URL:

njav.tv

Full analysis: https://app.any.run/tasks/198c455c-d860-4465-ae79-5bebf4e79b5e
Verdict: Malicious activity
Analysis date: May 16, 2024, 15:49:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D4519611CE6E5DB576AA2D1AB0CA6592

SHA1:

BFBA2A286529EFEF39AF325C13357184CF60182F

SHA256:

37A5A2688FAA9A1BE90AC5E798251008069EDCA799C1F516E759AC7B40D0DBD8

SSDEEP:

3:ATlT:ATlT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3972)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2036)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2036)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2036)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1600"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3972 CREDAT:791822 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2036"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3972"C:\Program Files\Internet Explorer\iexplore.exe" "njav.tv"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4028"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3972 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
33 720
Read events
33 493
Write events
116
Delete events
111

Modification events

(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31106984
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31106984
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3972) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
30
Text files
56
Unknown types
10

Dropped files

PID
Process
Filename
Type
4028iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\EEV1P5TB.htmhtml
MD5:0104C301C5E02BD6148B8703D19B3A73
SHA256:446A6087825FA73EADB045E5A2E9E2ADF7DF241B571228187728191D961DDA1F
4028iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\app[1].csstext
MD5:F89EF40317FA56AC0DB4C701786DA731
SHA256:497F213B97535F6206F5641107F49AA461D009CBDB389F4ADDAC3AEE4327BD38
4028iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\logo[1].pngimage
MD5:BE9C6F8FBF1F8F3009FC179D365496FF
SHA256:EBAD2514DA62465953F9FE7E87EA75F837BA633DD25079C66567E87004467F48
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:CAE3BFA5D8694A1EA02E0D8512AA2742
SHA256:0A53C69C4FBC007DE5B6898F7C1A2A85B808F64D02FFA2F079EB1803F232F88E
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:ABA467E1FFA28443E591C4B95EEFEA21
SHA256:9617468444E2067097A5DD44C33E03407EBA1F11C9575948033F0D0ADF4C5B5B
4028iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\app[1].jsbinary
MD5:9BE4ADB6FEF0DE5D9663C868EC56BD7E
SHA256:65405A16E693B321641EE6D8A60B0C8F839800CE5F4BD2D61A06FBB27748F415
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:E65967B40DF6B44D65235217357C4EC6
SHA256:E03E327DDB89F820FF36B6DCE1230F7C70402491384D94E0409F547796167027
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61der
MD5:5AE8478AF8DD6EEC7AD4EDF162DD3DF1
SHA256:FE42AC92EAE3B2850370B73C3691CCF394C23AB6133DE39F1697A6EBAC4BEDCA
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:612F8C63AA325244F342DF86BCA8F31C
SHA256:12FE9974D41E6E3793A62BBED9D25A11F4095E062C579D275C70FF7BD9BACDD7
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61binary
MD5:A78D2770CC5BA9447116D213FBE90D49
SHA256:644771E152C7A1C8D4FB4CED35722F41E97CB82FEB479F2CF6F418AB86A89C3D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
92
DNS requests
40
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4028
iexplore.exe
GET
304
217.20.57.40:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?99c9fdafe1a1de72
unknown
4028
iexplore.exe
GET
301
104.21.83.198:80
http://njav.tv/
unknown
4028
iexplore.exe
GET
200
217.20.57.40:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f1d6845798772d53
unknown
4028
iexplore.exe
GET
304
217.20.57.27:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a7e71e188080e5ee
unknown
4028
iexplore.exe
GET
304
217.20.57.35:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4a66f076aad552bf
unknown
4028
iexplore.exe
GET
304
217.20.57.35:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8687ee5069c7e7e2
unknown
4028
iexplore.exe
GET
304
217.20.57.35:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6d72a64ca33d0463
unknown
4028
iexplore.exe
GET
304
217.20.57.35:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?52ef78c13da6ef9d
unknown
GET
304
217.20.57.35:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?13cdbbbd5d429301
unknown
GET
304
217.20.57.35:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9061d5aa6d0ed04e
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
4028
iexplore.exe
104.21.83.198:80
njav.tv
CLOUDFLARENET
unknown
4028
iexplore.exe
104.21.83.198:443
njav.tv
CLOUDFLARENET
unknown
4028
iexplore.exe
217.20.57.40:80
ctldl.windowsupdate.com
US
unknown
4028
iexplore.exe
2.19.105.18:80
x1.c.lencr.org
AKAMAI-AS
DE
unknown
3972
iexplore.exe
2.19.96.27:443
www.bing.com
Akamai International B.V.
DE
unknown
4028
iexplore.exe
104.17.25.14:443
cdnjs.cloudflare.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
njav.tv
  • 104.21.83.198
  • 172.67.181.8
unknown
ctldl.windowsupdate.com
  • 217.20.57.40
  • 217.20.57.18
  • 217.20.57.24
  • 217.20.57.19
  • 217.20.57.25
  • 217.20.57.37
  • 217.20.57.38
  • 217.20.57.27
  • 217.20.57.34
  • 217.20.57.41
  • 217.20.57.35
  • 217.20.57.42
unknown
x1.c.lencr.org
  • 2.19.105.18
unknown
x2.c.lencr.org
  • 2.19.105.18
unknown
api.bing.com
  • 13.107.5.80
unknown
www.bing.com
  • 2.19.96.129
  • 2.19.96.56
  • 2.19.96.123
  • 2.19.96.26
  • 2.19.96.49
  • 2.19.96.27
  • 2.19.96.35
  • 2.19.96.34
  • 2.19.96.130
  • 95.101.27.85
  • 95.101.27.80
  • 95.101.27.84
  • 95.101.27.75
  • 95.101.27.77
  • 95.101.27.89
  • 95.101.27.90
  • 95.101.27.79
  • 95.101.27.88
  • 2.19.96.66
  • 2.19.96.107
  • 2.19.96.128
  • 2.19.96.91
  • 2.19.96.80
  • 2.19.96.90
  • 2.19.96.83
unknown
cdnjs.cloudflare.com
  • 104.17.25.14
  • 104.17.24.14
unknown
fonts.googleapis.com
  • 142.250.186.106
unknown
static.njav.tv
  • 104.21.83.198
  • 172.67.181.8
unknown
www.googletagmanager.com
  • 172.217.16.200
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
njav.tv