URL:

https://stellarcyber.ai/es/what-are-dgas/

Full analysis: https://app.any.run/tasks/1b34b7a6-a476-4cd4-90fa-111645e43788
Verdict: Malicious activity
Analysis date: May 24, 2024, 05:10:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

3527867820231923EA39E0000FB9796B

SHA1:

A3161645EC78A79C35B9257ED9A0EFDC33678283

SHA256:

5C11FFAF35598032583EA56EA830E18F5B18AD47DCAB811DA9A7E8D7C9053DD2

SSDEEP:

3:N8cZbSUAWYROe:2cZbJAWYROe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • wmpnscfg.exe (PID: 2028)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2028)

    • Application launched itself

      • iexplore.exe (PID: 3976)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2028"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3976"C:\Program Files\Internet Explorer\iexplore.exe" "https://stellarcyber.ai/es/what-are-dgas/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4036"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3976 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
24 412
Read events
24 288
Write events
90
Delete events
34

Modification events

(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31108504
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31108504
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3976) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
68
Text files
60
Unknown types
15

Dropped files

PID
Process
Filename
Type
4036iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\main.min[1].csstext
MD5:A0B3A11FD4EBCAD236CFF2BC51E9B434
SHA256:4C0561C2C4810CBB09911BC45252C68724F181AA5BD16455493E31D2BFEBA8B3
4036iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:AD46452A1BB6A4BED6380B2F532BE102
SHA256:25E2A96CE5639073379C3C97947E69463FEF142C2D57C3C496BA04AC43CC79FA
4036iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2Dbinary
MD5:B9DE621A5C4B35325FDF7B46F51873C8
SHA256:1BF8155494CA0EB85F916EEA1AA84FE095EB966B42FB6860F823291DD2DABD23
4036iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2Dder
MD5:AD6B926AB7C3D916E9533B9D2BD8C055
SHA256:0DBF51335937F7C3FEA9DDBDB2309BB6C040E49192EEF94F439FEB8F63DD4611
4036iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771der
MD5:09D77258EB6612D6D71117A9C60B1F84
SHA256:32D712F94B4D109C7AAC9485E97655989AADC53157C7970881F002A9E3C87A6B
3976iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Ader
MD5:7923F80F1AEE299A019B35512722BD5B
SHA256:89F1F122237B33F4495C2090AC7C904C206EC0AAA140CB2D18A332FBC8F87231
4036iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771binary
MD5:E97118CA9E9C2A29E75F3175D673A0AA
SHA256:446CBAC1FEC9BDEF333A320DAB059388B271FD7DF5471188FEC35FE026B274A4
3976iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:B31C921CFC80DE59116DF27092A18483
SHA256:4F20F54C15A5FEF63D7C0665F3271664981B31D3D262758D422E29816637CD37
4036iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\what-are-dgas[1].htmhtml
MD5:ED973CB8C1A3A38CAFC5A3A05C0E7812
SHA256:B3D070AFA05D14761E75E0D6EEED3427FB9F8D70A6F1B23B50FE4EBDCBEE54DF
4036iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\post-39386[1].csstext
MD5:E1A89035F959D80677D544B604FC3FF4
SHA256:CCC5AC89EADF5BBE930DA21CE21406236A16F766F9537031F1315E298411F606
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
81
DNS requests
38
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4036
iexplore.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9b5f474efa3999f3
US
unknown
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?260f79dbb405aab9
US
unknown
4036
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D
US
binary
1.98 Kb
unknown
4036
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D
US
binary
2.01 Kb
unknown
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c21588876f974d24
US
unknown
3976
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
US
binary
314 b
unknown
4036
iexplore.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?845bddd3b2cc8d89
US
compressed
68.3 Kb
unknown
4036
iexplore.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?7bca764cc75b63ef
US
compressed
68.3 Kb
unknown
4036
iexplore.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8687ee5069c7e7e2
US
compressed
68.3 Kb
unknown
4036
iexplore.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?7fbf56c4a1f3ac48
US
compressed
68.3 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4036
iexplore.exe
35.215.109.67:443
stellarcyber.ai
GOOGLE
US
unknown
4036
iexplore.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
4036
iexplore.exe
192.124.249.23:80
ocsp.godaddy.com
SUCURI-SEC
US
unknown
3976
iexplore.exe
184.86.251.13:443
www.bing.com
Akamai International B.V.
DE
unknown
3976
iexplore.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
3976
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4036
iexplore.exe
142.250.186.110:443
translate.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
stellarcyber.ai
  • 35.215.109.67
unknown
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
ocsp.godaddy.com
  • 192.124.249.23
  • 192.124.249.36
  • 192.124.249.41
  • 192.124.249.22
  • 192.124.249.24
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 184.86.251.27
  • 184.86.251.13
  • 184.86.251.24
  • 184.86.251.7
  • 184.86.251.17
  • 184.86.251.22
  • 184.86.251.19
  • 184.86.251.21
  • 184.86.251.9
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
translate.google.com
  • 142.250.186.110
whitelisted
js.hs-scripts.com
  • 104.16.140.209
  • 104.16.139.209
  • 104.16.137.209
  • 104.16.141.209
  • 104.16.138.209
whitelisted
tdns3.gtranslate.net
  • 104.26.13.42
  • 104.26.12.42
  • 172.67.68.204
unknown
ocsp.pki.goog
  • 142.250.186.35
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://stellarcyber.ai/es/what-are-dgas/