analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

click

Full analysis: https://app.any.run/tasks/2f14b166-24f1-4130-9b58-5d72ff9b45fb
Verdict: Malicious activity
Analysis date: October 20, 2020, 13:28:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/octet-stream
File info: data
MD5:

DBAF68EA46465989151DB909FB8DBBCA

SHA1:

D5C04909A8E1C5236917F04316102B57FFEA0DB4

SHA256:

47A12FA22FB67A8A86D2880CFFFDE1901692F99089075CA054E43D9C4563C469

SSDEEP:

1536:qiPMTttA8qhB8vJg7pZX+7IsuOfTEsssEAzdAGhu3hVw+XUZ7IP1Vx+cUN7I91VL:qZA87uOfTYApATSRCVJfPjRmf5f8YmPt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1000)
      • iexplore.exe (PID: 1580)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1580)
      • iexplore.exe (PID: 2888)
    • Changes internet zones settings

      • iexplore.exe (PID: 1580)
    • Application launched itself

      • iexplore.exe (PID: 1580)
      • chrome.exe (PID: 2684)
      • iexplore.exe (PID: 1000)
    • Reads internet explorer settings

      • iexplore.exe (PID: 1000)
    • Reads the hosts file

      • chrome.exe (PID: 2800)
      • chrome.exe (PID: 2684)
    • Manual execution by user

      • chrome.exe (PID: 2684)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1000)
      • iexplore.exe (PID: 1580)
    • Changes settings of System certificates

      • iexplore.exe (PID: 1000)
      • iexplore.exe (PID: 1580)
    • Creates files in the user directory

      • iexplore.exe (PID: 1580)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)

EXIF

HTML

Title: Art Index The Art of Investments
Description: Want To Earn Returns Of Up To 10.25% P.A. On Proven Asset Class? We understand the science behind the correct artwork selection for high yield rental returns
Robots: index, follow
GoogleBot: index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1
bingbot: index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1
twitterCard: summary_large_image
Generator: WordPress 5.4.2
ContentType: text/html; charset=UTF-8
msapplicationTileImage: https://artindex.1tlc.com.au/wp-content/uploads/sites/107/2020/10/art-index-logo.jpg
viewport: width=device-width, initial-scale=1.0, viewport-fit=cover
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
59
Monitored processes
20
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs iexplore.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1580"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\click.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
1000"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1580 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2684"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3548"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6c4fa9d0,0x6c4fa9e0,0x6c4fa9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2980"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1344 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2224"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=996,6769568310808576058,16308686348148880121,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6041289210677064374 --mojo-platform-channel-handle=1004 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2800"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6769568310808576058,16308686348148880121,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=6070504988266334073 --mojo-platform-channel-handle=1624 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
316"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6769568310808576058,16308686348148880121,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17111653696361525896 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2508"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6769568310808576058,16308686348148880121,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1712307577662429661 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2484 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
668"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6769568310808576058,16308686348148880121,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2290855250155547525 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2504 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
2 367
Read events
2 183
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
77
Text files
119
Unknown types
39

Dropped files

PID
Process
Filename
Type
1580iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1000iexplore.exeC:\Users\admin\AppData\Local\Temp\Cab59CD.tmp
MD5:
SHA256:
1000iexplore.exeC:\Users\admin\AppData\Local\Temp\Tar59CE.tmp
MD5:
SHA256:
2684chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F8EE650-A7C.pma
MD5:
SHA256:
1000iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\js[1].jstext
MD5:D785B1A5908AE629DAEB0C5A0FC5B775
SHA256:A3D3DDC62936EB4C055A404997133D5E067DC0CA7CE0CCE43501E6D61C8AC6AB
1000iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_837A0010DA5A648BE322B702015A9E91der
MD5:D9D2417609F48B469DA68D5954ED031B
SHA256:A78AFA354701B721E3CBEF9D8C3978FAAF6EE80D3B722E24F2EF2CF7A1ECE0A5
1000iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bbinary
MD5:2579831AF140443997DCFBC214D23170
SHA256:4CF466BB6667476682D6D57401649A0903E05A160A9892DBF11BFB75F997E1FB
1000iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_837A0010DA5A648BE322B702015A9E91binary
MD5:0F194B6BDEE2AFEE8C9AF9F7838B5C14
SHA256:7F52BD3B34CA30E06B6A0FFA1E81274821C9A24668E1E7DD6C7E84B041C5B745
2684chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4421b22e-0982-4813-a833-d3da00b19b32.tmp
MD5:
SHA256:
2684chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:FB5B20517A0D1F7DAD485989565BEE5E
SHA256:99405F66EDBEB2306F4D0B4469DCADFF5293B5E1549C588CCFACEA439BB3B101
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
347
DNS requests
54
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1000
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDopzvCvNaHRggAAAAAXcGw
US
der
472 b
whitelisted
1000
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/Omniroot2025.crl
US
der
7.30 Kb
whitelisted
1000
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkbwjNvPLFRm7zMB3V80
US
der
1.49 Kb
whitelisted
1000
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCECiWpPQxRDpPAgAAAAB8NWE%3D
US
der
471 b
whitelisted
1000
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCOUTy4wn8XWggAAAAAWy8I
US
der
472 b
whitelisted
1000
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJ13zfQMBhkWtuM%3D
US
der
468 b
whitelisted
1000
iexplore.exe
GET
200
13.35.253.97:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
1000
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
1000
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDopzvCvNaHRggAAAAAXcGw
US
der
472 b
whitelisted
1000
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCOUTy4wn8XWggAAAAAWy8I
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1000
iexplore.exe
216.58.212.170:443
fonts.googleapis.com
Google Inc.
US
whitelisted
1000
iexplore.exe
139.99.174.57:443
artindex.1tlc.com.au
OVH SAS
AU
suspicious
4
System
104.17.210.204:445
js.hs-scripts.com
Cloudflare Inc
US
shared
4
System
104.17.212.204:445
js.hs-scripts.com
Cloudflare Inc
US
shared
1000
iexplore.exe
172.217.22.40:443
www.googletagmanager.com
Google Inc.
US
whitelisted
4
System
104.17.214.204:445
js.hs-scripts.com
Cloudflare Inc
US
shared
4
System
104.17.213.204:445
js.hs-scripts.com
Cloudflare Inc
US
shared
1000
iexplore.exe
172.217.23.99:80
ocsp.pki.goog
Google Inc.
US
whitelisted
1580
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
4
System
104.17.210.204:139
js.hs-scripts.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
artindex.1tlc.com.au
  • 139.99.174.57
suspicious
fonts.googleapis.com
  • 216.58.212.170
whitelisted
www.googletagmanager.com
  • 172.217.22.40
whitelisted
js.hs-scripts.com
  • 104.17.214.204
  • 104.17.212.204
  • 104.17.213.204
  • 104.17.211.204
  • 104.17.210.204
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
ocsp.pki.goog
  • 172.217.23.99
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
clientservices.googleapis.com
  • 172.217.22.99
whitelisted

Threats

PID
Process
Class
Message
1000
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
1000
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
1000
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
1000
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
1000
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
1000
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
1000
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
1000
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
1000
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
1000
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info