analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://jdsports.top/

Full analysis: https://app.any.run/tasks/9240710f-343b-40d2-9d30-15b8072f1364
Verdict: Malicious activity
Analysis date: January 10, 2019, 18:03:35
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

54E6BFEEB2462A08EAC8DB2E15424CCE

SHA1:

D2838E5B5818473E78296538CFA566FE2AADC487

SHA256:

44925C56A65C91CB7E136741169AD818188BA08BB9571277312A4CDBD5F2A682

SSDEEP:

3:N1KUgVMwQgn:CUov

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2724)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3244)

    • Application launched itself

      • iexplore.exe (PID: 2724)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3244)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3244)

    • Creates files in the user directory

      • iexplore.exe (PID: 3244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2724"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3244"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2724 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
398
Read events
336
Write events
59
Delete events
3

Modification events

(PID) Process:(2724) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2724) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2724) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2724) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2724) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2724) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2724) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{18AF99B3-1502-11E9-BAD8-5254004A04AF}
Value:
0
(PID) Process:(2724) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2724) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
3
(PID) Process:(2724) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307010004000A001200030039004C02
Executable files
0
Suspicious files
0
Text files
82
Unknown types
4

Dropped files

PID
Process
Filename
Type
2724iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
2724iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jdsports_top[1].txt
MD5:
SHA256:
3244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\stylesheet_znew[1].csstext
MD5:0F31CAEDD1E37406C75151B1C22A6CEC
SHA256:75807EC9F513C0923CFEA32EBDA81E228F0A33A5773253F82BB52D30C952CAAE
3244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jscript_menu_conf[1].jstext
MD5:F03BC391BA617A0BC6D70FC098FA2BF0
SHA256:4DC3EA0106F36A9141C6F0972E80E0BB5922CA0DBC2B6314E59094B362844FFD
3244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\stylesheet_productupdates[1].csstext
MD5:666D49D8649FAE80BDC7DC01A6B3C7D6
SHA256:D84E98BF39118D1DDE7441FC4C3FC054C874E491EDF892E09F62390CB582019E
3244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\stylesheet_res[1].csstext
MD5:9D6A8D74F3DADC939495BCC642FB6995
SHA256:BB25BC59CEB288F161B5C829F80A69FE4F3B75A248316AE28CF3126BA5E96D08
3244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\stylesheet_select_popup[1].csstext
MD5:915F779982573421343F4D78735AAC7F
SHA256:DB554D36F8B62DF5F880D235D01183DDB53D12FD273268BFA0C63BD2AD0FE56A
3244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jdsports_top[1].htmhtml
MD5:A55B74EFA785F6D0BA7D9C006CEB02D8
SHA256:6D60FB644AB2C2E5D07C3199136AC70036068F0482E6734A0D1EF1CA4EA5B2BC
3244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\stylesheet_cart_header[1].csstext
MD5:C7AF725CE3DB549F0C123E6B47EEBCB8
SHA256:2230DC3C3E53321D9738060D44014C60BA1AAD66270AA2BFA222A2A4D0AD8CF4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
84
TCP/UDP connections
12
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3244
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_productupdates.css
US
text
24.9 Kb
suspicious
3244
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_res.css
US
text
602 b
suspicious
3244
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet.css
US
text
10.2 Kb
suspicious
3244
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_categories_menu.css
US
text
1.08 Kb
suspicious
3244
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_slider.css
US
text
1.42 Kb
suspicious
3244
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_css_buttons.css
US
text
1.22 Kb
suspicious
3244
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_cart_header.css
US
text
571 b
suspicious
3244
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_select_popup.css
US
text
9.85 Kb
suspicious
3244
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/
US
html
9.86 Kb
suspicious
3244
iexplore.exe
GET
200
104.233.213.89:80
http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_footer_menu.css
US
text
833 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3244
iexplore.exe
157.240.1.23:443
connect.facebook.net
Facebook, Inc.
US
whitelisted
2724
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2724
iexplore.exe
104.233.213.89:80
jdsports.top
PEG TECH INC
US
suspicious
3244
iexplore.exe
104.233.213.89:80
jdsports.top
PEG TECH INC
US
suspicious
3244
iexplore.exe
183.131.207.78:80
ia.51.la
DaLi
CN
suspicious
3244
iexplore.exe
220.243.212.50:443
js.users.51.la
QUANTIL, INC
CN
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
jdsports.top
  • 104.233.213.89
suspicious
connect.facebook.net
  • 157.240.1.23
whitelisted
js.users.51.la
  • 220.243.212.50
whitelisted
ia.51.la
  • 183.131.207.78
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
3244
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
3244
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://jdsports.top/