URL:

Sexyforums.com

Full analysis: https://app.any.run/tasks/1c66efd0-0772-4f97-abfb-2c4d2a760f46
Verdict: Malicious activity
Analysis date: June 13, 2024, 15:56:28
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

B65FB19BF3345346C639178E7C1C29DC

SHA1:

C56F79AB0C86BB44C047181DA13313F6F3E0ACB3

SHA256:

3108E8CD19AFADCAC3D54778F283112B072734A31025AAD9F416FEBB6895940D

SSDEEP:

3:eFuTn:cyn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads the computer name

      • wmpnscfg.exe (PID: 1284)

    • Checks supported languages

      • wmpnscfg.exe (PID: 1284)

    • Application launched itself

      • iexplore.exe (PID: 3984)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1284)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1284"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3984"C:\Program Files\Internet Explorer\iexplore.exe" "Sexyforums.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4040"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3984 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
19 950
Read events
19 829
Write events
87
Delete events
34

Modification events

(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31112618
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31112618
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
54
Text files
53
Unknown types
14

Dropped files

PID
Process
Filename
Type
4040iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\core.min[1].jsbinary
MD5:1F593C87A1B48503E6A52B91A1CD5A5C
SHA256:688DD33ED28D8089F3B559839052791CADFCE9FA46F15DC39D8AFBF0F5F4EB57
4040iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:B0C62B9A434E9DEE3269998880B384BF
SHA256:3B655361A18E3262855D7E3CFEF368563C32A0981CD8D9CBF349E6DD93D0F6C8
4040iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:954C54875908A1611DA86CA371F61FCC
SHA256:4FF400F5896AC46241862BBD192F368608E74CBEB9B2010F8F525C18705524E3
4040iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\css[1].csstext
MD5:7F46F6B2F6DD49EFF753094A6214DFB8
SHA256:A1E3B5E881F66DB5F65F337A6B03027BDEA4BE19041368B118561777FB660B3C
4040iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\dropdown_with_flags[1].jstext
MD5:2D54D6342AC9F58F63B6C875C795E61E
SHA256:E8D732A2DA53323EC494F4A1285D75436076F36E0FDB9D1EE7E78010079C6C29
4040iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\OBR40UQO.htmhtml
MD5:FF6BDB6F50B37FC2855BDC0812659A5A
SHA256:4BCCE45E2B45958244DBC6C5EE197BD9D95234C588586974CD6A33FEED361A99
4040iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\css[1].csstext
MD5:E7344EC406E3020FBB5695D0F89CFC4D
SHA256:8B2EF27C8F7B6AD4927ECBB0618911D47B4AF2424B91935EDDDB8129442BA1CD
4040iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\preamble.min[1].jsbinary
MD5:387F790DF3B04817B3B499539218A32F
SHA256:F8F0D5E29E4408E8ECDCCEE5E73A185566774F71C7F440CC50AD5C647B127CE3
4040iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\vendor-compiled[1].jstext
MD5:D2EB06A066C2B5C9AFCF5E8A0B2E06CB
SHA256:3507CA14C84CBFFCCD872E634A84D93F50882C817E66FFDF2643A7ED884A205E
4040iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\TYX336G5.htmhtml
MD5:0104C301C5E02BD6148B8703D19B3A73
SHA256:446A6087825FA73EADB045E5A2E9E2ADF7DF241B571228187728191D961DDA1F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
88
DNS requests
42
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4040
iexplore.exe
GET
304
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0eb42db1385d6a0b
unknown
4040
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
unknown
4040
iexplore.exe
GET
200
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9061d5aa6d0ed04e
unknown
4040
iexplore.exe
GET
301
172.67.138.143:80
http://sexyforums.com/
unknown
4040
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
4040
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
unknown
4040
iexplore.exe
GET
200
2.19.126.163:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0950bbb8847fa8c4
unknown
4040
iexplore.exe
GET
200
2.16.241.8:80
http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgMcfLVQc1c929GWjgQVi4cb5w%3D%3D
unknown
4040
iexplore.exe
GET
200
2.19.105.18:80
http://x1.c.lencr.org/
unknown
3984
iexplore.exe
GET
304
2.19.126.163:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?48102323af88c435
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4040
iexplore.exe
172.67.138.143:80
sexyforums.com
CLOUDFLARENET
US
unknown
4
System
192.168.100.255:137
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
4040
iexplore.exe
172.67.138.143:443
sexyforums.com
CLOUDFLARENET
US
unknown
4040
iexplore.exe
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
4040
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
unknown
4040
iexplore.exe
142.250.186.74:443
fonts.googleapis.com
GOOGLE
US
unknown
4040
iexplore.exe
104.21.5.179:443
ip1.imgporn.to
CLOUDFLARENET
unknown
4040
iexplore.exe
88.208.22.2:443
bobabillydirect.org
DataWeb Global Group B.V.
NL
unknown

DNS requests

Domain
IP
Reputation
sexyforums.com
  • 172.67.138.143
  • 104.21.40.199
unknown
ctldl.windowsupdate.com
  • 2.19.126.137
  • 2.19.126.163
unknown
ocsp.digicert.com
  • 192.229.221.95
unknown
api.bing.com
  • 13.107.5.80
unknown
www.bing.com
  • 184.86.103.140
  • 184.86.103.154
  • 184.86.103.145
unknown
fonts.googleapis.com
  • 142.250.186.74
unknown
ip1.imgporn.to
  • 104.21.5.179
  • 172.67.133.177
unknown
bobabillydirect.org
  • 88.208.22.2
  • 88.208.22.4
  • 88.208.22.1
  • 88.208.22.3
unknown
cdn.tsyndicate.com
  • 45.133.44.71
  • 45.133.44.70
unknown
linktr.ee
  • 151.101.130.133
  • 151.101.2.133
  • 151.101.66.133
  • 151.101.194.133
unknown

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query for .to TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Sexyforums.com