URL:

d10yke8mddzjba.cloudfront.net

Full analysis: https://app.any.run/tasks/e13bcabd-0440-466c-a844-a0af0a40b459
Verdict: Malicious activity
Analysis date: April 29, 2024, 15:30:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

DB265D28DFC830B9D437CDC8B317E68E

SHA1:

7C74065F76B18880195922A5FC8B23277E0CFC19

SHA256:

3EB4B175D496FB24E0E8C48930354809F35CD0DF249412CE418406B8D2EE5606

SSDEEP:

3:WFJ0l/0n:WFvn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3964)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2040)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2040)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2040)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2040"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3964"C:\Program Files\Internet Explorer\iexplore.exe" "d10yke8mddzjba.cloudfront.net"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4020"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3964 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
43 902
Read events
43 751
Write events
114
Delete events
37

Modification events

(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
569791648
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31103562
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
870112898
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31103562
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
86
Text files
199
Unknown types
60

Dropped files

PID
Process
Filename
Type
4020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:5D5EE5B0AC67A36B113A2254C6B5E35B
SHA256:5AA7EE2AF91EB220392922BB7D52405E1BBCB7AC85EDB616A5DC29D717893D55
4020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:BDCE5C7D5887E61C8CE613ED9882DC35
SHA256:8F3D1BF29695FC9014D3864685F0F070079765ADBD012DA0330F0570AFAF8D33
4020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:9671CADF351A5E5051295F1C503746C7
SHA256:29922D43AC408C4132750D170592CAA21DEF4D9061A71A70C987803E4E7A9755
4020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:A1121DB29CC0086F98F4EBE3F8C451D6
SHA256:150ABDD3DF07166EC47DEAD67DB519EB77B5A8E015920C63B971E871B6B78009
4020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38Bbinary
MD5:764A886523EF643AE2EB7F192D21042C
SHA256:CDA293543E3D2F123CD98DDAFB4F7339FD004D5A8D422406917B9B2B4B37DD65
4020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_D21E2ECA16C426DD4124714500D479F2binary
MD5:7E86275133050D34FE1BF43B8391CF5F
SHA256:40C8535D47C9BE993E0232DAEFB9D46C27EB26CB76CF0A4EC595D909BC4B9616
4020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\WLOSP6KD.htmhtml
MD5:66C5877D831AC83184696931FDE1FE79
SHA256:9E18F8414861645D142A0AF484240B0E9E889E1997DE6DCBCCE92823B6FCA634
4020iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38Bbinary
MD5:BCE32EB54ACE94182C9DFEA0EC917A4C
SHA256:BAE74854CB705B1AB76E09C91C2E32DD670FD7C583A56CC2A3BA54B1B8D1C232
4020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\YmZiZGRiNjYt-w186._SY116_CB603819745_[1].jpgimage
MD5:76D40D829383ECBD6B2740C6B66E1A53
SHA256:36D10A8F388D28326C79C98E810B95E31FD58EE3A6BD335C3F44FA279CD58A86
4020iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\Y2FjMzY0YTAt-w186._SY116_CB603819745_[1].jpgimage
MD5:B27E84F2106C14D6775DFE976BCAFBCD
SHA256:D991526B3411E048721BFE6981E60EA2C3949BA2514C888902E9FC8980669E17
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
101
TCP/UDP connections
188
DNS requests
95
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4020
iexplore.exe
GET
301
18.244.14.98:80
http://d10yke8mddzjba.cloudfront.net/
unknown
unknown
4020
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3379305fd5c23223
unknown
unknown
3964
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
unknown
4020
iexplore.exe
GET
200
108.138.2.173:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
unknown
4020
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D
unknown
unknown
4020
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
unknown
4020
iexplore.exe
GET
200
152.199.19.74:80
http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEEsrARXN5cdIGzzd%2Ft4RFp4%3D
unknown
unknown
3964
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?48102323af88c435
unknown
unknown
4020
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D
unknown
unknown
3964
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c21588876f974d24
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4020
iexplore.exe
18.244.14.98:80
d10yke8mddzjba.cloudfront.net
US
unknown
4020
iexplore.exe
18.244.14.98:443
d10yke8mddzjba.cloudfront.net
US
unknown
4020
iexplore.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
4020
iexplore.exe
108.138.2.173:80
o.ss2.us
AMAZON-02
US
unknown
4020
iexplore.exe
18.245.39.64:80
ocsp.rootg2.amazontrust.com
US
unknown
3964
iexplore.exe
2.19.96.51:443
www.bing.com
Akamai International B.V.
DE
unknown
4020
iexplore.exe
52.222.237.219:443
images-fe.ssl-images-amazon.com
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
d10yke8mddzjba.cloudfront.net
  • 18.244.14.98
malicious
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
o.ss2.us
  • 108.138.2.173
  • 108.138.2.195
  • 108.138.2.10
  • 108.138.2.107
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.245.39.64
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.245.39.64
shared
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 92.123.104.53
  • 92.123.104.5
  • 92.123.104.64
  • 92.123.104.66
  • 92.123.104.60
  • 92.123.104.63
  • 92.123.104.54
  • 92.123.104.62
  • 92.123.104.50
  • 2.19.96.51
  • 2.19.96.66
  • 2.19.96.50
  • 2.19.96.74
  • 2.19.96.67
  • 2.19.96.80
  • 2.19.96.81
  • 2.19.96.82
  • 2.19.96.75
whitelisted
images-fe.ssl-images-amazon.com
  • 52.222.237.219
unknown
m.media-amazon.com
  • 52.222.237.219
whitelisted
completion.amazon.com
  • 44.215.116.37
whitelisted

Threats

PID
Process
Class
Message
4020
iexplore.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
4020
iexplore.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
d10yke8mddzjba.cloudfront.net