analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

invioce480653LP.doc

Full analysis: https://app.any.run/tasks/2b1f2768-61bd-4014-bd59-bbeec6796445
Verdict: Malicious activity
Analysis date: April 23, 2019, 19:04:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5:

41B47FE7D1C02F17396DA82429EA2660

SHA1:

CB6BC579D6226E10B7A25489B1A7BB804361FE13

SHA256:

53EB7447166A8C465A13BF0ED359CF2888E8DF96DED9D19EACBA33F7EA6C047B

SSDEEP:

96:1t4QiyGy07Pxa5yU08nKHf8bkxpucy1pfzKCKJTIFt70B/llJ:12Q47PkykbkxJeNeJKtYllJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3368)

    • Changes internet zones settings

      • iexplore.exe (PID: 2668)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3368)

    • Application launched itself

      • iexplore.exe (PID: 2668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

Title: Are Attachments Safe?
ContentType: text/html; charset=UTF-8
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2668"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\invioce480653LP.doc.htmC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3368"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2668 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
321
Read events
263
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
5
Unknown types
1

Dropped files

PID
Process
Filename
Type
2668iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2668iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3368iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019042320190424\index.datdat
MD5:98B68371CE3F84DBD67E5AB68E73FA65
SHA256:387763DFAB2BD3CD8DD61E339CBEB0C1843329D408226B208104C6B8DC3EFEDB
3368iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\lurie_logo_225px-38014ad7[1].gifimage
MD5:5ED5968FB4D30E4EFFAD2D27C3AE85F2
SHA256:117955740A3E0EAA0A4D0562D6DAB80FB5E8684BDCCEC3D3B6E456D03081660B
2668iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].pngimage
MD5:9FB559A691078558E77D6848202F6541
SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
2668iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3368iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\open-attach[1].pngimage
MD5:678FF80FDB7CC437375044BEC04C41C1
SHA256:8108F37E6453404FFE89BDAA6797C7E301A916FFAF2199D83E6EBA1AAECA60A6
3368iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\warning[1].pngimage
MD5:B20C7A1C9DF1498B712763BC7FCFF46B
SHA256:99E4FC1989B8C867B12638C4869EA1C89B686F622FD5EE9351EBBB142679A8D9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
8
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3368
iexplore.exe
GET
200
52.85.183.36:80
http://images.pmeimg.com/public/user_assets/2ce76fc2-5bc8-436d-8ae6-b26237e74b84/lurie_logo_225px-38014ad7.gif
US
image
3.65 Kb
shared
3368
iexplore.exe
GET
200
54.83.101.48:80
http://hbm5g0fj5xh.lucrativehiring.com/b1aeb063-cc69-4f7a-a34b-4f509cb4aacb.png
US
image
68 b
malicious
3368
iexplore.exe
GET
200
100.24.100.138:80
http://hbm5g0fj5xh.lucrativehiring.com/b1aeb063-cc69-4f7a-a34b-4f509cb4aacb.gif
US
image
68 b
malicious
3368
iexplore.exe
GET
200
52.85.183.36:80
http://images.pmeimg.com/system/content_images/uploads/62e/5fe/03-/original/open-attach.png
US
image
53.2 Kb
shared
3368
iexplore.exe
GET
200
52.85.183.16:80
http://images.pmeimg.com/system/content_images/uploads/173/6c8/9c-/original/warning.png
US
image
2.57 Kb
shared
2668
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2668
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3368
iexplore.exe
52.85.183.16:80
images.pmeimg.com
Amazon.com, Inc.
US
malicious
3368
iexplore.exe
52.85.183.179:80
images.pmeimg.com
Amazon.com, Inc.
US
suspicious
3368
iexplore.exe
52.85.183.36:80
images.pmeimg.com
Amazon.com, Inc.
US
unknown
3368
iexplore.exe
54.83.101.48:80
hbm5g0fj5xh.lucrativehiring.com
Amazon.com, Inc.
US
suspicious
3368
iexplore.exe
100.24.100.138:80
hbm5g0fj5xh.lucrativehiring.com
US
suspicious

DNS requests

Domain
IP
Reputation
hbm5g0fj5xh.lucrativehiring.com
  • 100.24.100.138
  • 54.83.101.48
malicious
images.pmeimg.com
  • 52.85.183.36
  • 52.85.183.179
  • 52.85.183.16
  • 52.85.183.172
shared
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
invioce480653LP.doc