analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://direct-link.net/238777/BoogaBoogaGui

Full analysis: https://app.any.run/tasks/3f854c4d-420e-456d-94cb-e8ba6284a2d2
Verdict: Malicious activity
Analysis date: January 24, 2022, 19:23:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

8215C275FC1302AB6CCE70F8C8C170DD

SHA1:

FEB8587377A117183797EA1DF5A030AA7DB78D55

SHA256:

3A4FD2982BE6877189196B3E40D2B01C49FB539E8B54A24C9128CC66CF55D689

SSDEEP:

3:N8UQGRBkoNh5kORCLZ:2UdBkoN4XLZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2684)

  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 1408)
      • iexplore.exe (PID: 2684)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1408)
      • iexplore.exe (PID: 2684)

    • Reads the computer name

      • iexplore.exe (PID: 1408)
      • iexplore.exe (PID: 2684)

    • Changes internet zones settings

      • iexplore.exe (PID: 1408)

    • Application launched itself

      • iexplore.exe (PID: 1408)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 1408)

    • Creates files in the user directory

      • iexplore.exe (PID: 2684)
      • iexplore.exe (PID: 1408)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2684)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1408)
      • iexplore.exe (PID: 2684)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1408"C:\Program Files\Internet Explorer\iexplore.exe" "https://direct-link.net/238777/BoogaBoogaGui"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2684"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
Total events
19 229
Read events
19 096
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
35
Text files
75
Unknown types
41

Dropped files

PID
Process
Filename
Type
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:7BAC7CE09ECBE2562E8C27EC492E762A
SHA256:80133022535B8AC5D1423079D67A5305FDB7815EBD5F76D6864C2F75E132408A
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:7CC7B3EB550DB287395F4386E974C126
SHA256:91304E9EDEF4499ED9B99D0A3FA2F9BA122237E0581E25CE43F454D969B0C102
2684iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\polyfills-es5.481e21a15f8209d0e3d2[1].jstext
MD5:4A25E8B1A2835C3F65ACCDE15AFE45ED
SHA256:199B49B679EED954AE1C88A41C94C4E4FE305F3E9F6C883640D6ABDAC467A492
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:9BDB5C16D208A559C30A9C209F79E3B0
SHA256:A1A8603DE72B0745A074C779896387AF1ACA82625712CA4EB819462D7E8B24E7
2684iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ads[1].jstext
MD5:59FEDBF7D67D023C2B5C44FDFAA0A7F3
SHA256:249470CFF8505CC8C85AC64180D30AE26FAA2B6FC8DDABA81F74DADB19837222
2684iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\lgs0rip[1].csstext
MD5:F724EB0ADF3FFEA08F2F61F3EC51AAD3
SHA256:678D6C73F705F62065023F753FCB49655327277C3880319E49DCAAEF1CF063B1
1408iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8Fbinary
MD5:075B660D2651AC52C05070EA0FD387BE
SHA256:4667A16BE14E53A67147E6076ECB6F12978185F0638B14BE87EDEB3A21147600
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:49639B4124119DFEB7616D8DD50F9BB7
SHA256:7F935C9D0A9BD17558459D5A6387B61452011BEA4589AD94A6F2435540A373B5
1408iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8Fder
MD5:E1EAE72E3715286294FAE5B772B54D91
SHA256:CDF348AD50D67BDDAA3E15E75B24A792DBCF8A8C72519F12C357A96FAF381C03
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:494A7483CEAF488A79CB45418E88ECCD
SHA256:9A65904F97742B3D8844EFAFCE7D9E9DA7C1B96A8FDE541E718768AE68293D50
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
128
DNS requests
57
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2684
iexplore.exe
GET
104.18.30.182:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
whitelisted
2684
iexplore.exe
GET
18.66.242.188:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
whitelisted
1408
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/Omniroot2025.crl
US
der
7.68 Kb
whitelisted
2684
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
2684
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
2684
iexplore.exe
GET
200
142.250.184.195:80
http://crl.pki.goog/gsr1/gsr1.crl
US
der
1.61 Kb
whitelisted
2684
iexplore.exe
GET
200
104.18.30.182:80
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
US
der
978 b
whitelisted
2684
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
2684
iexplore.exe
GET
200
104.18.31.182:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQCCpp%2FB6wb3ghw0FkPuQvUm
US
der
472 b
whitelisted
2684
iexplore.exe
GET
142.250.184.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEH4wYrandiOsCgAAAAErgCs%3D
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2684
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2684
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2684
iexplore.exe
142.250.186.106:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2684
iexplore.exe
162.159.137.85:443
linkvertise.com
Cloudflare Inc
malicious
1408
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1408
iexplore.exe
13.107.22.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
104.16.19.94:443
cdnjs.cloudflare.com
Cloudflare Inc
US
suspicious
2684
iexplore.exe
195.181.175.48:443
maxst.icons8.com
Datacamp Limited
DE
suspicious
2684
iexplore.exe
92.123.225.75:443
use.typekit.net
Akamai International B.V.
whitelisted
2684
iexplore.exe
104.21.61.249:443
direct-link.net
Cloudflare Inc
US
suspicious

DNS requests

Domain
IP
Reputation
direct-link.net
  • 104.21.61.249
  • 172.67.217.63
suspicious
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
www.microsoft.com
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
linkvertise.com
  • 162.159.137.85
  • 162.159.138.85
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.22.200
  • 131.253.33.200
whitelisted
crl3.digicert.com
  • 93.184.220.29
whitelisted
cdnjs.cloudflare.com
  • 104.16.19.94
  • 104.16.18.94
whitelisted
fonts.googleapis.com
  • 142.250.186.106
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://direct-link.net/238777/BoogaBoogaGui