analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.coursera.org%2FHrrNKgsXvsmZ&data=04%7C01%7CHind.Alsaadi%40digitaldubai.ae%7Ceaf23025ba9642ed5b9b08d99c23fdaf%7C2cc2d76d2d544a77885672cace111bd2%7C1%7C0%7C637712500672840259%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fA4hl83A3%2FXkoYvVYlsgbP1ZCqBgUlHYgO3zYKOq9GI%3D&reserved=0

Full analysis: https://app.any.run/tasks/0eda91fa-c186-4983-ae6c-5605f86ef063
Verdict: Malicious activity
Analysis date: October 31, 2021, 04:33:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

EE544112946266A721CBF5827B4CC0FD

SHA1:

65B0F248A91830297D42BC1CF2F5FFAB2E147246

SHA256:

39678E0ECD925A9DA77A93C564A0004F2FC98D2E01924ECFFC66C1225BF4EEF9

SSDEEP:

12:2A5qxILdzrDuFUJiWQRhCKP7RlhXdozOlM:2uqIzrDu2JURfP7vVY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3280)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3280)
      • iexplore.exe (PID: 2892)

    • Checks supported languages

      • iexplore.exe (PID: 3280)
      • iexplore.exe (PID: 2892)

    • Application launched itself

      • iexplore.exe (PID: 2892)

    • Changes internet zones settings

      • iexplore.exe (PID: 2892)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3280)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3280)
      • iexplore.exe (PID: 2892)

    • Creates files in the user directory

      • iexplore.exe (PID: 3280)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3280)
      • iexplore.exe (PID: 2892)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2892"C:\Program Files\Internet Explorer\iexplore.exe" "https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.coursera.org%2FHrrNKgsXvsmZ&data=04%7C01%7CHind.Alsaadi%40digitaldubai.ae%7Ceaf23025ba9642ed5b9b08d99c23fdaf%7C2cc2d76d2d544a77885672cace111bd2%7C1%7C0%7C637712500672840259%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fA4hl83A3%2FXkoYvVYlsgbP1ZCqBgUlHYgO3zYKOq9GI%3D&reserved=0"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3280"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2892 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
16 547
Read events
15 987
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
35
Text files
89
Unknown types
41

Dropped files

PID
Process
Filename
Type
3280iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2F23D0F5E4D72862517E1CB26A329742_F6FACC49395CFA949BCE851E73323C49der
MD5:ED653E1A401079485801AF84FB7884C8
SHA256:5346D23D11F04DA606E1310ABDB8B3C2B5EA5F88676A8BE868CE95991464BEDF
3280iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4Fbinary
MD5:C6ACD8059C4D99795E9C1043031D39C0
SHA256:942C108F7E26394207226065206FBD297135E897BA3A9FE91E0261E5DE48EF27
2892iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:6C0A745B5AB0B474E187D99D2DD3E6BF
SHA256:188ECB5E400230133C8217D6A722B2BAE98296C60CF95BDD9A60A7FFA3E20E7E
3280iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:A6F9F5AE9C7F01A4AA8CE04C8E9BF4CC
SHA256:6FD98FF908D85D27E10F40D60CE35725452E2353F75E023E8070415138BC5FB9
3280iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC5A820A001B41D68902E051F36A5282_0F30E2B2066AE2EB78D964F2AE335C46binary
MD5:A2D5DC8BE6CB940B1C0DAFC9814BED42
SHA256:CC01298D74C2AA1FC4F8AA8D0C4D3409EADACC46ACEA755DD86D8C72167E1DF0
3280iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894der
MD5:5F746C7C6A61CF5009B68CB13CA96274
SHA256:AD21E7566AC327D3D48D76E840E8ACC48F25831A4874B3B711775527D87D5DF9
3280iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC5A820A001B41D68902E051F36A5282_092D8D3B7D6060FEADA1E2B76C78EBC4binary
MD5:358469E9270DAF5416C745CB919A8B7F
SHA256:3CB81257093EE503EC615CCF64B12E2B7732E9376CCD442346FA40336FFF1F4F
3280iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62der
MD5:F444C5FEEE26C6E4530DAEF720B54449
SHA256:8A32201BC55F97D07E81BA54BD7F6BF3C66F2A8052B03025EE8BE67ACD685AEC
3280iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4Fder
MD5:15DB79133013F8A3676AF10F250AD06A
SHA256:C57CE646E8E2F4E52265A73E8B279D14E9BDEADA8E17537966C7A3AD81A6BBE1
3280iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\OURN4MBO.txttext
MD5:B5AC9FBA48630953B84177DFD7922CD1
SHA256:99D6B7023EE63AFD8723E61EBE326040109C7E5E362E862489480E32089B80AB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
33
TCP/UDP connections
115
DNS requests
51
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3280
iexplore.exe
GET
200
13.32.23.69:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
2892
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
3280
iexplore.exe
GET
200
13.32.23.96:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
3280
iexplore.exe
GET
200
143.204.214.141:80
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEA8yeaVkWB27Ou8mk7ilnk8%3D
US
der
471 b
whitelisted
2892
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f771e0cec0249870
US
whitelisted
2892
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?eb8569c322644158
US
whitelisted
3280
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAGewca9P1l7sgwzOOVR2Hc%3D
US
der
471 b
whitelisted
3280
iexplore.exe
GET
200
13.32.23.69:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
3280
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC4%2BUeL0O3WpQoAAAABCK%2BH
US
der
472 b
whitelisted
3280
iexplore.exe
GET
200
143.204.214.141:80
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAEsqV85%2BNMDPZOSkpL%2BzEo%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3280
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2892
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3280
iexplore.exe
104.47.84.28:443
are01.safelinks.protection.outlook.com
Microsoft Corporation
US
unknown
3280
iexplore.exe
34.199.107.0:443
eventing.coursera.org
Amazon.com, Inc.
US
unknown
3280
iexplore.exe
13.32.23.69:80
ocsp.rootg2.amazontrust.com
Amazon.com, Inc.
US
whitelisted
3280
iexplore.exe
13.35.253.92:443
go.coursera.org
US
unknown
3280
iexplore.exe
13.32.23.96:80
o.ss2.us
Amazon.com, Inc.
US
unknown
3280
iexplore.exe
143.204.214.141:80
ocsp.sca1b.amazontrust.com
US
whitelisted
2892
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2892
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
are01.safelinks.protection.outlook.com
  • 104.47.84.28
  • 104.47.83.28
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
go.coursera.org
  • 13.35.253.92
  • 13.35.253.58
  • 13.35.253.5
  • 13.35.253.119
malicious
o.ss2.us
  • 13.32.23.96
  • 13.32.23.104
  • 13.32.23.16
  • 13.32.23.215
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.rootg2.amazontrust.com
  • 13.32.23.69
  • 13.32.23.206
  • 13.32.23.89
  • 13.32.23.204
whitelisted
ocsp.rootca1.amazontrust.com
  • 13.32.23.69
  • 13.32.23.204
  • 13.32.23.206
  • 13.32.23.89
shared
ocsp.sca1b.amazontrust.com
  • 143.204.214.141
  • 143.204.214.142
  • 143.204.214.169
  • 143.204.214.74
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://are01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.coursera.org%2FHrrNKgsXvsmZ&data=04%7C01%7CHind.Alsaadi%40digitaldubai.ae%7Ceaf23025ba9642ed5b9b08d99c23fdaf%7C2cc2d76d2d544a77885672cace111bd2%7C1%7C0%7C637712500672840259%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fA4hl83A3%2FXkoYvVYlsgbP1ZCqBgUlHYgO3zYKOq9GI%3D&reserved=0