analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://jdsports.top/

Full analysis: https://app.any.run/tasks/39aa15d2-1837-43be-b0bd-6708b64fb2f4
Verdict: Malicious activity
Analysis date: January 10, 2019, 18:12:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

54E6BFEEB2462A08EAC8DB2E15424CCE

SHA1:

D2838E5B5818473E78296538CFA566FE2AADC487

SHA256:

44925C56A65C91CB7E136741169AD818188BA08BB9571277312A4CDBD5F2A682

SSDEEP:

3:N1KUgVMwQgn:CUov

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2984)

    • Creates files in the user directory

      • iexplore.exe (PID: 3280)

    • Changes internet zones settings

      • iexplore.exe (PID: 2984)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3280)
      • iexplore.exe (PID: 2884)
      • iexplore.exe (PID: 2760)
      • iexplore.exe (PID: 4048)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3280)
      • iexplore.exe (PID: 2760)
      • iexplore.exe (PID: 2884)
      • iexplore.exe (PID: 4048)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3280)
      • iexplore.exe (PID: 2884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2984"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3280"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2884"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71938C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2760"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71939C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
4048"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71940C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
1 110
Read events
987
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
2
Text files
81
Unknown types
4

Dropped files

PID
Process
Filename
Type
2984iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
2984iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3280iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jdsports_top[1].txt
MD5:
SHA256:
3280iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\stylesheet_select_popup[1].csstext
MD5:915F779982573421343F4D78735AAC7F
SHA256:DB554D36F8B62DF5F880D235D01183DDB53D12FD273268BFA0C63BD2AD0FE56A
3280iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\stylesheet_css_buttons[1].csstext
MD5:2B43C5405A583CCC26C735A8A0C73B65
SHA256:F6205680EDE12D120A99E66448B68438CAFDC200ADA324EF14A12451B6090EDC
3280iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\stylesheet_productupdates[1].csstext
MD5:666D49D8649FAE80BDC7DC01A6B3C7D6
SHA256:D84E98BF39118D1DDE7441FC4C3FC054C874E491EDF892E09F62390CB582019E
3280iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\stylesheet_slider[1].csstext
MD5:9FDE55290BC21D5C14F9402FE9ECEC2A
SHA256:60050AA6F2ABE6B74E95FC6606A23DA2284193B9D7E5F1FE5F55C90BC5F09147
3280iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jscript_jquery-touchslider[1].jstext
MD5:B1C97732FCFA3BE6457C0B2320B01A97
SHA256:F50C4BD617A6AB13114B502942580804630D54DBF84B48AD4D60F32728F8738C
3280iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\stylesheet_cart_header[1].csstext
MD5:C7AF725CE3DB549F0C123E6B47EEBCB8
SHA256:2230DC3C3E53321D9738060D44014C60BA1AAD66270AA2BFA222A2A4D0AD8CF4
3280iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\jscript_z_swipe[1].jstext
MD5:6602F65AFB8906A18006E242E424AFE1
SHA256:92B2679C6216C4022071F5D00A397AC99B98BE7E7FD47C14FB1492F916E4CFFD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
85
TCP/UDP connections
26
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3280
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_css_buttons.css
US
text
1.22 Kb
suspicious
3280
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/
US
html
9.86 Kb
suspicious
3280
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_cart_header.css
US
text
571 b
suspicious
3280
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet.css
US
text
10.2 Kb
suspicious
3280
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_categories_menu.css
US
text
1.08 Kb
suspicious
3280
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_znew.css
US
text
1016 b
suspicious
3280
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_productupdates.css
US
text
24.9 Kb
suspicious
3280
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/jscript/jscript_xcategories.js
US
text
1003 b
suspicious
3280
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_select_popup.css
US
text
9.85 Kb
suspicious
3280
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_slider.css
US
text
1.42 Kb
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2984
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3280
iexplore.exe
104.233.213.89:80
jdsports.top
PEG TECH INC
US
suspicious
3280
iexplore.exe
220.243.212.50:443
js.users.51.la
QUANTIL, INC
CN
unknown
3280
iexplore.exe
183.131.207.78:80
ia.51.la
DaLi
CN
suspicious
2984
iexplore.exe
104.233.213.89:80
jdsports.top
PEG TECH INC
US
suspicious
3280
iexplore.exe
31.13.90.6:443
connect.facebook.net
Facebook, Inc.
IE
whitelisted
2884
iexplore.exe
220.243.212.50:443
js.users.51.la
QUANTIL, INC
CN
unknown
2884
iexplore.exe
31.13.90.6:443
connect.facebook.net
Facebook, Inc.
IE
whitelisted
2884
iexplore.exe
104.233.213.89:80
jdsports.top
PEG TECH INC
US
suspicious
2760
iexplore.exe
220.243.212.50:443
js.users.51.la
QUANTIL, INC
CN
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
jdsports.top
  • 104.233.213.89
suspicious
js.users.51.la
  • 220.243.212.50
whitelisted
connect.facebook.net
  • 31.13.90.6
  • 157.240.1.23
whitelisted
ia.51.la
  • 183.131.207.78
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
3280
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
2884
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://jdsports.top/