analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://xss.my.id

Full analysis: https://app.any.run/tasks/bf6f2e33-10b7-4a43-8caa-0136c2b1bf5c
Verdict: Malicious activity
Analysis date: May 20, 2022, 16:02:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

6931BE312628E5F41B0925A48F9F725E

SHA1:

617E88D824FFBA3C7ECDEE4360322CC4CAADF3F7

SHA256:

4967E6DA4E657F716AE02EFA3832C072044F7E8F6516E810F6A418E9B8C58026

SSDEEP:

3:N86MhLAn:26SM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 916)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 824)
      • iexplore.exe (PID: 916)
    • Checks supported languages

      • iexplore.exe (PID: 916)
      • iexplore.exe (PID: 824)
    • Application launched itself

      • iexplore.exe (PID: 824)
    • Changes internet zones settings

      • iexplore.exe (PID: 824)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 916)
      • iexplore.exe (PID: 824)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 916)
      • iexplore.exe (PID: 824)
    • Reads internet explorer settings

      • iexplore.exe (PID: 916)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
824"C:\Program Files\Internet Explorer\iexplore.exe" "https://xss.my.id"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
916"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:824 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
11 617
Read events
11 506
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
6
Text files
7
Unknown types
3

Dropped files

PID
Process
Filename
Type
916iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:47F5D83C2979181376A04351A18953C0
SHA256:5602EDE4EC6ED88EBC1A2660C6EEE0F5DA13BDE210A664DB8DBCB4CB7C265526
824iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:AC8FE9D561E9E7288AECF13F03AEA3D1
SHA256:CECD911136F3CCBE6F4869CBCBD9FD15B3FA91CD2FD49B9655FA3BCF8E932C05
916iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:4389B9BB5EB37F0260A1B4C2C6AFD85A
SHA256:1286CFC21FCD742A07669A7AD615343A1C4B3A68E6984E3AB1AE76C8C9A10763
824iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:FA526918A211E850A6078FB1D00B2045
SHA256:396B94C667643AFA59D155EF4D812DA6F4D67DD50CEC97194E1CA3A1B3ECE3FE
824iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:344F1E8DFDC16B512821471443592A9B
SHA256:3AF33472842A29105F57F5FEB1BB34CF21B6DF0464AF41423C34B64E62537E0A
916iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:41FBBFEF77C9E15DF36E1CB541503D98
SHA256:1C596FD0B7231E43E672CB027BE6117200830DD98929F060C3A97F8EFC4EAE17
824iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
824iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
824iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:4D821D16628499DF6A87F080F47F0F71
SHA256:C5E3E2DB3DA9BC99A02B365FBFFF156B45084A2B04649E542BAFA1CE27F5A825
824iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
16
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
824
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
916
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
824
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
916
iexplore.exe
GET
200
178.79.242.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?eeb29d920165bc49
DE
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
916
iexplore.exe
178.79.242.0:80
ctldl.windowsupdate.com
Limelight Networks, Inc.
DE
whitelisted
916
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
916
iexplore.exe
188.114.97.10:443
xss.my.id
Cloudflare Inc
US
malicious
824
iexplore.exe
188.114.97.10:443
xss.my.id
Cloudflare Inc
US
malicious
178.79.242.0:80
ctldl.windowsupdate.com
Limelight Networks, Inc.
DE
whitelisted
824
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
824
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
824
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
xss.my.id
  • 188.114.97.10
  • 188.114.96.10
malicious
ctldl.windowsupdate.com
  • 178.79.242.0
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info