URL:

njav.tv

Full analysis: https://app.any.run/tasks/198c455c-d860-4465-ae79-5bebf4e79b5e
Verdict: Malicious activity
Analysis date: May 16, 2024, 15:49:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D4519611CE6E5DB576AA2D1AB0CA6592

SHA1:

BFBA2A286529EFEF39AF325C13357184CF60182F

SHA256:

37A5A2688FAA9A1BE90AC5E798251008069EDCA799C1F516E759AC7B40D0DBD8

SSDEEP:

3:ATlT:ATlT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2036)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2036)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2036)

    • Application launched itself

      • iexplore.exe (PID: 3972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1600"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3972 CREDAT:791822 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2036"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3972"C:\Program Files\Internet Explorer\iexplore.exe" "njav.tv"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4028"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3972 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
33 720
Read events
33 493
Write events
116
Delete events
111

Modification events

(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31106984
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31106984
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
30
Text files
56
Unknown types
10

Dropped files

PID
Process
Filename
Type
4028iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\EEV1P5TB.htmhtml
MD5:0104C301C5E02BD6148B8703D19B3A73
SHA256:446A6087825FA73EADB045E5A2E9E2ADF7DF241B571228187728191D961DDA1F
4028iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab3AE8.tmpcompressed
MD5:29F65BA8E88C063813CC50A4EA544E93
SHA256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:5B556DB45820B93CDCA4AC22DD450196
SHA256:9616941A515B36FF3BCECAB58EFEA78104EEB0B83154124F8042E564CBBF0302
4028iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar3AE9.tmpbinary
MD5:435A9AC180383F9FA094131B173A2F7B
SHA256:67DC37ED50B8E63272B49A254A6039EE225974F1D767BB83EB1FD80E759A7C34
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:29F65BA8E88C063813CC50A4EA544E93
SHA256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:EF352BCE41ACB2F99E535AA94DACCA27
SHA256:58D05733128682377478E1656DE9DABFCF85F89E18242E0AA26B2FA178331E67
4028iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\de[1].htmhtml
MD5:F7528160714DCF3DC81B8DC0D8028ED5
SHA256:D0DAFA7B4E155EDF557888C11F364474B02223006A25CE6CE3B268EF0174B216
4028iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\logo[1].pngimage
MD5:BE9C6F8FBF1F8F3009FC179D365496FF
SHA256:EBAD2514DA62465953F9FE7E87EA75F837BA633DD25079C66567E87004467F48
4028iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\app[1].csstext
MD5:F89EF40317FA56AC0DB4C701786DA731
SHA256:497F213B97535F6206F5641107F49AA461D009CBDB389F4ADDAC3AEE4327BD38
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:CAE3BFA5D8694A1EA02E0D8512AA2742
SHA256:0A53C69C4FBC007DE5B6898F7C1A2A85B808F64D02FFA2F079EB1803F232F88E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
92
DNS requests
40
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4028
iexplore.exe
GET
301
104.21.83.198:80
http://njav.tv/
unknown
unknown
4028
iexplore.exe
GET
304
217.20.57.40:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?99c9fdafe1a1de72
unknown
unknown
4028
iexplore.exe
GET
200
217.20.57.40:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f1d6845798772d53
unknown
unknown
4028
iexplore.exe
GET
304
217.20.57.40:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8ea8eef652da7bfd
unknown
unknown
4028
iexplore.exe
GET
304
217.20.57.40:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9335e1f391665c0a
unknown
unknown
4028
iexplore.exe
GET
200
2.19.105.18:80
http://x1.c.lencr.org/
unknown
unknown
4028
iexplore.exe
GET
304
217.20.57.27:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a7e71e188080e5ee
unknown
unknown
4028
iexplore.exe
GET
304
217.20.57.35:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4a66f076aad552bf
unknown
unknown
4028
iexplore.exe
GET
304
217.20.57.35:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8687ee5069c7e7e2
unknown
unknown
4028
iexplore.exe
GET
304
217.20.57.35:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6d72a64ca33d0463
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4028
iexplore.exe
104.21.83.198:80
njav.tv
CLOUDFLARENET
unknown
4028
iexplore.exe
104.21.83.198:443
njav.tv
CLOUDFLARENET
unknown
4028
iexplore.exe
217.20.57.40:80
ctldl.windowsupdate.com
US
unknown
4028
iexplore.exe
2.19.105.18:80
x1.c.lencr.org
AKAMAI-AS
DE
unknown
3972
iexplore.exe
2.19.96.27:443
www.bing.com
Akamai International B.V.
DE
unknown
4028
iexplore.exe
104.17.25.14:443
cdnjs.cloudflare.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
njav.tv
  • 104.21.83.198
  • 172.67.181.8
unknown
ctldl.windowsupdate.com
  • 217.20.57.40
  • 217.20.57.18
  • 217.20.57.24
  • 217.20.57.19
  • 217.20.57.25
  • 217.20.57.37
  • 217.20.57.38
  • 217.20.57.27
  • 217.20.57.34
  • 217.20.57.41
  • 217.20.57.35
  • 217.20.57.42
whitelisted
x1.c.lencr.org
  • 2.19.105.18
whitelisted
x2.c.lencr.org
  • 2.19.105.18
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 2.19.96.129
  • 2.19.96.56
  • 2.19.96.123
  • 2.19.96.26
  • 2.19.96.49
  • 2.19.96.27
  • 2.19.96.35
  • 2.19.96.34
  • 2.19.96.130
  • 95.101.27.85
  • 95.101.27.80
  • 95.101.27.84
  • 95.101.27.75
  • 95.101.27.77
  • 95.101.27.89
  • 95.101.27.90
  • 95.101.27.79
  • 95.101.27.88
  • 2.19.96.66
  • 2.19.96.107
  • 2.19.96.128
  • 2.19.96.91
  • 2.19.96.80
  • 2.19.96.90
  • 2.19.96.83
whitelisted
cdnjs.cloudflare.com
  • 104.17.25.14
  • 104.17.24.14
whitelisted
fonts.googleapis.com
  • 142.250.186.106
whitelisted
static.njav.tv
  • 104.21.83.198
  • 172.67.181.8
unknown
www.googletagmanager.com
  • 172.217.16.200
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
njav.tv