analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.xhamster.com

Full analysis: https://app.any.run/tasks/b0b64c84-8f89-4962-b238-b7eb92a5e10a
Verdict: No threats detected
Analysis date: September 12, 2020, 17:42:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D637EA9C9E1B52B3531CF73240B65A6B

SHA1:

95E679B57754A1C0707DEB460BE3E02212BEA303

SHA256:

503837522BA83377046B197BD119D816928D3326FC293E97B7627EBEE1DAF79B

SSDEEP:

3:N8DSLompI:2OL0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2808)

  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 440)
      • iexplore.exe (PID: 4056)
      • iexplore.exe (PID: 3728)

    • Changes internet zones settings

      • iexplore.exe (PID: 3728)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 440)
      • iexplore.exe (PID: 4056)
      • iexplore.exe (PID: 3884)
      • iexplore.exe (PID: 3728)

    • Reads internet explorer settings

      • iexplore.exe (PID: 440)
      • iexplore.exe (PID: 4056)
      • iexplore.exe (PID: 3884)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 440)
      • iexplore.exe (PID: 4056)

    • Application launched itself

      • iexplore.exe (PID: 3728)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3728)

    • Creates files in the user directory

      • iexplore.exe (PID: 4056)
      • iexplore.exe (PID: 440)
      • iexplore.exe (PID: 3728)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2808)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3728)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
46
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs flashutil32_26_0_0_131_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3728"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.xhamster.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
440"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3728 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
3489660927
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
4056"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3728 CREDAT:3872008 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3884"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3728 CREDAT:2954504 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2808C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version:
26,0,0,131
Total events
1 534
Read events
1 200
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
101
Text files
307
Unknown types
42

Dropped files

PID
Process
Filename
Type
440iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab98A.tmp
MD5:
SHA256:
440iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar98B.tmp
MD5:
SHA256:
440iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\VUSCWA8T.txt
MD5:
SHA256:
440iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\2BS8XTJT.txt
MD5:
SHA256:
440iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZDW394F2.txt
MD5:
SHA256:
440iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\NNXXRQNP.txt
MD5:
SHA256:
440iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\D6BCZRW9.txt
MD5:
SHA256:
440iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QSN0EILD.txttext
MD5:6BAA537477126DA5FF7FABAF4E8A8B03
SHA256:91F901DD941AADD1F0AB49E0D251FF9DA9C4BF3E611E91A0E3F557F2B2C6B49B
440iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9C8359608AB3056DF2992F728C727F81der
MD5:8CB72D839EC617D2AF3080E2FC9D99D8
SHA256:ED1B496576DC806E83B3D1519319FD1CDAA4AC7C2753CCFD74ED5EDECC82E01B
440iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:4F5D348573DC4CF4D56014130ED29C96
SHA256:16F32C5FFAB729AFA256DC32F2560EFD306B7B1BCCF6F71632D649D3DAD9C131
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
128
DNS requests
47
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
440
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
440
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQD7cYfqDCTUB%2BfesRJm9bTj
US
der
472 b
whitelisted
440
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEAiz5x%2FE011nkGwIEKQ878g%3D
US
der
471 b
whitelisted
440
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQD7cYfqDCTUB%2BfesRJm9bTj
US
der
472 b
whitelisted
440
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
440
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQD7cYfqDCTUB%2BfesRJm9bTj
US
der
472 b
whitelisted
440
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEEKlS7r0U65UrxgQwx5Gs6E%3D
US
der
471 b
whitelisted
440
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQD7cYfqDCTUB%2BfesRJm9bTj
US
der
472 b
whitelisted
440
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQD7cYfqDCTUB%2BfesRJm9bTj
US
der
472 b
whitelisted
440
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQD7cYfqDCTUB%2BfesRJm9bTj
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
440
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
440
iexplore.exe
104.18.156.3:443
xhamster.com
Cloudflare Inc
US
unknown
440
iexplore.exe
8.241.82.251:443
static-lvlt.xhcdn.com
Level 3 Communications, Inc.
US
unknown
440
iexplore.exe
8.241.82.123:443
thumb-lvlt.xhcdn.com
Level 3 Communications, Inc.
US
unknown
440
iexplore.exe
8.241.82.249:443
lcdn.tsyndicate.com
Level 3 Communications, Inc.
US
unknown
440
iexplore.exe
88.208.60.136:443
www.xhamster.com
DataWeb Global Group B.V.
NL
unknown
440
iexplore.exe
185.98.54.129:443
cnt.xhamster.com
NL
unknown
440
iexplore.exe
151.139.128.14:80
ocsp.usertrust.com
Highwinds Network Group, Inc.
US
suspicious
440
iexplore.exe
172.217.16.195:80
ocsp.pki.goog
Google Inc.
US
whitelisted
440
iexplore.exe
172.217.16.168:443
www.googletagmanager.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.xhamster.com
  • 88.208.60.136
  • 88.208.29.180
unknown
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
ocsp.sectigo.com
  • 151.139.128.14
whitelisted
xhamster.com
  • 104.18.156.3
  • 104.18.155.3
suspicious
ocsp.digicert.com
  • 93.184.220.29
whitelisted
collector.xhamster.com
  • 88.208.23.193
  • 88.208.23.194
  • 88.208.13.49
  • 88.208.13.50
unknown
www.googletagmanager.com
  • 172.217.16.168
whitelisted
www.google-analytics.com
  • 172.217.23.142
whitelisted
static-lvlt.xhcdn.com
  • 8.241.82.251
  • 8.238.35.251
  • 8.238.31.123
whitelisted
thumb-lvlt.xhcdn.com
  • 8.241.82.123
  • 8.253.204.114
  • 67.26.81.251
  • 67.27.159.123
  • 8.238.29.123
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.xhamster.com