analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

secured_04587169ZEKDFAJRW.htm

Full analysis: https://app.any.run/tasks/c356885d-19ac-479b-acff-1ab1c8c95972
Verdict: Malicious activity
Analysis date: August 12, 2022, 16:24:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
phishing
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines
MD5:

5C6E3C5B7253D671CE746BD17F6B1CF8

SHA1:

D0357AACAE1373FC2E08ED2BBB8B02B242960F89

SHA256:

384EC363221FDA3D0A8FC12A929BC225D2F0903D3E76D8E68C5D1E30CD6E21BF

SSDEEP:

96:ehz6o0RDMP3R53X/NYHiNOb9TR6vr/4JA462tb:1XRDMrNYQWsz/ss2tb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3804)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 460)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3556)
      • iexplore.exe (PID: 3804)
      • iexplore.exe (PID: 3816)
      • chrome.exe (PID: 460)
      • chrome.exe (PID: 2408)
      • chrome.exe (PID: 2432)
      • chrome.exe (PID: 2804)
      • chrome.exe (PID: 3380)
      • chrome.exe (PID: 2244)
      • chrome.exe (PID: 2652)
      • chrome.exe (PID: 2292)
    • Checks supported languages

      • iexplore.exe (PID: 3556)
      • iexplore.exe (PID: 3804)
      • iexplore.exe (PID: 3816)
      • chrome.exe (PID: 460)
      • chrome.exe (PID: 2408)
      • chrome.exe (PID: 1060)
      • chrome.exe (PID: 2432)
      • chrome.exe (PID: 2772)
      • chrome.exe (PID: 3144)
      • chrome.exe (PID: 2156)
      • chrome.exe (PID: 2796)
      • chrome.exe (PID: 2804)
      • chrome.exe (PID: 3524)
      • chrome.exe (PID: 3488)
      • chrome.exe (PID: 4072)
      • chrome.exe (PID: 2244)
      • chrome.exe (PID: 3884)
      • chrome.exe (PID: 2972)
      • chrome.exe (PID: 2548)
      • chrome.exe (PID: 3380)
      • chrome.exe (PID: 1488)
      • chrome.exe (PID: 2652)
      • chrome.exe (PID: 2292)
    • Application launched itself

      • iexplore.exe (PID: 3556)
      • iexplore.exe (PID: 3804)
      • chrome.exe (PID: 460)
    • Changes internet zones settings

      • iexplore.exe (PID: 3556)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3804)
    • Reads the date of Windows installation

      • iexplore.exe (PID: 3556)
      • chrome.exe (PID: 2652)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3556)
      • chrome.exe (PID: 2432)
    • Manual execution by user

      • chrome.exe (PID: 460)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
63
Monitored processes
23
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe no specs iexplore.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3556"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\Desktop\secured_04587169ZEKDFAJRW.htm.html"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3804"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3556 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3816"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3556 CREDAT:333057 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
460"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\admin\Desktop\secured_04587169ZEKDFAJRW.htm.htmlC:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
1060"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e8bd988,0x6e8bd998,0x6e8bd9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
2408"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,1124123049328735460,11780192210459936101,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1060 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
2432"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1028,1124123049328735460,11780192210459936101,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1424 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
2156"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,1124123049328735460,11780192210459936101,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
2772"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,1124123049328735460,11780192210459936101,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1936 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
3144"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,1124123049328735460,11780192210459936101,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Total events
20 892
Read events
20 634
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
137
Text files
108
Unknown types
15

Dropped files

PID
Process
Filename
Type
460chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62F67EDD-1CC.pma
MD5:
SHA256:
3556iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{4B8D5C98-1A5B-11ED-8C90-12A9866C77DE}.datbinary
MD5:D145EEB457FD5695D7E3F57D7506DC07
SHA256:AEB0996407970D1E5D6FBA6D49055F1044F907B6822C745E6DFC300F4C394BA4
3556iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{4B8D5C99-1A5B-11ED-8C90-12A9866C77DE}.datbinary
MD5:C4CBB230CEC782BD0D100F8EBC5DE82D
SHA256:15D92A3586D9463231F21F1A42E0E40B4C89041C69157F6F16960CBF4D5EE698
3556iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{40E83CC7-1A5B-11ED-8C90-12A9866C77DE}.datbinary
MD5:D56013C0B278ABD05FF720501CD98576
SHA256:19828FF16B285046A4D32A3A4911635B1B9AFBFBFFDABAFADC547910030726E0
3556iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{40E83CC5-1A5B-11ED-8C90-12A9866C77DE}.datbinary
MD5:02799AF80A16ED2C66D3F29DE65ECA40
SHA256:4581B49DC763D5BA8BE167033244172C86CA9F8496FC0937FB5F3620EA90B6EA
3556iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{40E83CC6-1A5B-11ED-8C90-12A9866C77DE}.datbinary
MD5:449208F6B2FBBAD6C14ABD9A4C69F87B
SHA256:390D80557212AC1514AC16A345AEF6C3B0BF0120099BBE53BD33C305C5410E22
3556iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.datbinary
MD5:555648A7612ABD12457FE0B83C41A41F
SHA256:CBFFA30C57649045DDC212370111A5E0DB620EF1CAA321FDB98459E398EE0B69
3556iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF9BC631C34829056D.TMPgmc
MD5:6C180CE22BA433D7016F8986B106C7EC
SHA256:6DFF89D674FFF7E35FCE399488FE178F2A1133595D27A2DF9D03B86D0025C2CA
3556iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF4F543EC399E63097.TMPgmc
MD5:23DEAB3EA907DC5E0F81BEDB79423809
SHA256:2E3666A31F1CFD4B45C32EE753EC812C3D1A24803A1A7A95AAEB01E9B5DCA31B
3556iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFE885797D4CE958AF.TMPgmc
MD5:A6B80FCCCD9B749D68B40742608E8022
SHA256:7C85E022A7E821A0BA02C50193F391DAB09DB9D08520651E06277056D92AC460
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
44
DNS requests
31
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2432
chrome.exe
GET
302
142.250.181.238:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
612 b
whitelisted
384
svchost.exe
GET
304
67.27.158.126:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?12e9e0ec09484912
US
whitelisted
3556
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/DigiCertGlobalRootCA.crl
US
der
631 b
whitelisted
3556
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/Omniroot2025.crl
US
der
7.78 Kb
whitelisted
2432
chrome.exe
GET
200
67.27.158.126:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d4581c04c043f3ec
US
compressed
60.2 Kb
whitelisted
3556
iexplore.exe
GET
200
67.27.158.126:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d294d8294014cb87
US
compressed
4.70 Kb
whitelisted
2432
chrome.exe
GET
200
84.15.64.172:80
http://r1---sn-cpux-30oe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=e_&mip=85.206.166.82&mm=28&mn=sn-cpux-30oe&ms=nvh&mt=1660321228&mv=m&mvi=1&pcm2cms=yes&pl=22&rmhost=r2---sn-cpux-30oe.gvt1.com&shardbypass=sd&smhost=r1---sn-cpux-8ovs.gvt1.com
LT
crx
242 Kb
whitelisted
928
svchost.exe
HEAD
142.250.181.238:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/acym664js5xux6kw2viy4atw4uda_2022.8.8.1144/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.8.8.1144_all_olesxce7qq7cy7sctjkoeb4tce.crx3
US
whitelisted
2432
chrome.exe
POST
302
162.0.229.247:80
http://fltsmu94.chasehotelgroupi.tk/wild/post.php
CA
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3556
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3556
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2432
chrome.exe
67.27.158.126:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
malicious
3556
iexplore.exe
67.27.158.126:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
malicious
2432
chrome.exe
172.217.16.131:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3556
iexplore.exe
13.107.22.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2432
chrome.exe
142.250.181.225:443
clients2.googleusercontent.com
Google Inc.
US
whitelisted
2432
chrome.exe
94.158.246.181:443
isnxfey.chasehotelgrou.ga
suspicious
2432
chrome.exe
142.250.185.142:443
clients2.google.com
Google Inc.
US
whitelisted
2432
chrome.exe
172.217.23.109:443
accounts.google.com
Google Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ctldl.windowsupdate.com
  • 67.27.158.126
  • 67.26.137.254
  • 67.27.235.126
  • 8.248.137.254
  • 8.241.121.126
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
accounts.google.com
  • 172.217.23.109
shared
clients2.google.com
  • 142.250.185.142
whitelisted
clientservices.googleapis.com
  • 172.217.16.131
whitelisted
clients2.googleusercontent.com
  • 142.250.181.225
whitelisted
isnxfey.chasehotelgrou.ga
  • 94.158.246.181
suspicious
8259734.chasehotelgrou.ga
  • 94.158.246.181
suspicious

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO DNS Query for Suspicious .ga Domain
2432
chrome.exe
Potentially Bad Traffic
ET INFO Suspicious Domain (*.ga) in TLS SNI
2432
chrome.exe
Potentially Bad Traffic
ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.ga)
2432
chrome.exe
Potentially Bad Traffic
ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.ga)
2432
chrome.exe
Potentially Bad Traffic
ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.ga)
Potentially Bad Traffic
ET DNS Query to a .tk domain - Likely Hostile
2432
chrome.exe
A Network Trojan was detected
ET CURRENT_EVENTS Possible Successful Phish to .tk domain Aug 26 2016
2432
chrome.exe
Potentially Bad Traffic
ET POLICY HTTP Request to a *.tk domain
2432
chrome.exe
A Network Trojan was detected
ET CURRENT_EVENTS Possible Successful Generic Phish Jan 14 2016
No debug info