analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://gofile.io/d/VqKtL7

Full analysis: https://app.any.run/tasks/bedeea0c-7357-493b-93b8-771a5de8f523
Verdict: Malicious activity
Analysis date: November 29, 2020, 21:10:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

ED7EB475CAB08F52BA1AADA18ED99828

SHA1:

A465EA45358E2C07C4D1D8278F19FC0B766E6E61

SHA256:

44073A91B8D73DC7535288F63B1D46ED2A1C390EECEE30A11B3A26EDA1D23CB3

SSDEEP:

3:N8rxL14uR8n:2Zb8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 2744)
    • Application launched itself

      • iexplore.exe (PID: 2708)
    • Changes internet zones settings

      • iexplore.exe (PID: 2708)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2708"C:\Program Files\Internet Explorer\iexplore.exe" https://gofile.io/d/VqKtL7C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2744"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2708 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
299
Read events
243
Write events
55
Delete events
1

Modification events

(PID) Process:(2708) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
925663474
(PID) Process:(2708) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30852756
(PID) Process:(2708) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2708) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2708) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2708) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2708) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2708) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A5000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2708) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2708) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
0
Suspicious files
22
Text files
32
Unknown types
15

Dropped files

PID
Process
Filename
Type
2708iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2744iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabFD18.tmp
MD5:
SHA256:
2744iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarFD19.tmp
MD5:
SHA256:
2744iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\VqKtL7[1].htmhtml
MD5:C30728251DE910FFF580663E665DB35B
SHA256:8898354D140E54D3B19C14916DB47BF00B7C051BEFAABACED74BFA3C42368373
2744iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAEF8787DF0023EFE3AD2D2DAB447C1Fder
MD5:7AD26632C356D82F2764BE4234190094
SHA256:249276FCF545ABC48040856BAE3B77AB3F0CA0BC2F787B249716C742BC4F3813
2744iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4binary
MD5:D914916DB056AFAA0FDD9429A177ECA9
SHA256:B0F6154949201CAB57AB07F5BF23876F4A06020C32DAD3DA152816895020DE6F
2744iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAEF8787DF0023EFE3AD2D2DAB447C1Fbinary
MD5:B6427C13F54E6CAD18EB35137D23BF52
SHA256:EFE44817000459A6B5A3AD5F26D0301FD5F994281D1C966CA7C56D552CA297F8
2744iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\prism-autoloader[1].jstext
MD5:058CF0DF0B3DCBE1658FE32809597DFC
SHA256:A18263AA29A83081BE45B86AB90907474422A0CAE1C0FB22954B0B09B4E17C6F
2744iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\responsive.bootstrap4.min[1].csstext
MD5:7D8EB4F81E79C8CFB1F95C50D9E43BFE
SHA256:42BA549624C73F034D969840FB0355FB3456565B600D3E84834717540074E212
2744iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08binary
MD5:55149C587BD76E479E5D1FF50774BC88
SHA256:113B94519AAB9F65E2DF436E0E5AE734AACEEE96D7E2A0272D92B20BFE72FBF8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
37
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2744
iexplore.exe
GET
200
2.16.186.11:80
http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
unknown
der
1.37 Kb
whitelisted
2744
iexplore.exe
GET
200
2.16.186.27:80
http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgTO%2FwusFxAe3DVPkYEgSSdBxw%3D%3D
unknown
der
527 b
whitelisted
2744
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2744
iexplore.exe
GET
200
172.217.21.195:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2744
iexplore.exe
GET
200
172.217.21.195:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDgM%2F2Oalb9SggAAAAAYth0
US
der
472 b
whitelisted
2744
iexplore.exe
GET
200
172.217.21.195:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDa2MTpyZrzlQgAAAAAYth4
US
der
472 b
whitelisted
2744
iexplore.exe
GET
200
172.217.21.195:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDa2MTpyZrzlQgAAAAAYth4
US
der
472 b
whitelisted
2744
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkbwjNvPLFRm7zMB3V80
US
der
1.49 Kb
whitelisted
2744
iexplore.exe
GET
200
172.217.21.195:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2744
iexplore.exe
GET
200
192.35.177.64:80
http://crl.identrust.com/DSTROOTCAX3CRL.crl
US
der
1.16 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2708
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2744
iexplore.exe
192.35.177.64:80
crl.identrust.com
IdenTrust
US
malicious
2744
iexplore.exe
213.32.73.239:443
gofile.io
OVH SAS
FR
unknown
2744
iexplore.exe
2.16.186.11:80
isrg.trustid.ocsp.identrust.com
Akamai International B.V.
whitelisted
2744
iexplore.exe
2.16.186.27:80
ocsp.int-x3.letsencrypt.org
Akamai International B.V.
whitelisted
2744
iexplore.exe
172.217.12.170:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2744
iexplore.exe
151.101.2.109:443
cdn.jsdelivr.net
Fastly
US
suspicious
2744
iexplore.exe
104.22.51.93:443
cdn.datatables.net
Cloudflare Inc
US
malicious
2744
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2744
iexplore.exe
104.16.18.94:443
cdnjs.cloudflare.com
Cloudflare Inc
US
unknown

DNS requests

Domain
IP
Reputation
gofile.io
  • 213.32.73.239
  • 217.182.142.131
  • 217.182.142.52
whitelisted
isrg.trustid.ocsp.identrust.com
  • 2.16.186.11
  • 2.16.186.35
whitelisted
ocsp.int-x3.letsencrypt.org
  • 2.16.186.27
  • 2.16.186.11
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
crl.identrust.com
  • 192.35.177.64
whitelisted
fonts.googleapis.com
  • 172.217.12.170
whitelisted
cdn.jsdelivr.net
  • 151.101.2.109
  • 151.101.66.109
  • 151.101.130.109
  • 151.101.194.109
whitelisted
cdn.buymeacoffee.com
  • 172.67.70.99
  • 104.26.11.39
  • 104.26.10.39
whitelisted
cdn.datatables.net
  • 104.22.51.93
  • 172.67.14.139
  • 104.22.50.93
whitelisted

Threats

No threats detected
No debug info