analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.bing.com/search?q=TEST&qs=n&form=QBRE&sp=-1&ghc=1&lq=0&pq=test&sc=10-4&sk=&cvid=ED507D1A9D8E40F09A9008A1AF2691FC&ghsh=0&ghacc=0&ghpl=

Full analysis: https://app.any.run/tasks/9d452634-5a95-42cd-9369-dd6f826d9de9
Verdict: Malicious activity
Analysis date: April 17, 2023, 07:27:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

17154D053AF189E11D56CBFB2101E1C1

SHA1:

A67314B1734D5B55C27664844770A91649F13C40

SHA256:

5EB6353E2DA49B085A319720A64A5216E6861CC5B5703052D77F5BD43849A8C7

SSDEEP:

3:N8DSLsBAEXGpcSLfK1/SPa3A058uQdgFjaws:2OLsBBGWSKqi3J8tdBn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Create files in a temporary directory

      • iexplore.exe (PID: 1372)
      • iexplore.exe (PID: 2468)

    • Application launched itself

      • iexplore.exe (PID: 2468)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2468"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.bing.com/search?q=TEST&qs=n&form=QBRE&sp=-1&ghc=1&lq=0&pq=test&sc=10-4&sk=&cvid=ED507D1A9D8E40F09A9008A1AF2691FC&ghsh=0&ghacc=0&ghpl="C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\windows\system32\kernel32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
1372"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2468 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3068"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2468 CREDAT:3872012 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
87 334
Read events
86 784
Write events
540
Delete events
10

Modification events

(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2468) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
302
Text files
1 331
Unknown types
105

Dropped files

PID
Process
Filename
Type
2468iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
1372iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\G74P58G2.txttext
MD5:12108C52DB1609A83628ADC90BC69BE9
SHA256:0BA5EC40789FAF6EF3FFE0D00E4EFB2D666424A0BC5D4A5107608FD49C7B069D
1372iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\N791BUM3.txttext
MD5:4F701527CF0940CB02A6240738DC311C
SHA256:BA531818AC5CE6079E6DAF7C30607D347E0DD937DFE488F5A53E2C132C65A2F3
1372iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LOYGHP7K.txttext
MD5:4BE77A6A7EEA3270ED46E3EDE283733F
SHA256:F8151DEA538A4479CED12163349F6F6ED9138CB447CA42AEA758C396A2743756
1372iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\U5GV4K2P.txttext
MD5:746BAB692A9DEC5FB7A4B24E84C26F74
SHA256:838A3F4EA88261E3B647515F77C0236BC76DE8582DE25FC0A353E59143D39C10
1372iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\9ZMS2DPE.txttext
MD5:8BB6B2607C2C62123E1D5849E92F0E5A
SHA256:7F3D1C5B4E15B0B21AC315A688CD870E764609EDA5CD9B5C0F8B30C06E3E6C96
1372iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:DB3701DC8C923B368A32B27223D47DFF
SHA256:3DE0973396494CFF9F0D51841D465E9BBAF7EDC37E0DA741814D0355D29C8EFD
2468iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8Fbinary
MD5:FB5572497B4AF07B1EBD6EAA82F1FB8F
SHA256:FA397D0CDD2DFDE80AB9AEFFF0B45C02675C877141651B3F91E806FE2D1AFD6C
2468iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:BB318A2BEB85343E1E3B62113A35DD23
SHA256:46E039CA07D22D6643137A002FD23CBE1A416F9C5BA2E91A2F6F5AB9B11E59E4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
81
TCP/UDP connections
256
DNS requests
94
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?70597944179657b7
US
compressed
61.1 Kb
whitelisted
2468
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?49d6105bf6215981
US
compressed
4.70 Kb
whitelisted
3068
iexplore.exe
GET
200
52.222.226.205:80
http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEA7POWUiXTT1gBnjvd86LYQ%3D
US
der
471 b
whitelisted
3068
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEA8cICc7HjNCLWczgReJ3Vo%3D
US
der
471 b
whitelisted
3068
iexplore.exe
GET
200
52.222.226.205:80
http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEA6tELOm1jlqT90Z1c5ecKE%3D
US
der
471 b
whitelisted
2468
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
US
der
471 b
whitelisted
3068
iexplore.exe
GET
200
108.138.2.173:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
1372
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?673927cafc4a60f3
US
compressed
61.1 Kb
whitelisted
1372
iexplore.exe
GET
200
23.37.62.128:80
http://x1.c.lencr.org/
DE
der
717 b
whitelisted
3068
iexplore.exe
GET
200
52.222.250.42:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D
US
der
1.39 Kb
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2468
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1372
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2468
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1372
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1372
iexplore.exe
40.126.31.71:443
login.microsoftonline.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1372
iexplore.exe
2.16.187.19:443
Akamai International B.V.
DE
whitelisted
2468
iexplore.exe
2.23.209.130:443
www.bing.com
Akamai International B.V.
GB
malicious
1372
iexplore.exe
2.23.209.179:443
www.bing.com
Akamai International B.V.
GB
suspicious
2.23.209.140:443
www.bing.com
Akamai International B.V.
GB
suspicious
2468
iexplore.exe
152.199.19.161:443
r20swj13mr.microsoft.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 93.184.221.240
  • 209.197.3.8
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 2.23.209.130
  • 2.23.209.140
  • 2.23.209.187
  • 2.23.209.179
  • 2.23.209.133
  • 2.23.209.182
  • 2.23.209.189
  • 2.23.209.165
  • 2.23.209.149
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl3.digicert.com
  • 192.229.221.95
whitelisted
r.bing.com
  • 2.23.209.179
  • 2.23.209.150
  • 2.23.209.189
  • 2.23.209.193
  • 2.23.209.176
  • 2.23.209.148
  • 2.23.209.165
  • 2.23.209.149
  • 2.23.209.158
whitelisted
th.bing.com
  • 2.23.209.150
  • 2.23.209.179
  • 2.23.209.182
  • 2.23.209.189
  • 2.23.209.149
  • 2.23.209.193
  • 2.23.209.148
  • 2.23.209.185
  • 2.23.209.158
whitelisted
login.microsoftonline.com
  • 40.126.31.71
  • 20.190.159.23
  • 40.126.31.73
  • 40.126.31.67
  • 20.190.159.64
  • 20.190.159.0
  • 20.190.159.71
  • 20.190.159.73
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

PID
Process
Class
Message
3068
iexplore.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
3068
iexplore.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.bing.com/search?q=TEST&qs=n&form=QBRE&sp=-1&ghc=1&lq=0&pq=test&sc=10-4&sk=&cvid=ED507D1A9D8E40F09A9008A1AF2691FC&ghsh=0&ghacc=0&ghpl=