URL:

https://tools.ietf.org/html/rfc5965

Full analysis: https://app.any.run/tasks/8fce8d02-14ef-4fea-bc11-3d697838635e
Verdict: Malicious activity
Analysis date: July 12, 2024, 20:03:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C3447BD508D9A83E4CCE1DD6E298B595

SHA1:

E29D274BFAF1F0D2BF327846E1C4A4086A710CF0

SHA256:

4AA06EB8C6E4546625C2C5C89BDAE8BDAEBD88747243F8D5147D242491535CF2

SSDEEP:

3:N8CKER6u8CQn:2CK46B

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3344)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3344"C:\Program Files\Internet Explorer\iexplore.exe" "https://tools.ietf.org/html/rfc5965"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3432"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3344 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
18 141
Read events
18 027
Write events
87
Delete events
27

Modification events

(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31118486
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31118486
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
15
Text files
15
Unknown types
5

Dropped files

PID
Process
Filename
Type
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:822467B728B7A66B081C91795373789A
SHA256:AF2343382B88335EEA72251AD84949E244FF54B6995063E24459A7216E9576B9
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
SHA256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:79DB3788748837DCAAF442592CB4BAFD
SHA256:B329AD2F483656E724DBB55A6B082C353F42E847D2372F62D0FB276F8B3DC1C5
3432iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabEC60.tmpcompressed
MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
SHA256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
3432iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabEC62.tmpcompressed
MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
SHA256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:63AF68D7F7AD4831DAC13C3FE1CB5123
SHA256:B377E12569CE3A2DCD665A56196518CF063E6D5BD9CD6F333382ABC79C45BE50
3432iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarEC61.tmpcat
MD5:4EA6026CF93EC6338144661BF1202CD1
SHA256:8EFBC21559EF8B1BCF526800D8070BAAD42474CE7198E26FA771DBB41A76B1D8
3432iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarEC63.tmpcat
MD5:4EA6026CF93EC6338144661BF1202CD1
SHA256:8EFBC21559EF8B1BCF526800D8070BAAD42474CE7198E26FA771DBB41A76B1D8
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:528C55351666FC7EB64251EEF817131D
SHA256:AD6D1765D53DEA37628CECE5678C6469CF84A4CE9C96F8EA3B4B12581E1BE216
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61der
MD5:5AE8478AF8DD6EEC7AD4EDF162DD3DF1
SHA256:FE42AC92EAE3B2850370B73C3691CCF394C23AB6133DE39F1697A6EBAC4BEDCA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
36
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3432
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?36cc2fe0eb6740f3
US
whitelisted
3432
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5772e25ef649d621
US
whitelisted
3432
iexplore.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c0da30b1b20ac822
US
compressed
70.2 Kb
whitelisted
3432
iexplore.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?41057beeebf19e51
US
compressed
70.2 Kb
whitelisted
3432
iexplore.exe
GET
200
72.246.169.163:80
http://x1.c.lencr.org/
DE
binary
717 b
whitelisted
3432
iexplore.exe
GET
200
72.246.169.163:80
http://x2.c.lencr.org/
DE
binary
299 b
whitelisted
3344
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c8dc605c40cb8a90
US
whitelisted
3344
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d33d9203ac44c676
US
whitelisted
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
whitelisted
3344
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
whitelisted
239.255.255.250:3702
whitelisted
1372
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
3432
iexplore.exe
104.16.44.99:443
tools.ietf.org
CLOUDFLARENET
unknown
3432
iexplore.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
3432
iexplore.exe
72.246.169.163:80
x1.c.lencr.org
AKAMAI-AS
DE
unknown
3432
iexplore.exe
104.16.45.99:443
tools.ietf.org
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.78
whitelisted
tools.ietf.org
  • 104.16.44.99
  • 104.16.45.99
whitelisted
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
x1.c.lencr.org
  • 72.246.169.163
whitelisted
datatracker.ietf.org
  • 104.16.44.99
  • 104.16.45.99
whitelisted
x2.c.lencr.org
  • 72.246.169.163
whitelisted
static.ietf.org
  • 104.16.45.99
  • 104.16.44.99
whitelisted
analytics.ietf.org
  • 104.16.45.99
  • 104.16.44.99
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 184.86.251.23
  • 184.86.251.9
  • 184.86.251.17
  • 184.86.251.4
  • 184.86.251.19
  • 184.86.251.25
  • 184.86.251.15
  • 184.86.251.21
  • 184.86.251.28
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://tools.ietf.org/html/rfc5965