analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://getsoftkey.cf/getfile?id=7SAPmhBzICo&s=C0B24C23

Full analysis: https://app.any.run/tasks/c14a4027-585d-4250-bada-decda591b49c
Verdict: No threats detected
Analysis date: August 31, 2019, 19:18:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

6926CE34D7D244DA9050D57B904D8283

SHA1:

FDDCB560A54033DBF98D4CB00BC5C3241E544D55

SHA256:

39D090F9B0DD3FD88A36E3B0C65184E9F69B31506CDFA300527E82348216CDED

SSDEEP:

3:N1KZARNDROs0DIAOS2kIfsmKKYmFRgW:C+uDOLEmXrgW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2744)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3304)
    • Creates files in the user directory

      • iexplore.exe (PID: 3304)
      • iexplore.exe (PID: 2744)
    • Changes internet zones settings

      • iexplore.exe (PID: 2744)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3304)
      • iexplore.exe (PID: 2744)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2744"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3304"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2744 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
365
Read events
304
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
13
Unknown types
5

Dropped files

PID
Process
Filename
Type
2744iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2744iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3304iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0UESZW6O\getfile[1].txt
MD5:
SHA256:
2744iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon3[1].png
MD5:
SHA256:
3304iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:8EB77E5ECAD1E1C7E6A66D0B33DF8B00
SHA256:65139DF5D6F1951CDDC9CEA33EA97D4F01DEAA57248A7302C309790D783007D1
3304iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@getsoftkey[1].txttext
MD5:70851E93C619A9ECBAA585CD06D34241
SHA256:F742EE7C11205945DCC43E519C893D1CB8F753F2EAC8246B0E4880E953B5BF6F
3304iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KUSVOZV0\button-download[1].jpgimage
MD5:C3D18B806E539F92FCC2B2F9175213FB
SHA256:A07CEFB0F80E64EF53AC3F1605B0596B37A6CCE9BFAF7EF51CA552E36FA8BEBB
3304iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0UESZW6O\style-3[1].csstext
MD5:29767DEB21E4259E7CED74962C2B4F43
SHA256:7658C57E55EB4CEAB6642B6E94EDE8892F8EDFDC6899F81C2B3029AACF3C76D1
3304iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:F36016547A94748F079DA07142EAC643
SHA256:5E0AC7AACA56E3F2922E9410644E2FAD64BC84F87D0AAA889954A1943A33EAF3
3304iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:27745C585EC29FF79D6409CEAC97D844
SHA256:6E297F59E90B03EC9501EC9376800D22142D7B47A46944C556B640034E38C4B4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
5
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3304
iexplore.exe
GET
200
104.28.29.105:80
http://getsoftkey.cf/getfile?id=7SAPmhBzICo&s=C0B24C23
US
html
1.52 Kb
suspicious
3304
iexplore.exe
GET
200
104.28.29.105:80
http://getsoftkey.cf/js/controller-3.js
US
text
1.38 Kb
suspicious
3304
iexplore.exe
GET
200
104.28.29.105:80
http://getsoftkey.cf/content/images/button-download.jpg
US
image
21.1 Kb
suspicious
3304
iexplore.exe
GET
200
104.28.29.105:80
http://getsoftkey.cf/content/images/back.jpg
US
image
141 Kb
suspicious
3304
iexplore.exe
GET
200
104.28.29.105:80
http://getsoftkey.cf/content/style-3.css
US
text
936 b
suspicious
2744
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2744
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2744
iexplore.exe
104.28.29.105:80
getsoftkey.cf
Cloudflare Inc
US
shared
3304
iexplore.exe
104.28.29.105:80
getsoftkey.cf
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
getsoftkey.cf
  • 104.28.29.105
  • 104.28.28.105
suspicious

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO DNS Query for Suspicious .cf Domain
3304
iexplore.exe
Misc activity
SUSPICIOUS [PTsecurity] JS obfuscation (obfuscator.io)
3304
iexplore.exe
Misc activity
SUSPICIOUS [PTsecurity] Redirection JScript Obfuscated (seen Banload)
No debug info