download:

index.html

Full analysis: https://app.any.run/tasks/11a4c4c4-e6cb-46f2-b308-0d455cc7bdc5
Verdict: Malicious activity
Analysis date: July 18, 2019, 11:06:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5:

6B16D4DCB2E252B8C71196E600570652

SHA1:

92C4A0867D1821AAE88A8D36B89EAC83EF609BF4

SHA256:

5B838277774888B273DC5368948C16E0F110E71344591FDF7E1DD044532E8656

SSDEEP:

1536:i/TsnGTlSrEK9q2Qu+LV/8T8S3Idskn7a6l1KPpMrh440r+GQzqV0XQr0Grp2H+h:i/TGGTlSrEK97Qu+Ld8T8S3Idskn7LXm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 2356)

  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 3456)
      • iexplore.exe (PID: 1968)

    • Changes internet zones settings

      • iexplore.exe (PID: 3728)

    • Application launched itself

      • iexplore.exe (PID: 3728)
      • firefox.exe (PID: 2356)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3456)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1968)
      • iexplore.exe (PID: 3456)

    • Manual execution by user

      • firefox.exe (PID: 2356)

    • Creates files in the user directory

      • iexplore.exe (PID: 3456)
      • firefox.exe (PID: 2356)

    • Reads CPU info

      • firefox.exe (PID: 2356)

    • Dropped object may contain Bitcoin addresses

      • firefox.exe (PID: 2356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

viewport: width=device-width, initial-scale=1.0
HTTPEquivXUACompatible: IE=edge
Title: Damien Echols - High Magick
Description: Magick is not a path for followers; it is a path for questioners, seekers, and anyone who has trouble settling for dogma and pre-formulated answers
twitterCard: summary_large_image
twitterDescription: Magick is not a path for followers; it is a path for questioners, seekers, and anyone who has trouble settling for dogma and pre-formulated answers
twitterTitle: Damien Echols - High Magick
twitterImage: https://damienechols.com/wp-content/uploads/2018/05/damien-echols-placeholder.jpg
tecApiVersion: v1
tecApiOrigin: https://damienechols.com
msapplicationTileColor: #da532c
msapplicationConfig: /wp-content/uploads/fbrfg/browserconfig.xml
themeColor: #ffffff
referrer: always
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
8
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
456"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2356.0.1926465582\109920032" -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2356 "\\.\pipe\gecko-crash-server-pipe.2356" 1168 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
67.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
1968"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3728 CREDAT:203009C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2356"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
67.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2864"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2356.3.1653603627\615946529" -childID 1 -isForBrowser -prefsHandle 1356 -prefMapHandle 1728 -prefsLen 1 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2356 "\\.\pipe\gecko-crash-server-pipe.2356" 1656 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
67.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3188"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2356.13.1099047277\2053439162" -childID 2 -isForBrowser -prefsHandle 2732 -prefMapHandle 2736 -prefsLen 5842 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2356 "\\.\pipe\gecko-crash-server-pipe.2356" 2748 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
67.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3428"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2356.20.1190690681\1256600820" -childID 3 -isForBrowser -prefsHandle 3508 -prefMapHandle 3512 -prefsLen 6804 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2356 "\\.\pipe\gecko-crash-server-pipe.2356" 3500 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
67.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3456"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3728 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3728"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
1 180
Read events
1 087
Write events
91
Delete events
2

Modification events

(PID) Process:(3728) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3728) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3728) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3728) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3728) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3728) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000078000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3728) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{13357091-A94C-11E9-95C0-5254004A04AF}
Value:
0
(PID) Process:(3456) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Type
Value:
3
(PID) Process:(3456) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(3456) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Time
Value:
E3070700040012000B00060017001D00
Executable files
2
Suspicious files
309
Text files
154
Unknown types
99

Dropped files

PID
Process
Filename
Type
3728iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
MD5:
SHA256:
3728iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\css[1].txttext
MD5:
SHA256:
3456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\uaf[1].csstext
MD5:
SHA256:
3456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\7-layout[1].csstext
MD5:
SHA256:
3456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\9abb9f77d505204d9e934684affd5ecd-layout-bundle[1].csstext
MD5:
SHA256:
3456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\skin-5c5b96cccb024[1].csstext
MD5:
SHA256:
3456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\style[1].csstext
MD5:
SHA256:
3456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\theme.min[1].csstext
MD5:5CA26D4EA597B0F25B8477A5E344C89B
SHA256:847F1E29E2676E8DFCBFEDE5D4FFCE35178E79A60F66186CC95E85C25B14CB11
3728iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].pngimage
MD5:9FB559A691078558E77D6848202F6541
SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
119
DNS requests
142
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2356
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
151.139.128.14:80
http://ocsp.sectigo.com/
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
151.139.128.14:80
http://ocsp.sectigo.com/
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
151.139.128.14:80
http://ocsp.sectigo.com/
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
172.217.16.163:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
151.139.128.14:80
http://ocsp.sectigo.com/
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
172.217.16.163:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
172.217.16.163:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3728
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3456
iexplore.exe
94.31.29.64:443
2ifgo33nopzb2fu96o25u0md-wpengine.netdna-ssl.com
netDNA
GB
malicious
3456
iexplore.exe
209.197.3.15:443
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
3456
iexplore.exe
172.217.22.42:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3456
iexplore.exe
216.58.205.238:443
www.youtube.com
Google Inc.
US
whitelisted
3456
iexplore.exe
172.217.23.168:443
www.googletagmanager.com
Google Inc.
US
whitelisted
3456
iexplore.exe
216.58.207.67:443
fonts.gstatic.com
Google Inc.
US
whitelisted
3456
iexplore.exe
35.227.145.187:443
damienechols.com
US
unknown
3456
iexplore.exe
172.217.21.238:443
www.youtube.com
Google Inc.
US
whitelisted
3456
iexplore.exe
2.19.45.100:443
chimpstatic.com
Akamai International B.V.
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
fonts.googleapis.com
  • 172.217.22.42
whitelisted
www.googletagmanager.com
  • 172.217.23.168
whitelisted
maxcdn.bootstrapcdn.com
  • 209.197.3.15
whitelisted
2ifgo33nopzb2fu96o25u0md-wpengine.netdna-ssl.com
  • 94.31.29.64
malicious
fonts.gstatic.com
  • 216.58.207.67
whitelisted
damienechols.com
  • 35.227.145.187
unknown
www.youtube.com
  • 216.58.205.238
  • 172.217.21.238
  • 172.217.22.14
  • 172.217.18.14
  • 172.217.18.174
  • 216.58.206.14
  • 216.58.207.46
  • 216.58.207.78
  • 216.58.208.46
  • 172.217.16.142
  • 172.217.22.46
  • 172.217.22.78
  • 216.58.210.14
  • 172.217.18.110
  • 172.217.23.174
whitelisted
s.ytimg.com
  • 172.217.21.238
whitelisted
chimpstatic.com
  • 2.19.45.100
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html