analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.youtube.com/embed/2A_B4Uw80AA

Full analysis: https://app.any.run/tasks/b4b9b9d5-7a3a-4b26-b0b1-07625305fcfb
Verdict: Malicious activity
Analysis date: June 27, 2022, 13:12:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

DC2374D0E3158C6BA552B93DA7E682B8

SHA1:

CC2C27F33CFA12FE8082D03DB63B25597A6A6F7B

SHA256:

5CD4A77371D2ED86B9A54E61B7278F453754FFB92F79FD9496CFA1D92159468B

SSDEEP:

3:N8DSLUxGTKASlwat:2OLUxGXS5t

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2800)
      • iexplore.exe (PID: 3040)
      • iexplore.exe (PID: 2840)
      • iexplore.exe (PID: 2740)

    • Executed via COM

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 1060)

    • Reads the computer name

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 1060)

    • Checks supported languages

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 1060)

    • Creates files in the user directory

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 1060)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2368)

  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 2840)
      • iexplore.exe (PID: 2800)
      • iexplore.exe (PID: 3040)
      • iexplore.exe (PID: 2740)
      • chrome.exe (PID: 2368)
      • chrome.exe (PID: 3304)
      • chrome.exe (PID: 2592)
      • chrome.exe (PID: 2580)
      • chrome.exe (PID: 3944)
      • chrome.exe (PID: 2172)
      • chrome.exe (PID: 2852)
      • chrome.exe (PID: 2284)
      • chrome.exe (PID: 3440)
      • chrome.exe (PID: 1564)
      • chrome.exe (PID: 2724)
      • chrome.exe (PID: 4024)
      • chrome.exe (PID: 3532)
      • chrome.exe (PID: 2696)
      • chrome.exe (PID: 3792)
      • chrome.exe (PID: 2456)
      • chrome.exe (PID: 2548)
      • chrome.exe (PID: 4072)
      • chrome.exe (PID: 1544)
      • chrome.exe (PID: 3788)

    • Reads the computer name

      • iexplore.exe (PID: 2800)
      • iexplore.exe (PID: 2840)
      • iexplore.exe (PID: 3040)
      • iexplore.exe (PID: 2740)
      • chrome.exe (PID: 2368)
      • chrome.exe (PID: 3304)
      • chrome.exe (PID: 2172)
      • chrome.exe (PID: 3792)
      • chrome.exe (PID: 2724)
      • chrome.exe (PID: 3788)

    • Changes internet zones settings

      • iexplore.exe (PID: 2840)

    • Application launched itself

      • iexplore.exe (PID: 2840)
      • chrome.exe (PID: 2368)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2840)
      • iexplore.exe (PID: 2800)
      • iexplore.exe (PID: 3040)
      • iexplore.exe (PID: 2740)
      • chrome.exe (PID: 2172)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2800)
      • iexplore.exe (PID: 3040)
      • iexplore.exe (PID: 2740)

    • Creates files in the user directory

      • iexplore.exe (PID: 2800)
      • iexplore.exe (PID: 2840)
      • iexplore.exe (PID: 3040)
      • iexplore.exe (PID: 2740)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2840)
      • iexplore.exe (PID: 2800)
      • iexplore.exe (PID: 3040)
      • iexplore.exe (PID: 2740)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2840)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2840)

    • Reads CPU info

      • iexplore.exe (PID: 2800)

    • Manual execution by user

      • chrome.exe (PID: 2368)

    • Reads the hosts file

      • chrome.exe (PID: 2172)
      • chrome.exe (PID: 2368)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
63
Monitored processes
25
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe flashutil32_32_0_0_453_activex.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2840"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.youtube.com/embed/2A_B4Uw80AA"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2800"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2840 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3040"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2840 CREDAT:2888988 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2740"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2840 CREDAT:4068640 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
1060C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 32.0 r0
Version:
32,0,0,453
2368"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
2580"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6aacd988,0x6aacd998,0x6aacd9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
3304"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1056,5539533456698133347,3067650102148422278,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1040 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
2172"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1056,5539533456698133347,3067650102148422278,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1308 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
2852"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,5539533456698133347,3067650102148422278,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Total events
37 902
Read events
37 210
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
191
Text files
329
Unknown types
50

Dropped files

PID
Process
Filename
Type
2800iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAder
MD5:5A11C6099B9E5808DFB08C5C9570C92F
SHA256:91291A5EDC4E10A225D3C23265D236ECC74473D9893BE5BD07E202D95B3FB172
2800iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9binary
MD5:A66A84E45458102CAFBD4FB9EDB31A7D
SHA256:90F609E48AE09091B0CE2C60FDDBE20682CD36721F3AFDF510C10FC4D3200D83
2800iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:988ACCD0203937F785C40BAA02714359
SHA256:E33765C2011B595EB074AC0832851B44D8FA3D687A294FF1E9029EB6ECF0EA3B
2800iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9der
MD5:3523BFA7B3ACACA361AC9814166709AD
SHA256:CE82F93FDB091E30497236D7F04BB67F7008E8E4133D2A8445B531C16D13AA67
2840iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:BF493FFB3A4E06D53A5FB1D3CF5C92D2
SHA256:EFB9A68A4A57BC945FB2F36F04583657F712EDAA328D2FA35A9E7E1681572F7F
2800iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_C668445AACCF7A560A7B569C97BA4550der
MD5:4EEE9F93924527F0A738F37FB4A160EF
SHA256:0E1FD6DE310EDA4D8A0E5427BF7090050ABFEBE4CEC488D7CC37B8804A236F42
2840iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342
SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E
2840iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xmlxml
MD5:CBD0581678FA40F0EDCBC7C59E0CAD10
SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9
2840iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2840iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:790E40386A5478B54787C28956E029D7
SHA256:2A14CA44FA89C53F53111C7CAAE9155A460FA162BD822CCEAF7B7F74B8390557
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
211
DNS requests
80
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2800
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCLB04PS9az5Ap1Zaaccy%2F9
US
der
472 b
whitelisted
2800
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEBQZWcq%2BeiRfEi2TFEUaqPQ%3D
US
der
471 b
whitelisted
2800
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDCSoBbhNBPphIl6mS4f11q
US
der
472 b
whitelisted
2800
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEESz3%2FmlG2yGCtBzjzp1dVc%3D
US
der
471 b
whitelisted
3040
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDNqcm0ttxULAoGqTwy8PoU
US
der
472 b
whitelisted
2800
iexplore.exe
GET
200
142.250.185.227:80
http://crl.pki.goog/gsr1/gsr1.crl
US
der
1.61 Kb
whitelisted
2800
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEFis5ZQLQXhkEp1TGjnLAGc%3D
US
der
471 b
whitelisted
2800
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEG8ah82mu6j%2FCizjSGtvLoA%3D
US
der
471 b
whitelisted
2800
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
2840
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2840
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2840
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2840
iexplore.exe
13.107.22.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2840
iexplore.exe
67.26.161.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
2800
iexplore.exe
142.250.181.238:443
www.youtube.com
Google Inc.
US
whitelisted
2800
iexplore.exe
142.250.185.238:443
www.youtube.com
Google Inc.
US
whitelisted
142.250.185.238:443
www.youtube.com
Google Inc.
US
whitelisted
2800
iexplore.exe
172.217.18.98:443
googleads.g.doubleclick.net
Google Inc.
US
whitelisted
2800
iexplore.exe
142.250.186.163:80
ocsp.pki.goog
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.youtube.com
  • 142.250.181.238
  • 142.250.185.238
  • 142.250.185.206
  • 142.250.186.174
  • 142.250.185.174
  • 172.217.23.110
  • 142.250.186.142
  • 142.250.186.46
  • 142.250.185.142
  • 216.58.212.142
  • 142.250.185.110
  • 142.250.74.206
  • 142.250.186.110
  • 142.250.185.78
  • 142.250.186.78
  • 172.217.18.110
  • 172.217.16.142
  • 216.58.212.174
  • 172.217.16.206
  • 142.250.184.206
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.22.200
  • 131.253.33.200
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
  • 67.26.161.254
  • 8.250.177.254
  • 8.253.129.204
  • 8.252.192.126
  • 8.252.188.254
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.pki.goog
  • 142.250.186.163
whitelisted
crl.pki.goog
  • 142.250.185.227
whitelisted
googleads.g.doubleclick.net
  • 172.217.18.98
  • 142.251.36.130
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.youtube.com/embed/2A_B4Uw80AA