URL:

http://daas4uyngl.execute-api.ap-southeast-2.amazonaws.com

Full analysis: https://app.any.run/tasks/1afaacdc-4113-4af6-8489-bc5cd31c9fa6
Verdict: No threats detected
Analysis date: December 14, 2019, 15:48:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Indicators:
MD5:

6434A95E14DBE01D82C470EB28DD7C8F

SHA1:

AC99AE8B7DA61F84B7457AA82E9BDD8B0B0A0CEC

SHA256:

409EE07E7132688976CD56B2A5025E02F84710EA748EB59C33D0B9BB0A1E4AEF

SSDEEP:

3:N1KaEEXLAqM8EiWQ2N2Q7W2:Cat7AF8Z/e3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Uses RUNDLL32.EXE to load library

      • iexplore.exe (PID: 2504)

    • Reads the machine GUID from the registry

      • rundll32.exe (PID: 3016)

    • Starts Internet Explorer

      • rundll32.exe (PID: 3016)

  • INFO

    • Reads internet explorer settings

      • IEXPLORE.EXE (PID: 2440)
      • IEXPLORE.EXE (PID: 1404)

    • Changes internet zones settings

      • iexplore.exe (PID: 2504)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2504)

    • Creates files in the user directory

      • iexplore.exe (PID: 2504)
      • IEXPLORE.EXE (PID: 2440)
      • IEXPLORE.EXE (PID: 1404)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2504)

    • Reads the machine GUID from the registry

      • iexplore.exe (PID: 2504)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 2504)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe rundll32.exe no specs iexplore.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1404"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:3085593 /prefetch:2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
2440"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:267521 /prefetch:2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
2504"C:\Program Files\Internet Explorer\iexplore.exe" "http://daas4uyngl.execute-api.ap-southeast-2.amazonaws.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2860"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\Downloads\http_403C:\Program Files\Internet Explorer\iexplore.exerundll32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
3016"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Downloads\http_403C:\Windows\system32\rundll32.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
Total events
2 310
Read events
1 930
Write events
380
Delete events
0

Modification events

(PID) Process:(2504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
3
(PID) Process:(2504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
108473808
(PID) Process:(2504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30782102
(PID) Process:(2504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
408636308
(PID) Process:(2504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30782102
(PID) Process:(2504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
18
Text files
120
Unknown types
2

Dropped files

PID
Process
Filename
Type
2504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDW1XBVN\favicon[2].ico
MD5:
SHA256:
2504iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2440IEXPLORE.EXEC:\Users\admin\AppData\Local\Temp\Low\Cab56F7.tmp
MD5:
SHA256:
2440IEXPLORE.EXEC:\Users\admin\AppData\Local\Temp\Low\Tar56F8.tmp
MD5:
SHA256:
2504iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF928C1D08227B5F8C.TMP
MD5:
SHA256:
2504iexplore.exeC:\Users\admin\Downloads\http_403.q4mvout.partial:Zone.Identifier
MD5:
SHA256:
2504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{441583FB-1E89-11EA-9C27-5254004AAD21}.datbinary
MD5:
SHA256:
2440IEXPLORE.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\IVD3XEGU.htmhtml
MD5:E4E384D6672787C1BB2A9B500114F1F5
SHA256:80785F5520097DDE3B28C617171415CD690CBF1E0353A5F3E348C83A4656EA0F
2440IEXPLORE.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416binary
MD5:
SHA256:
2440IEXPLORE.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
76
DNS requests
60
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1404
IEXPLORE.EXE
GET
2.18.233.62:80
http://www.microsoft.com/en-us/iegallery
unknown
whitelisted
1404
IEXPLORE.EXE
GET
302
104.108.55.117:80
http://go.microsoft.com/fwlink/?LinkId=122812
NL
whitelisted
2440
IEXPLORE.EXE
GET
200
205.185.216.10:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?08f4f0bc2142acff
US
compressed
57.4 Kb
whitelisted
2440
IEXPLORE.EXE
GET
301
13.35.253.118:80
http://daas4uyngl.execute-api.ap-southeast-2.amazonaws.com/
US
html
183 b
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2440
IEXPLORE.EXE
13.35.253.118:80
daas4uyngl.execute-api.ap-southeast-2.amazonaws.com
US
shared
2440
IEXPLORE.EXE
13.35.253.118:443
daas4uyngl.execute-api.ap-southeast-2.amazonaws.com
US
shared
1404
IEXPLORE.EXE
2.18.233.62:443
www.microsoft.com
Akamai International B.V.
whitelisted
2504
iexplore.exe
204.79.197.203:443
www.msn.com
Microsoft Corporation
US
malicious
2504
iexplore.exe
13.92.246.37:443
query.prod.cms.msn.com
Microsoft Corporation
US
whitelisted
1404
IEXPLORE.EXE
23.37.51.125:443
mem.gfx.ms
Akamai Technologies, Inc.
NL
whitelisted
1404
IEXPLORE.EXE
2.16.186.40:443
img-prod-cms-rt-microsoft-com.akamaized.net
Akamai International B.V.
whitelisted
1404
IEXPLORE.EXE
23.210.249.93:443
c.s-microsoft.com
Akamai International B.V.
NL
whitelisted
1404
IEXPLORE.EXE
23.210.248.233:443
uhf.microsoft.com
Akamai International B.V.
NL
whitelisted
2504
iexplore.exe
23.210.249.93:443
c.s-microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
daas4uyngl.execute-api.ap-southeast-2.amazonaws.com
  • 13.35.253.118
  • 13.35.253.121
  • 13.35.253.30
  • 13.35.253.126
shared
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
x.ss2.us
  • 13.35.254.34
  • 13.35.254.54
  • 13.35.254.82
  • 13.35.254.176
whitelisted
ctldl.windowsupdate.com
  • 205.185.216.10
  • 205.185.216.42
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
go.microsoft.com
  • 104.108.55.117
whitelisted
ieonline.microsoft.com
  • 204.79.197.200
whitelisted
www.microsoft.com
  • 2.18.233.62
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://daas4uyngl.execute-api.ap-southeast-2.amazonaws.com