analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://amznamzn.com

Full analysis: https://app.any.run/tasks/ca81e615-a608-4767-a17c-c8b4903e58a6
Verdict: Malicious activity
Analysis date: June 19, 2019, 14:57:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MD5:

0D00BC5250440853D228D028685A6BB1

SHA1:

B3171E68CF80BC375A7E5A6E1548C4C64F25F3FD

SHA256:

56CA1B95AEDD2F331A677BD4DEE42C10387127A2028556399F95FD3EE469FDF7

SSDEEP:

3:N1KfoEI3K:ChI3K

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Creates files in the user directory

      • iexplore.exe (PID: 1244)
    • Reads internet explorer settings

      • iexplore.exe (PID: 1244)
    • Changes internet zones settings

      • iexplore.exe (PID: 3300)
    • Application launched itself

      • iexplore.exe (PID: 3300)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3300)
      • iexplore.exe (PID: 1244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3300"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1244"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3300 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
394
Read events
333
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
30
Unknown types
9

Dropped files

PID
Process
Filename
Type
3300iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
3300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OS036TR2\ww1_amznamzn_com[1].txt
MD5:
SHA256:
1244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OS036TR2\style[1].css
MD5:
SHA256:
1244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HOZ3FH7C\iyfsearch_com[1].txt
MD5:
SHA256:
1244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\38PVBA3I\style[1].csstext
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5
SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B
1244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:0F4328B5F91EE694C6909FAF25A87445
SHA256:59C363C2EEA145C74BB7D619F2DD0710591B30770FFD3C6F5B42A4CA88D78E45
1244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\70PMALGG\min[1].jstext
MD5:5563332AD6AF63C9C94CEF15761BE544
SHA256:4EFEC11A42893D4DF0249174CBE5AFAE24A5734F5DED35C5E84C56BF9F473EC2
1244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OS036TR2\skenzo[1].csstext
MD5:258924C7D7C159A3861E9838F0B40012
SHA256:DB30F3956434FA476F2F5A605696E792A57398E8DED3AF2FEB7913C731AD7AB8
1244iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HOZ3FH7C\iyfsearch_com[1].htmhtml
MD5:8CA131090FF3E3684530D58A831C6122
SHA256:BE642ED28ABB10861FCF2D202F9F2E912C11FDDD34789D4225DD6E42075CD09A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
18
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1244
iexplore.exe
GET
200
208.91.196.46:80
http://iyfsearch.com/?dn=amznamzn.com&pid=9PO755G95
VG
html
6.62 Kb
suspicious
1244
iexplore.exe
GET
200
2.16.186.106:80
http://i4.cdn-image.com/__media__/js/min.js?v2.2
unknown
text
2.97 Kb
whitelisted
1244
iexplore.exe
GET
200
52.85.182.166:80
http://d1lxhc4jvstzrp.cloudfront.net/themes/assets/skenzo.css
US
text
208 b
shared
1244
iexplore.exe
GET
200
185.53.179.29:80
http://ww1.amznamzn.com/?subid1=a9f5d452-92a2-11e9-bf96-772747e0358e
DE
html
473 b
malicious
3300
iexplore.exe
GET
200
185.53.179.29:80
http://ww1.amznamzn.com/favicon.ico
DE
malicious
3300
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
1244
iexplore.exe
GET
200
208.91.196.46:80
http://iyfsearch.com/px.js?ch=2
VG
text
346 b
suspicious
1244
iexplore.exe
GET
200
2.16.186.106:80
http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot?
unknown
eot
110 Kb
whitelisted
1244
iexplore.exe
GET
200
208.91.196.46:80
http://iyfsearch.com/sk-logabpstatus.php?a=MnJXZkZHYmJKeTJoK1p6OVBSMWdXQXd3L3JQNHRaMnplSFZPUHJOOEtzajFzME1CWTlVM3hsYmRmSkQzUitsYXAzOEI0eHhFNzcwcE01Wm0xTW9TbU5VOUt6S2FhSjFhVXJrbElWQ1RtSWM9&b=false
VG
text
346 b
suspicious
1244
iexplore.exe
GET
200
2.16.186.106:80
http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot?
unknown
eot
33.8 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2.16.186.64:80
i4.cdn-image.com
Akamai International B.V.
whitelisted
1244
iexplore.exe
2.16.186.106:80
i4.cdn-image.com
Akamai International B.V.
whitelisted
1244
iexplore.exe
208.91.196.46:80
iyfsearch.com
Confluence Networks Inc
VG
malicious
3300
iexplore.exe
185.53.179.29:80
ww1.amznamzn.com
Team Internet AG
DE
malicious
1244
iexplore.exe
185.53.179.29:80
ww1.amznamzn.com
Team Internet AG
DE
malicious
1244
iexplore.exe
2.16.186.64:80
i4.cdn-image.com
Akamai International B.V.
whitelisted
1244
iexplore.exe
5.79.79.209:80
amznamzn.com
LeaseWeb Netherlands B.V.
NL
malicious
3300
iexplore.exe
208.91.196.46:80
iyfsearch.com
Confluence Networks Inc
VG
malicious
1244
iexplore.exe
52.85.182.166:80
d1lxhc4jvstzrp.cloudfront.net
Amazon.com, Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
amznamzn.com
  • 5.79.79.209
malicious
ww1.amznamzn.com
  • 185.53.179.29
malicious
d1lxhc4jvstzrp.cloudfront.net
  • 52.85.182.166
  • 52.85.182.158
  • 52.85.182.137
  • 52.85.182.39
shared
iyfsearch.com
  • 208.91.196.46
suspicious
i4.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
i1.cdn-image.com
  • 2.16.186.64
  • 2.16.186.106
whitelisted
i2.cdn-image.com
  • 2.16.186.64
  • 2.16.186.106
whitelisted
i3.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted

Threats

PID
Process
Class
Message
1244
iexplore.exe
Misc activity
ADWARE [PTsecurity] InstantAccess
No debug info