URL:

https://e1.pcloud.link/publink/show?code=XZ0pS8ZbBTmVknTxUVidSnILfsq8XDM6p5V

Full analysis: https://app.any.run/tasks/d453a63b-2371-45bb-900f-f6b90d22ad4e
Verdict: Malicious activity
Analysis date: December 06, 2022, 04:52:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

9A78973390B7207945BF8E54908686BC

SHA1:

0B88B4B7C3D9F11595C2F621BACAFAFE41A241BB

SHA256:

3A78241AB2380D9EE4EAA2F75825066AAED5B2F750E697EBB0D2D89F344C0A3E

SSDEEP:

3:N8vsGLoHCokF6PDbbu6/hoTY:2UXioW6PDuah3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 1684)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1684"C:\Program Files\Internet Explorer\iexplore.exe" "https://e1.pcloud.link/publink/show?code=XZ0pS8ZbBTmVknTxUVidSnILfsq8XDM6p5V"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
1944"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1684 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\sechost.dll
Total events
15 882
Read events
15 760
Write events
122
Delete events
0

Modification events

(PID) Process:(1684) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(1684) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(1684) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31000878
(PID) Process:(1684) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(1684) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31000878
(PID) Process:(1684) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1684) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1684) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1684) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1684) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
18
Text files
25
Unknown types
18

Dropped files

PID
Process
Filename
Type
1944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
1944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:E31A40D696AC4C8F44ADB11ABB41A00B
SHA256:ED2EA8231857A894581BFDF6F18754D3565C87F43853E4E4FF7FBD0775CD2097
1944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9der
MD5:7E9C17CA965829AAD52D0C8889C459FF
SHA256:0B600298185D40776B1A329716ABFECEABAB3306D0F13DC21FCC4F8F37C749F0
1944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\plyr[1].csstext
MD5:8A9780CDC9BBC58BCAB483460B6FEFA5
SHA256:F8E7E4DE1E9F1853967930E65E54635BA278937653525E048EC92F5639139F6D
1944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:C51850A96D359A09A3A3A2249C52A92D
SHA256:D66175EC867BEE8F450F2F3AD05D9D161384241244E6D5CF791A608DD31EF175
1944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:B4C04B95A644AB4679E6FEDA2398E93F
SHA256:CD047A6858E3AA91AE78549B83706FC966CC065753E85AA47A15DE3778093862
1944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9binary
MD5:D1CA6B65BEFE5C97D7E759A5AC33A5EB
SHA256:13187618AF86AEADBD4A959C893D8DDAD8F60AA34A7771CF86D749DA8E21851F
1944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\204C1AA6F6114E6A513754A2AB5760FA_8690C36549B719BD693093B17714BD3Dbinary
MD5:60ED79C80E90B1C0BA9F4C8AFBDD06A7
SHA256:400240E69CEFA0D5CC1724DA02A29E93DC33A91355F72697C0F03BD0AF9DEF65
1944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\204C1AA6F6114E6A513754A2AB5760FA_8690C36549B719BD693093B17714BD3Dder
MD5:FCD8C0E1DB47EBD81A80800D40CE6A6E
SHA256:A0E8275AE35016535A6276F033323F6045FDD42293CC46D9C0AC526FA63B6A35
1944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\show[1].htmhtml
MD5:039D7ACB966419C6358ACDDFA8AB6ACA
SHA256:4BB19A00989DA651FEE59E8C8CFADBD8C2922112EF1629D5E22B096F3D72BD8F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
65
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1944
iexplore.exe
GET
200
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bae27c5a4ede1e5c
GB
compressed
4.70 Kb
whitelisted
1944
iexplore.exe
GET
200
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d4b38c7cf958170a
GB
compressed
4.70 Kb
whitelisted
1944
iexplore.exe
GET
200
172.64.155.188:80
http://crl.comodoca.com/AAACertificateServices.crl
US
der
506 b
whitelisted
1944
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
1.42 Kb
whitelisted
1944
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEQCTi7COYph7T3X5jLalBFyW
US
der
2.18 Kb
whitelisted
1944
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRyyuDOSqb8BtprWZSAvBT9kFoYdwQU%2BftQxItnu2dk%2FoMhpqnOP1WEk5kCEGfCOujnniOa%2FdI38xEBJq8%3D
US
der
471 b
whitelisted
1944
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
1944
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
1944
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
US
der
724 b
whitelisted
1944
iexplore.exe
GET
200
52.219.75.218:80
http://crl.quovadisglobal.com/qvrca2.crl
DE
der
2.22 Kb
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1944
iexplore.exe
95.140.236.0:80
ctldl.windowsupdate.com
LLNW
US
whitelisted
1944
iexplore.exe
45.131.244.57:443
pCloud AG
CH
unknown
1684
iexplore.exe
13.107.21.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1944
iexplore.exe
104.18.32.68:80
ocsp.comodoca.com
CLOUDFLARENET
suspicious
1944
iexplore.exe
172.64.155.188:80
ocsp.comodoca.com
CLOUDFLARENET
US
suspicious
1944
iexplore.exe
142.250.186.42:443
fonts.googleapis.com
GOOGLE
US
whitelisted
1944
iexplore.exe
151.101.193.26:443
polyfill.io
FASTLY
US
unknown
1944
iexplore.exe
172.255.6.177:443
pcdn-e.pcloud.com
SERVERS-COM
NL
malicious
1944
iexplore.exe
104.27.195.88:443
cdn.plyr.io
CLOUDFLARENET
US
shared
1684
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
ctldl.windowsupdate.com
  • 95.140.236.0
whitelisted
ocsp.comodoca.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
crl.comodoca.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
ocsp.usertrust.com
  • 104.18.32.68
  • 172.64.155.188
whitelisted
fonts.googleapis.com
  • 142.250.186.42
whitelisted
pcdn-e.pcloud.com
  • 172.255.6.177
malicious
polyfill.io
  • 151.101.193.26
  • 151.101.1.26
  • 151.101.129.26
  • 151.101.65.26
whitelisted
cdn.plyr.io
  • 104.27.195.88
  • 104.27.194.88
malicious

Threats

No threats detected
No debug info