:80
http://plascaembalagens.com/Plasca%20Embalagens%20Flex%C3%ADveis_files/img.jpg
BR
image
11.2 Kb
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2008
iexplore.exe
187.45.195.140:80
plascaembalagens.com
Locaweb Serviços de Internet S/A
BR
suspicious
3388
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2008
iexplore.exe
143.204.202.25:443
irp-cdn.multiscreensite.com
US
suspicious
2008
iexplore.exe
2.16.186.35:80
isrg.trustid.ocsp.identrust.com
Akamai International B.V.
whitelisted
2008
iexplore.exe
2.16.186.11:80
isrg.trustid.ocsp.identrust.com
Akamai International B.V.
whitelisted
2008
iexplore.exe
143.204.201.95:443
lirp-cdn.multiscreensite.com
US
suspicious
2008
iexplore.exe
192.35.177.64:80
crl.identrust.com
IdenTrust
US
malicious
2008
iexplore.exe
143.204.201.49:443
static-cdn.multiscreensite.com
US
malicious
2008
iexplore.exe
143.204.208.186:80
d32hwlnfiv2gyn.cloudfront.net
US
malicious
2008
iexplore.exe
151.101.2.109:443
cdn.jsdelivr.net
Fastly
US
suspicious

DNS requests

Domain
IP
Reputation
plascaembalagens.com
  • 187.45.195.140
suspicious
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
irp-cdn.multiscreensite.com
  • 143.204.202.25
whitelisted
isrg.trustid.ocsp.identrust.com
  • 2.16.186.11
  • 2.16.186.35
whitelisted
lirp-cdn.multiscreensite.com
  • 143.204.201.95
  • 143.204.201.61
  • 143.204.201.47
  • 143.204.201.113
shared
crl.identrust.com
  • 192.35.177.64
whitelisted
static-cdn.multiscreensite.com
  • 143.204.201.49
  • 143.204.201.97
  • 143.204.201.80
  • 143.204.201.81
shared
ssl.google-analytics.com
  • 142.250.74.200
whitelisted
d32hwlnfiv2gyn.cloudfront.net
  • 143.204.208.186
  • 143.204.208.14
  • 143.204.208.149
  • 143.204.208.114
whitelisted

Threats

PID
Process
Class
Message
2008
iexplore.exe
Potentially Bad Traffic
ET INFO Possible Phish - Saved Website Comment Observed
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://plascaembalagens.com/