download:

index.html

Full analysis: https://app.any.run/tasks/1df1e336-aa94-4269-a787-fbe3c14a8d04
Verdict: Malicious activity
Analysis date: August 13, 2019, 17:25:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5:

F4CCB55693F469B23F68D03DB6E1143D

SHA1:

D04B9ACDC8E23A7393BEDBEDD0B9C79233148CA6

SHA256:

5C01EC571D431CB4B94D98616AC6C2F43D7CC27B701F83986722B217B146D1F0

SSDEEP:

3072:fj8JU3s4x+K0SFwg7YtgzMTIMl82mIzPUpmvAa8qNXIIgereXYapvzyXfD0H:fIyv+2zMTDvZXMYapvzyXfD0H

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2160)
      • firefox.exe (PID: 3816)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2820)

    • Changes internet zones settings

      • iexplore.exe (PID: 2160)

    • Manual execution by user

      • firefox.exe (PID: 1212)

    • Reads CPU info

      • firefox.exe (PID: 3816)

    • Creates files in the user directory

      • firefox.exe (PID: 3816)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)

EXIF

HTML

Robots: index, follow
msapplicationTileColor: #224f7b
msapplicationTileImage: //static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png
msapplicationConfig: none
Title: Hotmail, Outlook en Skype inloggen - Laatste nieuws - MSN Nederland
Description: Het laatste nieuws en weer, horoscoop en entertainment, sport, financieel, lifestyle, gezondheid, auto en reizen. Toegang tot Hotmail en Outlook - MSN Nederland.
viewport: width=device-width,initial-scale=1.0,maximum-scale=2.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
8
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
1212"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
68.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
1216"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3816.13.1143920715\1848587316" -childID 2 -isForBrowser -prefsHandle 2660 -prefMapHandle 2664 -prefsLen 5996 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3816 "\\.\pipe\gecko-crash-server-pipe.3816" 2676 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
68.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2160"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2820"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2160 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2952"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3816.0.1189329939\166050954" -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3816 "\\.\pipe\gecko-crash-server-pipe.3816" 1144 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
68.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2960"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3816.20.325272189\127779475" -childID 3 -isForBrowser -prefsHandle 3780 -prefMapHandle 3784 -prefsLen 7129 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3816 "\\.\pipe\gecko-crash-server-pipe.3816" 3796 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
68.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3816"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
68.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
4092"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3816.3.329321259\440307727" -childID 1 -isForBrowser -prefsHandle 1696 -prefMapHandle 1692 -prefsLen 1 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3816 "\\.\pipe\gecko-crash-server-pipe.3816" 1716 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
68.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
Total events
572
Read events
525
Write events
46
Delete events
1

Modification events

(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{5891813B-BDEF-11E9-9885-5254004A04AF}
Value:
0
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307080002000D00110019001E003B02
Executable files
0
Suspicious files
73
Text files
38
Unknown types
71

Dropped files

PID
Process
Filename
Type
2160iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2160iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2160iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFC5BE5BBD58F23A64.TMP
MD5:
SHA256:
2160iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF7ECD73FE94191706.TMP
MD5:
SHA256:
2160iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFFD4324F3827D6EFA.TMP
MD5:
SHA256:
2160iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFD690AB69CCAF7257.TMP
MD5:
SHA256:
2160iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5891813B-BDEF-11E9-9885-5254004A04AF}.dat
MD5:
SHA256:
3816firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
3816firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
MD5:
SHA256:
3816firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
50
DNS requests
96
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3816
firefox.exe
GET
301
192.155.80.218:80
http://m.jsadigital.in/wiz/index.php/campaigns/fz878nfhh510b/track-url/oh776lyj8374c/7cc0629f49e45ec19c60761e84674f71ce5bb923
US
unknown
3816
firefox.exe
POST
200
172.217.18.3:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3816
firefox.exe
POST
200
151.139.128.14:80
http://ocsp.comodoca4.com/
US
der
279 b
whitelisted
3816
firefox.exe
GET
200
50.62.160.230:80
http://www.powersaverindia.com/images/bullet-1.png
US
image
1.10 Kb
malicious
3816
firefox.exe
POST
200
172.217.18.3:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3816
firefox.exe
POST
200
172.217.18.3:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3816
firefox.exe
POST
200
172.217.18.3:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3816
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3816
firefox.exe
GET
200
95.100.39.8:80
http://detectportal.firefox.com/success.txt
DE
text
8 b
whitelisted
2160
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
2.16.186.9:445
static-global-s-msn-com.akamaized.net
Akamai International B.V.
whitelisted
2160
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
4
System
2.16.186.35:445
static-global-s-msn-com.akamaized.net
Akamai International B.V.
whitelisted
4
System
2.16.186.9:139
static-global-s-msn-com.akamaized.net
Akamai International B.V.
whitelisted
3816
firefox.exe
95.100.39.8:80
detectportal.firefox.com
Akamai International B.V.
DE
whitelisted
3816
firefox.exe
54.148.18.114:443
push.services.mozilla.com
Amazon.com, Inc.
US
unknown
3816
firefox.exe
52.88.112.58:443
search.services.mozilla.com
Amazon.com, Inc.
US
unknown
3816
firefox.exe
54.244.7.18:443
tiles.services.mozilla.com
Amazon.com, Inc.
US
unknown
3816
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3816
firefox.exe
216.58.206.10:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
static-global-s-msn-com.akamaized.net
  • 2.16.186.9
  • 2.16.186.35
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
detectportal.firefox.com
  • 95.100.39.8
  • 95.100.39.17
whitelisted
a1089.dscd.akamai.net
  • 95.100.39.17
  • 95.100.39.8
whitelisted
search.services.mozilla.com
  • 52.88.112.58
  • 52.43.169.220
  • 34.211.94.5
whitelisted
search.r53-2.services.mozilla.com
  • 34.211.94.5
  • 52.43.169.220
  • 52.88.112.58
whitelisted
push.services.mozilla.com
  • 54.148.18.114
whitelisted
autopush.prod.mozaws.net
  • 54.148.18.114
whitelisted
snippets.cdn.mozilla.net
  • 143.204.99.61
whitelisted
tiles.services.mozilla.com
  • 54.244.7.18
  • 52.25.19.237
  • 52.27.126.151
  • 54.149.216.91
  • 52.43.150.4
  • 52.27.197.182
  • 34.208.112.219
  • 52.26.43.164
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html