analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://jumblebox.jp/wo__;!!Ny6EIwG7C49Xp6q9sQ!-MlQIYFBlHpdsEm8zuyo95PNgRLcMy0PrkngPIop5sHh33T_CS6gbcNCHbm3CA3zDNGGCxAMKqTPT07IAozK5Qglo21xdSE$

Full analysis: https://app.any.run/tasks/455262ca-eccd-4e19-909c-0e42d8e3aaa1
Verdict: Malicious activity
Analysis date: October 05, 2022, 07:18:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

AB35D6D8DAFC1C71F76A833E9534DBD8

SHA1:

666BA371BDB15086CDF051BF0E7903FB8A7D36C8

SHA256:

41A93590069D043CA2391527C86AE615B67F0DCBB3B270F2FB7308A7FB34B16F

SSDEEP:

3:N8ftoetrcszxmRM5UnDyJtCNvHu1OL+VDBmyCFJrB07VrfYIn:2fiucymMKmjCJHADJCFvgUI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2412)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2412"C:\Program Files\Internet Explorer\iexplore.exe" "https://jumblebox.jp/wo__;!!Ny6EIwG7C49Xp6q9sQ!-MlQIYFBlHpdsEm8zuyo95PNgRLcMy0PrkngPIop5sHh33T_CS6gbcNCHbm3CA3zDNGGCxAMKqTPT07IAozK5Qglo21xdSEf7f81a39-5f63-5b42-9efd-1f13b5431005quot;C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
3232"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2412 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
16 429
Read events
16 320
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
11
Text files
6
Unknown types
6

Dropped files

PID
Process
Filename
Type
3232iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar339.tmpcat
MD5:C75C82DE5128C3E55D72A4FF9C73F5E4
SHA256:379E2F7218F036D70E2C474BF6A09364C5623C1C5F8D5A1A16F1B9B1EC243B55
3232iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar4A2.tmpcat
MD5:C75C82DE5128C3E55D72A4FF9C73F5E4
SHA256:379E2F7218F036D70E2C474BF6A09364C5623C1C5F8D5A1A16F1B9B1EC243B55
2412iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442binary
MD5:583D687283B7A0F96534620CAE687760
SHA256:EF1B74EC512D5A4D659EFD1CFEAA29B6740AB65FB1E868CD9D4B92E0BB749DCB
3232iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:6304F366F5033971E980B9A1ABE25049
SHA256:BD19CB993960CD009B89B87B486088660743BC49F76378E6B429FFED26B2769C
3232iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:C36F6D36294DABA3114AE90FFE9FBE7D
SHA256:311336C64AACFE1510147EA4A1FA3088D7C1FB6A324BCE7BCB498BC737742010
2412iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:E0C76A2B99FB8587A812B9EAC33C0D77
SHA256:7A9DA77D82B6022F675C9CA4C9B8BD818AC43B0616AAEDA4A069C76EB4F96CF7
3232iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5065B93A6CF68B24F9B07C724284071binary
MD5:281C575E84779079570BF2B34563E899
SHA256:E536DCBBC375BA26D37C4DCCA58450158A6EE63262A971F09E6429FECE1A9A07
3232iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:D15AAA7C9BE910A9898260767E2490E1
SHA256:F8EBAAF487CBA0C81A17C8CD680BDD2DD8E90D2114ECC54844CFFC0CC647848E
2412iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2412iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:6A9C9AAAD47A858879A5655B175825C8
SHA256:556C28AE4E43812B99A48D14E20D647BC6AF0F293429E3613C1ABCFBD249C16F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
32
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2412
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
3232
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2ad426d40445cd63
US
compressed
4.70 Kb
whitelisted
3232
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a9373967bd1d7066
US
compressed
60.9 Kb
whitelisted
3232
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c2719bf2d94ff76f
US
compressed
60.9 Kb
whitelisted
3232
iexplore.exe
GET
200
184.24.77.48:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNpbZQZzT7QV5xthbm5Wq%2FhkA%3D%3D
US
der
503 b
shared
2412
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3232
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fb7744551ed96af1
US
compressed
4.70 Kb
whitelisted
3232
iexplore.exe
GET
200
96.16.145.230:80
http://x1.c.lencr.org/
US
der
717 b
whitelisted
3232
iexplore.exe
GET
301
133.130.34.147:80
http://assets.lolipop.jp/img/bnr/bnr_lolipop_ad_001.gif
JP
html
162 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2412
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
3232
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
3232
iexplore.exe
96.16.145.230:80
x1.c.lencr.org
AKAMAI-AS
DE
suspicious
2412
iexplore.exe
131.253.33.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3232
iexplore.exe
157.7.107.95:443
jumblebox.jp
GMO Internet,Inc
JP
malicious
2412
iexplore.exe
13.107.22.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3232
iexplore.exe
13.225.78.51:443
static.minne.com
AMAZON-02
US
suspicious
3232
iexplore.exe
184.24.77.48:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted
3232
iexplore.exe
35.73.133.126:80
js.ad-stir.com
AMAZON-02
JP
unknown

DNS requests

Domain
IP
Reputation
jumblebox.jp
  • 157.7.107.95
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.22.200
  • 131.253.33.200
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
x1.c.lencr.org
  • 96.16.145.230
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
r3.o.lencr.org
  • 184.24.77.48
  • 184.24.77.54
shared
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
js.ad-stir.com
  • 35.73.133.126
  • 3.114.232.24
whitelisted

Threats

PID
Process
Class
Message
3232
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3232
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3232
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3232
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3232
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3232
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3232
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3232
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3232
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3232
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info