analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://zfrmz.eu/Tf4ke56QISpJLxIw4Hto

Full analysis: https://app.any.run/tasks/f50433fb-0d38-45bf-8c97-4b3114703267
Verdict: Malicious activity
Analysis date: June 18, 2019, 19:06:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

FDB6069736C915C482FE8B55050231AB

SHA1:

40B7440BC9F2DD0DCB38DDFC6FB8D5412949B923

SHA256:

56AB3517C5BC2AEFD641654D6772FAB5F8135599B90E37B275999B12EF76EF91

SSDEEP:

3:N8tIfLA9oAQh7:2tbdS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 3504)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3504)

    • Creates files in the user directory

      • iexplore.exe (PID: 3504)
      • iexplore.exe (PID: 2960)

    • Changes internet zones settings

      • iexplore.exe (PID: 2960)

    • Application launched itself

      • iexplore.exe (PID: 2960)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2960"C:\Program Files\Internet Explorer\iexplore.exe" https://zfrmz.eu/Tf4ke56QISpJLxIw4HtoC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3504"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2960 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
358
Read events
313
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
24
Unknown types
3

Dropped files

PID
Process
Filename
Type
2960iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2960iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:B5334F3EAAAEFAE26412A9B554B03B0E
SHA256:117AA2D4A441D39B005E808385C81B8992C6BC0175E5749FB1FC39E66122B3D6
3504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78FK0ALB\zohocustom[1].csstext
MD5:3744E4345AA32228496CE26333E04190
SHA256:9596FF37B74C5611EC74FE10D39743654AC6DB037C9F265D2F8A16CBB405F925
3504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWK6IMFF\gtm[1].jstext
MD5:01245E246DA49EED5CD9EBA0A2E24E9F
SHA256:EF9F22C3DA601FD61D918FC5E69210345D7D09A62325FA52608BF37DC1C0FE1F
3504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2S90LTPA\41112[1].csstext
MD5:32CF2029F791E34BE2AD53C0587DFAD6
SHA256:76692A9A3E11BE6DC2683B0A11B388E0400D4757746F17FC70E1F8E139914B9E
3504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:E454BC44702ECC1484A89D56D448BECE
SHA256:CAD5FFA7767B9BE6DCC2058C677424196D8AA2E3A076BCA5FC71861EBE9F36B7
3504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19VJNGQ5\zoho-small-logo_3[1].pngimage
MD5:B29940ED045A9BE6388DC7EF6140018B
SHA256:EA4F2FC0530A90CF099D7693526C6B5BCAFCA173ECE99C1E262F07C75DB27405
3504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWK6IMFF\getipinfo[1].txttext
MD5:AECBCEA837D75B37BCFCA6551F3325DC
SHA256:5B40C4A50CE16636B5F400C5197F17C1C218BAA67B6DB1BEC304DD1076614FA5
3504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19VJNGQ5\zohocustom[1].csstext
MD5:3744E4345AA32228496CE26333E04190
SHA256:9596FF37B74C5611EC74FE10D39743654AC6DB037C9F265D2F8A16CBB405F925
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
101
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2960
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2960
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3504
iexplore.exe
216.58.207.72:443
www.googletagmanager.com
Google Inc.
US
whitelisted
3504
iexplore.exe
87.252.213.235:443
zfrmz.eu
Telecitygroup International Limited
GB
unknown
3504
iexplore.exe
87.252.213.52:443
www.zoho.eu
Telecitygroup International Limited
GB
unknown
3504
iexplore.exe
74.125.206.82:443
html5shiv.googlecode.com
Google Inc.
US
whitelisted
3504
iexplore.exe
87.252.213.14:443
iplocation.zoho.eu
Telecitygroup International Limited
GB
unknown
3504
iexplore.exe
216.52.72.155:443
www.zoho.com
ZOHO
US
unknown
3504
iexplore.exe
52.222.167.125:443
fonts.zohowebstatic.com
Amazon.com, Inc.
US
unknown
3504
iexplore.exe
52.222.167.85:443
webfonts.zohowebstatic.com
Amazon.com, Inc.
US
malicious
3504
iexplore.exe
52.222.167.99:443
widgets.zohosalesiq.com
Amazon.com, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
zfrmz.eu
  • 87.252.213.235
unknown
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
iplocation.zoho.eu
  • 87.252.213.14
unknown
www.zoho.eu
  • 87.252.213.52
  • 185.20.209.52
suspicious
html5shiv.googlecode.com
  • 74.125.206.82
whitelisted
www.googletagmanager.com
  • 216.58.207.72
whitelisted
fonts.zohowebstatic.com
  • 52.222.167.125
  • 52.222.167.42
  • 52.222.167.100
  • 52.222.167.219
whitelisted
webfonts.zohowebstatic.com
  • 52.222.167.85
  • 52.222.167.194
  • 52.222.167.196
  • 52.222.167.116
shared
www.zoho.com
  • 216.52.72.155
  • 8.39.54.155
suspicious
widgets.zohosalesiq.com
  • 52.222.167.99
  • 52.222.167.210
  • 52.222.167.219
  • 52.222.167.29
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://zfrmz.eu/Tf4ke56QISpJLxIw4Hto