analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.wintips.org/fix-windows-spotlight-not-working-in-windows-10/

Full analysis: https://app.any.run/tasks/685fc9d6-ab01-4b39-bba2-299f79f091e5
Verdict: Malicious activity
Analysis date: November 29, 2020, 20:50:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

B366561F9D4C106F51528EFA4249D198

SHA1:

1C0C6578015B002F4FB147540F693AA59C99199D

SHA256:

4FAA5E9DC2959E469866AC48299F5521F4FEA33477C29133526750A9FCB4C046

SSDEEP:

3:N8DSL0XJQKvnJMCUgKLBJzn:2OL0Xe2nJMZBJzn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Changes settings of System certificates

      • iexplore.exe (PID: 2488)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2488)
      • iexplore.exe (PID: 2320)
    • Changes internet zones settings

      • iexplore.exe (PID: 2488)
    • Application launched itself

      • iexplore.exe (PID: 2488)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2320)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2488)
    • Creates files in the user directory

      • iexplore.exe (PID: 2320)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2488"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.wintips.org/fix-windows-spotlight-not-working-in-windows-10/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2320"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2488 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
860
Read events
697
Write events
159
Delete events
4

Modification events

(PID) Process:(2488) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
1653855362
(PID) Process:(2488) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30852753
(PID) Process:(2488) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2488) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2488) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2488) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2488) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2488) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A5000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2488) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2488) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
0
Suspicious files
112
Text files
98
Unknown types
57

Dropped files

PID
Process
Filename
Type
2320iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab108.tmp
MD5:
SHA256:
2320iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar109.tmp
MD5:
SHA256:
2320iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\fix-windows-spotlight-not-working-in-windows-10[1].htmhtml
MD5:7B9287ADE14CB27FD71B2B24F8FB74BE
SHA256:867A9FC8F453CCE49D9FD1D64DE038664091C718D9590F527F7443665EE8FDBC
2320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:A16D0484BD99C20052B0CE4765DB96E6
SHA256:FA5143A8D962BF21307BC463ACD965EC61196022AAEA5235C700C7B48A611D8F
2320iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\themify.common.min[1].csstext
MD5:3C8BB18EBDC43C7D6EC08C4D1CE54888
SHA256:663E0AF0C5B75B44DDB5CB13E8D52EF5BB56803925C3C8FF182A9EA4960C4976
2320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AB2D162084647023BAA247647AC86D73binary
MD5:112B9FAF42BA78E086CB943EFBB250DB
SHA256:D36BD8906420EAD9FDC8305CDDBD01EE1C1947974AC6AAEFC5675CA5CB642C42
2320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AB2D162084647023BAA247647AC86D73der
MD5:0639449FD9C8CAF5B8B5575FFFEE96DA
SHA256:3CEEEEEB3A8C5C84909DB2450040B24E277524D78638B9252E46A09C39E8EA52
2320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:16986898F5EB5B997247119BD7AB7899
SHA256:E6E2A5E9BEA4E7A7D6F6C928581842631741905B7F4ABEE95EBC77C274CC4787
2320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:56BED2B1B0977D93CE3AC67F809B4456
SHA256:561CAC58B1D766D6D652071519348AF1733E60B478B23613CFCCB03A9E0B23B6
2320iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:CA57489FA2F5B061504F0D1F9DB09E44
SHA256:862EA67B7FEA748A32F4AACB82523A4243B6911AAD51EF8FDD80D742FE31ACA6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
54
TCP/UDP connections
144
DNS requests
63
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2320
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
US
der
471 b
whitelisted
2320
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAQP1VfHStqP6z8BbhQy82Q%3D
US
der
280 b
whitelisted
2320
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
2320
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
2320
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
2320
iexplore.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDa2MTpyZrzlQgAAAAAYth4
US
der
472 b
whitelisted
2320
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHyS0n8a7XlkXPybkI8Z7h4%3D
US
der
471 b
whitelisted
2320
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
2320
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2320
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2320
iexplore.exe
172.217.16.194:443
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
2320
iexplore.exe
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious
2320
iexplore.exe
172.217.12.170:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2320
iexplore.exe
151.139.240.28:443
www.wintips.org
netDNA
US
unknown
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious
2320
iexplore.exe
23.212.156.24:443
contextual.media.net
GTT Communications Inc.
US
unknown
2320
iexplore.exe
104.26.3.65:443
cdn.orangeclickmedia.com
Cloudflare Inc
US
unknown
2320
iexplore.exe
151.101.1.21:443
www.paypal.com
Fastly
US
suspicious
2320
iexplore.exe
151.101.12.157:443
platform.twitter.com
Fastly
US
suspicious
2320
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
www.wintips.org
  • 151.139.240.28
suspicious
ocsp.comodoca.com
  • 151.139.128.14
whitelisted
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
ocsp.sectigo.com
  • 151.139.128.14
whitelisted
fonts.googleapis.com
  • 172.217.12.170
whitelisted
pagead2.googlesyndication.com
  • 172.217.16.194
whitelisted
cdn.orangeclickmedia.com
  • 104.26.3.65
  • 172.67.73.135
  • 104.26.2.65
unknown
contextual.media.net
  • 23.212.156.24
shared
www.paypal.com
  • 151.101.1.21
whitelisted
www.lduhtrp.net
  • 89.207.16.72
malicious

Threats

PID
Process
Class
Message
2320
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2320
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info