URL:

https://me2.kr

Full analysis: https://app.any.run/tasks/f28912f8-fad3-4c4f-a036-1dc69d2c7bf6
Verdict: Malicious activity
Analysis date: June 05, 2024, 21:14:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

51EABFE401654817186A6C505280D0DD

SHA1:

7EA82E29D4ACA03953E71B3D59815AED7EBE8BFA

SHA256:

32B3E0B5E329CA5E881E19A92C860DC996FD2060E94561111E7C3DF28F573840

SSDEEP:

3:N8L4:28

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • wmpnscfg.exe (PID: 1664)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1664)

    • Application launched itself

      • iexplore.exe (PID: 3960)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1664)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1664"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3960"C:\Program Files\Internet Explorer\iexplore.exe" "https://me2.kr"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4020"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3960 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
18 657
Read events
18 534
Write events
89
Delete events
34

Modification events

(PID) Process:(3960) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3960) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3960) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31111053
(PID) Process:(3960) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3960) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31111053
(PID) Process:(3960) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3960) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3960) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3960) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3960) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
29
Text files
44
Unknown types
1

Dropped files

PID
Process
Filename
Type
4020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\email-decode.min[1].jshtml
MD5:9E8F56E8E1806253BA01A95CFC3D392C
SHA256:2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
4020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:C124AB3DF2092EDC597024D8CB322FDD
SHA256:A54768AF0CD2876934AC7D916B54971084ECF45619480F9757F875651E52497F
4020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:189636FC945E5D850C531F0EA23203AF
SHA256:3188DC4E889EF311DE93EF492ED408EB6A29BC72A757635D262F21FCF94DB319
4020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\select2.min[1].csstext
MD5:9F54E6414F87E0D14B9E966F19A174F9
SHA256:15D6AD4DFDB43D0AFFAD683E70029F97A8F8FC8637A28845009EE0542DCCDF81
4020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:07373C15CD439AD2417DE621DD29930E
SHA256:B498614688FED921AF4CE7E0C95B88F1BED487BDADBFCCB7A6B452A6237E6E8F
4020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\F28N89R0.htmhtml
MD5:AE96DFF3FCBFE37C08200E893ACAFEFD
SHA256:4CD1F6478DFA0053F37065EBCA5C4080C457BEDE3BDF7931C4251CCA0397A629
4020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\typed.min[1].jss
MD5:F68641147185CBDED4B38B4900A20F40
SHA256:39B5F0A136AC9C139981B89E2EE615AC75FED86C0761C7EBF87D827BE7D86E5E
4020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\style.min[1].csstext
MD5:0AEE31AD9A6FF3A2CBA8CDB86F478A2A
SHA256:800015905E0E95D7E7EAE80F0E6EACF3863D05206AE99104686EE275F19E010C
4020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464der
MD5:8202A1CD02E7D69597995CABBE881A12
SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
4020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\cookieconsent[1].csstext
MD5:A8D96B4620E71D5CDD85EA03A1EE2CC6
SHA256:4E5A1815609E1B500701E8A9C63A4EE98C47794025A0DE9BBC7B8A3FDC4419E6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
38
DNS requests
25
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4020
iexplore.exe
GET
304
2.19.126.163:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f1d6845798772d53
unknown
unknown
4020
iexplore.exe
GET
304
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?210b99e4fbc8d7fd
unknown
unknown
4020
iexplore.exe
GET
200
216.58.206.35:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
4020
iexplore.exe
GET
200
216.58.206.35:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
unknown
unknown
4020
iexplore.exe
GET
200
216.58.206.35:80
http://c.pki.goog/r/r1.crl
unknown
unknown
4020
iexplore.exe
GET
200
216.58.206.35:80
http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDYZgbBAL1kNgmDY%2FBY1XtS
unknown
unknown
4020
iexplore.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
unknown
unknown
4020
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
unknown
4020
iexplore.exe
GET
200
108.138.2.195:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
unknown
4020
iexplore.exe
GET
200
18.67.244.224:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4020
iexplore.exe
172.67.68.47:443
me2.kr
CLOUDFLARENET
US
unknown
4020
iexplore.exe
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
4020
iexplore.exe
2.19.126.163:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
4020
iexplore.exe
216.58.206.35:80
ocsp.pki.goog
GOOGLE
US
whitelisted
4020
iexplore.exe
142.250.184.200:443
www.googletagmanager.com
GOOGLE
US
unknown
4020
iexplore.exe
2.19.224.12:443
ads-partners.coupang.com
AKAMAI-AS
FR
unknown
4020
iexplore.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
shared

DNS requests

Domain
IP
Reputation
me2.kr
  • 104.26.10.204
  • 172.67.68.47
  • 104.26.11.204
malicious
ctldl.windowsupdate.com
  • 2.19.126.137
  • 2.19.126.163
whitelisted
ocsp.pki.goog
  • 216.58.206.35
whitelisted
ads-partners.coupang.com
  • 2.19.224.12
unknown
www.googletagmanager.com
  • 142.250.184.200
whitelisted
c.pki.goog
  • 216.58.206.35
unknown
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
o.pki.goog
  • 216.58.206.35
unknown
ocsp.usertrust.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
partners.coupangcdn.com
  • 3.162.38.77
  • 3.162.38.88
  • 3.162.38.122
  • 3.162.38.20
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://me2.kr