analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://syconintl-my.sharepoint.com/:o:/p/estephens/Evga6koYqBxPjw44uJkqV5wBlXsVI9svILKySQBy3YlQAA?e=tFIP02

Full analysis: https://app.any.run/tasks/4444dc65-be43-4380-85a8-b1d0f04b635f
Verdict: Malicious activity
Analysis date: November 08, 2019, 13:21:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

65AB2F3E4F1A5DB36AAF6E62FCC3E102

SHA1:

033CFDDC89682E2FB9268EA0DD50995A50939619

SHA256:

56953F67F89A4FD802637C6BFFCDB5F2F166166D737EC3DC4CB6091F5A72B5DE

SSDEEP:

3:N8RdL7IciN+ArL5pDAOrTjd176juHDTMys1VX:2z7Iv+AfXDAI6jkg/fX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2428)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3468)

    • Changes internet zones settings

      • iexplore.exe (PID: 2428)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2428)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2428)

    • Manual execution by user

      • opera.exe (PID: 1244)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3468)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2428)

    • Creates files in the user directory

      • opera.exe (PID: 1244)
      • iexplore.exe (PID: 2428)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
2428"C:\Program Files\Internet Explorer\iexplore.exe" "https://syconintl-my.sharepoint.com/:o:/p/estephens/Evga6koYqBxPjw44uJkqV5wBlXsVI9svILKySQBy3YlQAA?e=tFIP02"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3468"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2428 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1244"C:\Program Files\Opera\opera.exe" C:\Program Files\Opera\opera.exe
explorer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Version:
1748
Total events
665
Read events
526
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
12
Text files
38
Unknown types
6

Dropped files

PID
Process
Filename
Type
2428iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2428iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3BX5YRHO\WopiFrame[1].aspx
MD5:
SHA256:
3468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3BX5YRHO\init[1].jstext
MD5:EA0D3046441B91BE3B9AC4604EDB1DD5
SHA256:F53874F86E931BE72A4065B0F6F8108081F4EC93BAE1956A592B21D3E779C078
3468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:F546ACCC144780D1C7911B8D38C4494E
SHA256:82201219C5479111B298921B414CC9E2BD2F7D45991DAAEBB1E0AF8C22F36345
3468iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.datdat
MD5:5F4635A0E697BA31BAB4C5A6AE903F52
SHA256:BF615645862BC89E2E3FBCAA915454DAE723EEC9C6AF551DE8A6B075544B9B0E
3468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\47QMO1N0\initstrings[1].jstext
MD5:F3DD4BBCB0B29298C399965AFE363196
SHA256:8738756CF1F86BB9524D1F67ADFA02D9AAB26D917802F4CA58BE0404A922FE0D
3468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:D667D9DD005A44AD88169DB8B0D1D052
SHA256:4680B14E7E4E75D439B9EB4A8014517FBD143BA0B963E67BFF1EF27E6277AA46
3468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GLKVS81S\blank[1].jstext
MD5:FDA099FF2FAC08C3C6421848657975B3
SHA256:9CF5CA90610882A0BD2E985C457A928BA7838C3A71E1A979A66B898D2E4514CF
3468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3BX5YRHO\WopiFrame[1].htmhtml
MD5:713DB0362DD0D1C2B3B0673EB77E73FB
SHA256:D2806CCDED6D27B1D5916F91E5EB59619B8E236D1506EA956A8BC2C7A02AE9EF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
29
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1244
opera.exe
GET
200
72.21.91.29:80
http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
US
der
564 b
whitelisted
2428
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2428
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1244
opera.exe
185.26.182.93:443
certs.opera.com
Opera Software AS
whitelisted
3468
iexplore.exe
184.50.167.104:443
static.sharepointonline.com
Akamai Technologies, Inc.
NL
whitelisted
3468
iexplore.exe
13.107.6.171:443
onenote.officeapps.live.com
Microsoft Corporation
US
whitelisted
1244
opera.exe
107.167.110.216:443
sitecheck2.opera.com
Opera Software Americas LLC
US
malicious
1244
opera.exe
185.26.182.94:443
certs.opera.com
Opera Software AS
whitelisted
3468
iexplore.exe
13.107.136.9:443
syconintl-my.sharepoint.com
Microsoft Corporation
US
whitelisted
1244
opera.exe
72.21.91.29:80
crl4.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1244
opera.exe
13.107.136.9:443
syconintl-my.sharepoint.com
Microsoft Corporation
US
whitelisted
2428
iexplore.exe
72.247.225.58:443
c1-onenote-15.cdn.office.net
Akamai Technologies, Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
syconintl-my.sharepoint.com
  • 13.107.136.9
suspicious
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
static.sharepointonline.com
  • 184.50.167.104
whitelisted
onenote.officeapps.live.com
  • 13.107.6.171
whitelisted
c1-onenote-15.cdn.office.net
  • 72.247.225.58
whitelisted
certs.opera.com
  • 185.26.182.93
  • 185.26.182.94
whitelisted
sitecheck2.opera.com
  • 107.167.110.216
  • 107.167.110.211
whitelisted
crl4.digicert.com
  • 72.21.91.29
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://syconintl-my.sharepoint.com/:o:/p/estephens/Evga6koYqBxPjw44uJkqV5wBlXsVI9svILKySQBy3YlQAA?e=tFIP02