analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

coupons

Full analysis: https://app.any.run/tasks/a1bb4340-9a57-4f6c-a85c-0ba67c4712fb
Verdict: Malicious activity
Analysis date: January 18, 2020, 02:07:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines
MD5:

F52754B499D4F3984CA9ECC615158261

SHA1:

5334A76D5066D5226F5A3185304DB95B6596CE3E

SHA256:

43C26C604AAD35E49E9FA8C4FCDD54F96E4DF49970BF2D1D95E354EEC3EC5F4A

SSDEEP:

3072:K1KFMRp2bTY6+/HNGbsxU47QjONEq5R5GHIP5dxIMPR:WKFMRp2bTY6+/HNGbsxU47lNEq5R5GH2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2108)
    • Changes internet zones settings

      • iexplore.exe (PID: 2108)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2412)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2412)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)

EXIF

HTML

HTTPEquivXUACompatible: IE=edge,chrome=1,requiresActiveX=true
Title: Printable Coupons, Grocery & Coupon Codes | Coupons.com
Robots: noodp
Description: Save money on hundreds of brands in store or online with Coupons.com. Find printable coupons for grocery and top brands. Get verified coupon codes daily.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2108"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\coupons.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2412"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2108 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
411
Read events
340
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
2108iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2108iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\household[1].pngimage
MD5:88974851C7478ADA1B62BB873EEA26FB
SHA256:D99262E002AD0993382AD9CDBE2AE0A538FE9C82C196B5B0D15F18A1047EBC22
2412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\Healthcare[1].pngimage
MD5:62C38CFBA9A905B6FFFB89579F614ADD
SHA256:3742E5A93EAA6DE8DFFD15B9DEEE688615E4AC3DB71722D1AE2701B40A0A1F68
2412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\foods[1].pngimage
MD5:DC75FD67AE305049C09EF22635C472DE
SHA256:4F0D977824B4A2476D164CE67989F8A6BF7FF195A464B0A43D28E695F475FA13
2412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\baby[1].pngimage
MD5:844DC495DA34B693EDDC13BAA8972A06
SHA256:54AC40542C66B54D018392CD40871384B381B86971E04A17FA0927CDA5352E4B
2412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\personal_care[1].pngimage
MD5:B74C9C6FA0C258F72A610511BE0E471A
SHA256:36F8DDE86D0339E283EF985F642E52EB970B040839896312F62FC7D75A0601BB
2412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\beverages[1].pngimage
MD5:6187062EDE57132E1EB7755D0A94077B
SHA256:818F2BBE23BC32E857CAFA899A8622FB2144DBC20959C9293065860371EF76D6
2108iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].pngimage
MD5:9FB559A691078558E77D6848202F6541
SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
2412iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ns[1].htmlhtml
MD5:503957084B1A48219ECF52A5B81CA4CD
SHA256:1508490E2A7F3949D866CE8F032895224C55A02EB24F9ADA50C7CB79A4C887C8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
14
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2108
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2108
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2.19.35.64:137
cdn.cpnscdn.com
Akamai International B.V.
whitelisted
4
System
104.111.231.89:445
s.btstatic.com
Akamai International B.V.
NL
unknown
2412
iexplore.exe
2.19.35.64:443
cdn.cpnscdn.com
Akamai International B.V.
whitelisted
4
System
2.19.35.64:445
cdn.cpnscdn.com
Akamai International B.V.
whitelisted
184.31.87.106:137
www.coupons.com
Akamai International B.V.
NL
whitelisted
4
System
184.31.87.106:445
www.coupons.com
Akamai International B.V.
NL
whitelisted
104.111.231.89:137
s.btstatic.com
Akamai International B.V.
NL
unknown
2412
iexplore.exe
172.217.18.168:443
www.googletagmanager.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
cdn.cpnscdn.com
  • 2.19.35.64
unknown
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.googletagmanager.com
  • 172.217.18.168
whitelisted
www.coupons.com
  • 184.31.87.106
whitelisted
s.btstatic.com
  • 104.111.231.89
whitelisted

Threats

No threats detected
No debug info