analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://cwqsz04.na1.hubspotlinks.com/Ctc/GC+113/cwQsz04/VWR4DM1JWMcFW1l8zVV8nl5T6W2NZxg54Pr3lSN4HzmdN3lSbtV1-WJV7CgPDmW2zFbh97jMyLxW6t9FzK8VN9zLW3fwg9_3QvcGYW8Xz0Hn7d-3NmW4_jbKb2tDz5YW1QNB1r2XTHlPW7PDqV-4hwpXsW7zYT3b3MW2SNW2hP0df6WSR9vW5MK3n48-_ZpfW5D9FsM73FwSbM9h6N8p-qfyW65R_WP87R32QW3k7RdC1hCy6nW8xYQw-3t3j54W2ZFzRF7BszSbW4ZYwVz34zT2gW8KZW0L7kYjrdW2NFrQK3w9XBHW6fZL7V7XPLVJ326d1

Full analysis: https://app.any.run/tasks/3b373efa-6a82-4922-a1c7-3e667ed08b14
Verdict: No threats detected
Analysis date: September 02, 2022, 07:36:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

80F8B26991D9764D1C593DA8C5FE5C3B

SHA1:

28F2B20FBC0BA3F844426AA683C9470645F65FCA

SHA256:

3C2FB47CF6B43B272A2112EA779DC7701C30E8A1A7B39593B55DE162B02071C3

SSDEEP:

6:2vPLE+CCLrIC780aR+E8PbNsst2rD4UQFUWpAWzHdD9ltXbPb8WYCfYkH92xBn:2vzE+CIrIC7lO+dDNsst2XsWsAWDltL4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2596)

  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 3392)
      • iexplore.exe (PID: 2596)

    • Reads the computer name

      • iexplore.exe (PID: 3392)
      • iexplore.exe (PID: 2596)

    • Application launched itself

      • iexplore.exe (PID: 3392)

    • Changes internet zones settings

      • iexplore.exe (PID: 3392)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3392)
      • iexplore.exe (PID: 2596)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2596)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3392)
      • iexplore.exe (PID: 2596)

    • Creates files in the user directory

      • iexplore.exe (PID: 2596)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3392)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3392)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3392"C:\Program Files\Internet Explorer\iexplore.exe" "https://cwqsz04.na1.hubspotlinks.com/Ctc/GC+113/cwQsz04/VWR4DM1JWMcFW1l8zVV8nl5T6W2NZxg54Pr3lSN4HzmdN3lSbtV1-WJV7CgPDmW2zFbh97jMyLxW6t9FzK8VN9zLW3fwg9_3QvcGYW8Xz0Hn7d-3NmW4_jbKb2tDz5YW1QNB1r2XTHlPW7PDqV-4hwpXsW7zYT3b3MW2SNW2hP0df6WSR9vW5MK3n48-_ZpfW5D9FsM73FwSbM9h6N8p-qfyW65R_WP87R32QW3k7RdC1hCy6nW8xYQw-3t3j54W2ZFzRF7BszSbW4ZYwVz34zT2gW8KZW0L7kYjrdW2NFrQK3w9XBHW6fZL7V7XPLVJ326d1"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2596"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3392 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
20 703
Read events
20 577
Write events
124
Delete events
2

Modification events

(PID) Process:(3392) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3392) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3392) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30981790
(PID) Process:(3392) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3392) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30981790
(PID) Process:(3392) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3392) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3392) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3392) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3392) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
31
Text files
56
Unknown types
34

Dropped files

PID
Process
Filename
Type
2596iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:6C6A24456559F305308CB1FB6C5486B3
SHA256:EFC3C579BD619CEAB040C4B8C1B821B2D82C64FDDD9E80A00EC0D7F6577ED973
3392iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:AD84993F5377032C9A8CD1CE9B3B68C6
SHA256:7C3F3BB29DCEE29AF8EF8FCD4EA1EA5C5A192EB4EFDE4B0B02532CEE1DCDE341
2596iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab3057.tmpcompressed
MD5:6C6A24456559F305308CB1FB6C5486B3
SHA256:EFC3C579BD619CEAB040C4B8C1B821B2D82C64FDDD9E80A00EC0D7F6577ED973
2596iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:1280122B906016E4390858B3BD7090A0
SHA256:55434AE35C4197A5F15FEB304BC6AACF08B86A6B19EC190B876512E3D8921221
2596iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFFE2D1BD0FA459683383039A14E4775der
MD5:5B2FB892D2B12C54F5FA129134F5DF34
SHA256:3FED89496AE8CA41004CC978528704D2D4C18A852EC887F0901030F6B2B6B228
2596iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:FA335E0914C9F32BBA756C6F588D3DFD
SHA256:D88400EE1B112182D00002212DE23F7C449C3BA3B9D84094AB78A1C54D7E8DA0
3392iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:C7E56AC1089FEB866D798C680CE811E8
SHA256:758E39C6B205018FE43208FC0C472B652E682BC795F8FEBD453352B470CF3FAB
2596iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\QOFD962N.htmhtml
MD5:49624EF4F20D920F141D2ADB67A2A85A
SHA256:689B89ADCAEA2CE4D9277E99DCC66A728D5C3C14142C963380F8DB01D6742460
2596iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\contact[1].htmhtml
MD5:EB1D3E6ED1E54381CD2A87CC085BDDC3
SHA256:808BB81A73598A26BCA5D8F4C8D84635797F078FF179E66F97F9FBC98DF949E1
3392iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:CBDECC647B2CA7FF4BA2934090AB3444
SHA256:8CBE507C0E8E07CD5944CF476C876969F7802737223CEEC8404BFE1BB523D492
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
261
DNS requests
41
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3392
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2596
iexplore.exe
GET
142.250.185.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
whitelisted
2596
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2596
iexplore.exe
GET
200
184.24.77.67:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMwzeZTYaup%2BPMdF52XxnFdFQ%3D%3D
US
der
503 b
shared
2596
iexplore.exe
GET
200
65.9.58.66:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
2596
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEDOrfzuGzQ3EiebFSro%2BB0%3D
US
der
471 b
whitelisted
2596
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCR4Krur6RYNhLaTNZqvbGK
US
der
472 b
whitelisted
2596
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCED8Vv47Wm5nECuEFaXOL3Kg%3D
US
der
471 b
whitelisted
2596
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
2596
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?93b5aa2b9f21e4bb
US
compressed
60.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3392
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
3392
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2596
iexplore.exe
104.18.31.105:443
cwqsz04.na1.hubspotlinks.com
Cloudflare Inc
US
suspicious
3392
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2596
iexplore.exe
104.18.30.105:443
cwqsz04.na1.hubspotlinks.com
Cloudflare Inc
US
suspicious
2596
iexplore.exe
34.251.201.224:443
www.opkey.com
Amazon.com, Inc.
IE
malicious
2596
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2596
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2596
iexplore.exe
184.24.77.67:80
r3.o.lencr.org
Time Warner Cable Internet LLC
US
unknown

DNS requests

Domain
IP
Reputation
cwqsz04.na1.hubspotlinks.com
  • 104.18.31.105
  • 104.18.30.105
suspicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
www.opkey.com
  • 34.251.201.224
  • 54.194.170.100
  • 34.253.101.190
malicious
x1.c.lencr.org
  • 96.16.145.230
whitelisted
r3.o.lencr.org
  • 184.24.77.67
  • 184.24.77.52
shared
global-uploads.webflow.com
  • 143.204.215.8
  • 143.204.215.33
  • 143.204.215.92
  • 143.204.215.86
shared
ajax.googleapis.com
  • 142.250.181.234
whitelisted

Threats

PID
Process
Class
Message
2596
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2596
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://cwqsz04.na1.hubspotlinks.com/Ctc/GC+113/cwQsz04/VWR4DM1JWMcFW1l8zVV8nl5T6W2NZxg54Pr3lSN4HzmdN3lSbtV1-WJV7CgPDmW2zFbh97jMyLxW6t9FzK8VN9zLW3fwg9_3QvcGYW8Xz0Hn7d-3NmW4_jbKb2tDz5YW1QNB1r2XTHlPW7PDqV-4hwpXsW7zYT3b3MW2SNW2hP0df6WSR9vW5MK3n48-_ZpfW5D9FsM73FwSbM9h6N8p-qfyW65R_WP87R32QW3k7RdC1hCy6nW8xYQw-3t3j54W2ZFzRF7BszSbW4ZYwVz34zT2gW8KZW0L7kYjrdW2NFrQK3w9XBHW6fZL7V7XPLVJ326d1