analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/4cf54f69-561c-49c7-869b-af4e3b697367
Verdict: Malicious activity
Analysis date: January 17, 2020, 23:45:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5:

2692EA93528134372BBBD0D0C0A5AAA3

SHA1:

5003B6770F2BFAAF3A361AA3370E96CC36CFF088

SHA256:

4F41B1C999DCD79BB6C38E84E1402D343049F345DB2A001048BD30727D1ED7A1

SSDEEP:

1536:tQdB/TReJljlYawx3fR9jR1j6ucRxiqDMzEJFXQYI8HsfEpvj90m0xWJTyq5uXn/:tQdBdMljZwx3v3j6LriqDMzEJFXQYI8y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2576)

    • Creates files in the user directory

      • iexplore.exe (PID: 2564)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2564)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2564)

    • Changes internet zones settings

      • iexplore.exe (PID: 2576)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

EXIF

HTML

ContentType: text/html; charset=utf-8
Title: Email Marketing Services | Benchmark Email
Description: Email Marketing Service to engage subscribers, nurture leads, send beautiful, responsive emails and track results.
Keywords: email marketing, html, campaigns, surveys, newsletter
msvalidate01: A4AC6318A4387C9A4F8E28F1FF678153
wotVerification: 5ec7eb4869eab194da0e
Robots: noindex
ContentLanguage: en
googleSiteVerification: FDAzMhFOy20XLGrFfbFom3YShZVL9LQi01_v69u5NeA
viewport: width=device-width, initial-scale=1.0
baiduSiteVerification: jXyXOnaO6N
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2576"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2564"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2576 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
391
Read events
311
Write events
79
Delete events
1

Modification events

(PID) Process:(2576) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2576) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2576) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2576) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2576) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2576) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2576) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{8567FC6B-3983-11EA-AB41-5254004A04AF}
Value:
0
(PID) Process:(2576) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2576) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(2576) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E40701000500110017002E0004003E01
Executable files
0
Suspicious files
4
Text files
11
Unknown types
1

Dropped files

PID
Process
Filename
Type
2576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2564iexplore.exeC:\Users\admin\AppData\Local\Temp\CabAC09.tmp
MD5:
SHA256:
2576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2564iexplore.exeC:\Users\admin\AppData\Local\Temp\TarAC0A.tmp
MD5:
SHA256:
2564iexplore.exeC:\Users\admin\AppData\Local\Temp\CabAC1B.tmp
MD5:
SHA256:
2564iexplore.exeC:\Users\admin\AppData\Local\Temp\TarAC1C.tmp
MD5:
SHA256:
2564iexplore.exeC:\Users\admin\AppData\Local\Temp\CabB9F8.tmp
MD5:
SHA256:
2564iexplore.exeC:\Users\admin\AppData\Local\Temp\TarB9F9.tmp
MD5:
SHA256:
2564iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\onetrust[1].csstext
MD5:29BDF1F7487286FABC8D54DFF5FFB72F
SHA256:306A8FD3555E1028F65A0CDF45898A0192CA0BA02B05F98F30574D27C1990A2C
2564iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015binary
MD5:3F8C5138C0A4EF769384A536583A2504
SHA256:A82A9A0A3B39917E69FDC6F2C6B27601C717A0E2CE845269209DD3C64DF29070
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
17
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2576
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
2564
iexplore.exe
OPTIONS
400
172.217.18.104:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2564
iexplore.exe
OPTIONS
400
172.217.18.104:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2564
iexplore.exe
OPTIONS
400
172.217.18.104:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2564
iexplore.exe
OPTIONS
400
172.217.18.104:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2564
iexplore.exe
OPTIONS
400
172.217.18.104:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2564
iexplore.exe
OPTIONS
400
172.217.18.104:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2564
iexplore.exe
OPTIONS
400
172.217.18.104:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2564
iexplore.exe
OPTIONS
400
172.217.18.104:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2564
iexplore.exe
OPTIONS
400
172.217.18.104:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2576
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
4
System
172.217.18.104:139
www.googletagmanager.com
Google Inc.
US
suspicious
172.217.18.104:80
www.googletagmanager.com
Google Inc.
US
suspicious
2564
iexplore.exe
152.195.132.202:443
cdn.cookielaw.org
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2564
iexplore.exe
93.184.221.240:80
www.download.windowsupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2564
iexplore.exe
163.171.132.211:443
www.benchmarkemail.com
US
unknown
4
System
172.217.18.104:445
www.googletagmanager.com
Google Inc.
US
suspicious
2564
iexplore.exe
38.126.54.55:443
blog.benchmarkemail.com
BENCHMARK INTERNET GROUP
US
unknown
2564
iexplore.exe
172.217.18.104:80
www.googletagmanager.com
Google Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
cdn.cookielaw.org
  • 152.195.132.202
whitelisted
blog.benchmarkemail.com
  • 38.126.54.55
whitelisted
www.benchmarkemail.com
  • 163.171.132.211
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.download.windowsupdate.com
  • 93.184.221.240
whitelisted
www.googletagmanager.com
  • 172.217.18.104
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

Found threats are available for the paid subscriptions
10 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html