analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

redir_ie.html

Full analysis: https://app.any.run/tasks/592cd056-3c22-4b27-8684-62ef8cbca86e
Verdict: Malicious activity
Analysis date: February 21, 2020, 21:17:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text
MD5:

7333E66FF3ACC3216D168801903F388F

SHA1:

BE1214886897A929AC09239494D99A082A763E45

SHA256:

54032AAB22CD297D5915B12777E2676C7D4C359C63C77B37A80D3CC8C0137EBF

SSDEEP:

3:qVvzL6HjJMzVJu+x73BISLfZVKNhtv0GL:qFzLOMRJR1vLhVWhd0GL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3692)
      • iexplore.exe (PID: 3744)

    • Application launched itself

      • iexplore.exe (PID: 2860)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2860)
      • iexplore.exe (PID: 3692)

    • Changes internet zones settings

      • iexplore.exe (PID: 3744)

    • Creates files in the user directory

      • iexplore.exe (PID: 3692)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3692)
      • iexplore.exe (PID: 3744)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3744)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3744)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)

EXIF

HTML

Refresh: 4; URL='https://www.msn.com'
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3744"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\redir_ie.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2860"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3744 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3692"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3744 CREDAT:333057 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
6 149
Read events
950
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
38
Text files
85
Unknown types
18

Dropped files

PID
Process
Filename
Type
3744iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3692iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab9776.tmp
MD5:
SHA256:
3692iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar9777.tmp
MD5:
SHA256:
3692iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\YC7MESPT.txt
MD5:
SHA256:
3692iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GB0ZYKXR.txt
MD5:
SHA256:
3692iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_5FDD03068CBBD8A96F3AB9595BA10093binary
MD5:447C4C004439C85E2DE6F884CB34C14B
SHA256:8985F51CAAED6615CE5B967E3718A42BE4B22BB7DC48A7DE91C949D2B3FCC76D
3692iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\CPEWPG9T.txttext
MD5:A35F7599A7F3F058613DE4A7DF9C5601
SHA256:28DCDF41FCDE3D2BF543EC8C356628FC43FA9519CA942E322ED72CAE44EF1E43
3692iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04der
MD5:DE955FE82F4521B696C992706C9CCB3D
SHA256:B9C0B4ADA722249550F17DD2B5A734EEE2AD7776BF88B8329379898A6E60647E
3692iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619binary
MD5:D2E1E53E1127C10F7167125044666138
SHA256:72B56CC0CAC396B1971EAB268F6C3634F361DC97B0D3582397E1389225DBE4AB
3692iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04binary
MD5:687E1DA2B40050A4A2A89A33D76FCBB5
SHA256:58553F385EDBDD3894660D3B4F0E2488141C1DF3A8E6F528C6B17650CEE0251D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
56
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3692
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAtb9ltrp%2FvQiykNkEU33uA%3D
US
der
471 b
whitelisted
3692
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
US
der
471 b
whitelisted
3692
iexplore.exe
GET
200
216.58.207.67:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDu3mVgzTXArwIAAAAAWXG3
US
der
472 b
whitelisted
3692
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D
US
der
1.47 Kb
whitelisted
3744
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
3692
iexplore.exe
GET
200
104.18.24.243:80
http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0ACT6jyC8wXTpAKkoAAAAJPqM%3D
US
der
1.79 Kb
whitelisted
3744
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
3692
iexplore.exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkbwjNvPLFRm7zMB3V80
US
der
1.49 Kb
whitelisted
3692
iexplore.exe
GET
200
104.18.24.243:80
http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0ACT6jyC8wXTpAKkoAAAAJPqM%3D
US
der
1.79 Kb
whitelisted
3692
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3744
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3692
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3692
iexplore.exe
2.16.186.35:443
static-global-s-msn-com.akamaized.net
Akamai International B.V.
whitelisted
3692
iexplore.exe
204.79.197.203:443
www.msn.com
Microsoft Corporation
US
whitelisted
3692
iexplore.exe
216.58.207.67:80
ocsp.pki.goog
Google Inc.
US
whitelisted
3692
iexplore.exe
172.217.23.142:443
play.google.com
Google Inc.
US
whitelisted
3692
iexplore.exe
104.86.44.115:443
linkmaker.itunes.apple.com
Akamai Technologies, Inc.
NL
unknown
3692
iexplore.exe
111.221.29.254:443
web.vortex.data.msn.com
Microsoft Corporation
HK
whitelisted
3692
iexplore.exe
152.199.21.175:443
cookies.onetrust.mgr.consensu.org
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3692
iexplore.exe
104.18.24.243:80
ocsp.msocsp.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.msn.com
  • 204.79.197.203
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
static-global-s-msn-com.akamaized.net
  • 2.16.186.35
  • 2.16.186.9
whitelisted
linkmaker.itunes.apple.com
  • 104.86.44.115
whitelisted
play.google.com
  • 172.217.23.142
whitelisted
ocsp.pki.goog
  • 216.58.207.67
whitelisted
web.vortex.data.msn.com
  • 111.221.29.254
whitelisted
optanon.blob.core.windows.net
  • 52.239.137.4
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
redir_ie.html