analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://benefiitcenter.com

Full analysis: https://app.any.run/tasks/e7e2825b-5713-4bb9-bb15-bd401518b1d6
Verdict: Malicious activity
Analysis date: October 14, 2019, 14:23:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

A445B823BCA2406AF67BE8B5D21FA8D5

SHA1:

DE16BF7ED6A77BF8C4616531A881E9FC43AC36E0

SHA256:

3FE100AE07714D46FB8BA6E0D0C69AC4101427D7DBBAFFFDD111C5760B2320C7

SSDEEP:

3:N1KcusbmbGKI:CcXKK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 1316)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3168)
      • iexplore.exe (PID: 1936)

    • Creates files in the user directory

      • iexplore.exe (PID: 3168)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3168)
      • iexplore.exe (PID: 1936)

    • Application launched itself

      • iexplore.exe (PID: 1316)

    • Manual execution by user

      • iexplore.exe (PID: 3872)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1316"C:\Program Files\Internet Explorer\iexplore.exe" "http://benefiitcenter.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3168"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1316 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3872"C:\Program Files\Internet Explorer\iexplore.exe" C:\Program Files\Internet Explorer\iexplore.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1936"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1316 CREDAT:71938C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
549
Read events
467
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
12
Unknown types
5

Dropped files

PID
Process
Filename
Type
1316iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
1316iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3168iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5T28OD3W\benefiitcenter_com[1].txt
MD5:
SHA256:
3168iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5T28OD3W\click[1].txt
MD5:
SHA256:
3168iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@dprtb[1].txt
MD5:
SHA256:
3168iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4CRK5UNH\3b929666-ee8e-11e9-b1f2-12e8766b6f22[1].txt
MD5:
SHA256:
3168iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4CRK5UNH\zcredirect[1].txt
MD5:
SHA256:
3168iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:C26444ECE323C464BDB98781FAC4917D
SHA256:A04AF9F3FEB8E554C0EB84588A9FB86A11AAB1184F4DAF7D44FD4E24BF29C420
3168iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:0114B896E0E9E9DD1EFE0BEE2743D9D1
SHA256:B84696284DC62D0F75E3C58553BAF85E4D447BF0AD2857AF8F5FE5062E90BCF0
3168iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4CRK5UNH\3b929666-ee8e-11e9-b1f2-12e8766b6f22[1].htmhtml
MD5:BCE764BE7CB8EB9D09054357D52524E4
SHA256:76C8F13DDE40FE81C8E82DA0BD826F2FE3463EB964389ECDD7A49034A5CFD1EF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
9
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3168
iexplore.exe
GET
200
209.15.13.136:80
http://dprtb.com/click?data=LWtadGlxelZkQjI5MGFSSDlIRWtkeC1GUThycWE4YThRX0NvSVBXcWQ5TU5kdFdhOVBOMThRRnRXajAwR0gzejhvTnBld1pNR1lqVURjM0hTWlQzWmFXUU1aR01ROVFhT3FrMzE4MDcyR0x2VkQyajZyaWRKMmxRZmlzWU5TX0dzUnYyYjZSdzl4d1ZMSkRvZ2xvQzl2TVJ5MmxkTHdTdU5ES2t5Vko3S2ZFMQ2&id=a2f6fa44-a3c0-4eea-8e78-1a3616fdb579
CA
html
2.10 Kb
malicious
3168
iexplore.exe
GET
200.63.47.3:80
http://benefiitcenter.com/
PA
malicious
3168
iexplore.exe
GET
200
52.45.49.150:80
http://usd.odysseus-nua.com/zcvisitor/3b929666-ee8e-11e9-b1f2-12e8766b6f22?campaignid=ca281f10-afb1-11e9-9750-12077332b422
US
html
1010 b
malicious
3168
iexplore.exe
GET
200
52.45.49.150:80
http://usd.odysseus-nua.com/zcredirect?visitid=3b929666-ee8e-11e9-b1f2-12e8766b6f22&type=js&browserWidth=1276&browserHeight=560&iframeDetected=false
US
html
956 b
malicious
1316
iexplore.exe
GET
404
52.45.49.150:80
http://usd.odysseus-nua.com/favicon.ico
US
html
940 b
malicious
1316
iexplore.exe
GET
200
13.107.21.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
3168
iexplore.exe
POST
302
209.15.13.136:80
http://dprtb.com/Redirect/
CA
html
239 b
malicious
3168
iexplore.exe
GET
302
200.63.47.3:80
http://benefiitcenter.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTU3MTA3MDIyNCwiaWF0IjoxNTcxMDYzMDI0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIybjZvaXZxYTFwOTY1b2Vpcm8wYjc2ODEiLCJuYmYiOjE1NzEwNjMwMjQsInRzIjoxNTcxMDYzMDI0ODE4NDI3fQ.Ru1UCQW1oZxH8M_CZJFBPk2uBYUps5NehAm7ySkEx6g&sid=3aa4375e-ee8e-11e9-b0ca-6fc1272ed034
PA
text
11 b
malicious
1316
iexplore.exe
GET
404
209.15.13.136:80
http://dprtb.com/favicon.ico
CA
html
1.22 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1316
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1316
iexplore.exe
209.15.13.136:80
dprtb.com
Peer 1 Network (USA) Inc.
CA
malicious
3168
iexplore.exe
209.15.13.136:80
dprtb.com
Peer 1 Network (USA) Inc.
CA
malicious
3168
iexplore.exe
52.45.49.150:80
usd.odysseus-nua.com
Amazon.com, Inc.
US
malicious
3168
iexplore.exe
200.63.47.3:80
benefiitcenter.com
Panamaserver.com
PA
malicious
3168
iexplore.exe
188.214.132.74:443
deskoffersdmitr.com
UAB Cherry Servers
LT
suspicious
1316
iexplore.exe
52.45.49.150:80
usd.odysseus-nua.com
Amazon.com, Inc.
US
malicious
3168
iexplore.exe
95.216.12.18:443
secure.torsontieri.com
Hetzner Online GmbH
DE
unknown

DNS requests

Domain
IP
Reputation
benefiitcenter.com
  • 200.63.47.3
malicious
www.bing.com
  • 13.107.21.200
whitelisted
dprtb.com
  • 209.15.13.136
unknown
usd.odysseus-nua.com
  • 52.45.49.150
unknown
secure.torsontieri.com
  • 95.216.12.18
malicious
deskoffersdmitr.com
  • 188.214.132.74
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://benefiitcenter.com