URL:

http://www.nyfzx.com/showWiki.aspx?id=142

Full analysis: https://app.any.run/tasks/4f151a25-1f7b-4884-8bf4-c96cf86c0416
Verdict: Malicious activity
Analysis date: July 08, 2024, 05:22:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

1F216EEB700A49AA706F0B2A28DDE2E3

SHA1:

45807FD5EDAC270859E0B20022CC10C4AE551D72

SHA256:

5F7504B8DF7F12BB7ABD8108D34DB9BC2DB34F67665EE05E85F01D79E6D9BAB7

SSDEEP:

3:N1KJS4oDdZIKWNJfOMLESdOq:Cc4oDdtWNMKES

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3268)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3268"C:\Program Files\Internet Explorer\iexplore.exe" "http://www.nyfzx.com/showWiki.aspx?id=142"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3532"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3268 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
16 823
Read events
16 713
Write events
89
Delete events
21

Modification events

(PID) Process:(3268) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3268) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3268) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31117558
(PID) Process:(3268) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3268) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31117558
(PID) Process:(3268) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3268) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3268) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3268) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3268) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
14
Text files
22
Unknown types
1

Dropped files

PID
Process
Filename
Type
3532iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\zh_CN[1].jstext
MD5:895B6713AF054CFD611636CC3EE5445B
SHA256:182D4C854FC9AA605A86938C530E5F504C83419265D4F3DBD0372A4FD4FD50CC
3532iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\top-3[1].pngimage
MD5:35826A8564347E6D96B7AE4639B8B3EA
SHA256:08004DBDB8122CB746635228B3B2F3C0DF18581057B1135050BCAA7E172B26A7
3532iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\top-2[1].pngimage
MD5:6496A9DF9291AC9F6A3CC49DBB66481D
SHA256:B3E716001FDABAE29F53226C5133DC91DFD3451D2E785D410CC3CB0CE58CA22D
3532iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\prettify[1].jstext
MD5:B56ED594DA5B2708E3B71DF6185A12B4
SHA256:CEB552B49C88D7DCCA22C7321F5AB7117AEEA6A4CD6B9798609409154F011F86
3532iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751binary
MD5:822467B728B7A66B081C91795373789A
SHA256:AF2343382B88335EEA72251AD84949E244FF54B6995063E24459A7216E9576B9
3532iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\menu[1].jstext
MD5:95CE7D695D6146F2BDCB93D040061415
SHA256:1E3242D401ADD7C9EE5AF27702D3D99E274EB1737A22610D22802B4425FF7A59
3532iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\style[1].csstext
MD5:A69C92391B757A025E9C66343A55858A
SHA256:87B4208EF55D78CDF4AE30322538145136BEC2B9EA01B85E17533130905F0209
3532iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F6E1C49308DE5535559961F4A4A887binary
MD5:83FAB57CEC6C1610D38115C48B078CD8
SHA256:8CD9B45C9F86B017CCCB505EA2C178350EC28D153DBF1C558E66CAC5D28D57CC
3532iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:C0A9CDFF49A32E723AB990DD825750C1
SHA256:E6BED5999FB9B579096A58A525E675EE725D2A9D5EF785F8A1FDEBB82D42BCA1
3532iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:4C3183B267C91B059F3BF92996AA065A
SHA256:E62687DC570EF64E2F1C79A2F7CF12F4B39246412C8FE8503F4C28CE692ADD9D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
36
DNS requests
17
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3532
iexplore.exe
GET
200
121.42.47.145:80
http://www.nyfzx.com/showWiki.aspx?id=142
unknown
unknown
3532
iexplore.exe
GET
200
121.42.47.145:80
http://www.nyfzx.com/kingEdit/kindeditor.js
unknown
unknown
3532
iexplore.exe
GET
200
121.42.47.145:80
http://www.nyfzx.com/css/style.css
unknown
unknown
3532
iexplore.exe
GET
200
121.42.47.145:80
http://www.nyfzx.com/js/menu.js
unknown
unknown
3532
iexplore.exe
GET
200
121.42.47.145:80
http://www.nyfzx.com/kingEdit/themes/default/default.css
unknown
unknown
3532
iexplore.exe
GET
200
121.42.47.145:80
http://www.nyfzx.com/uploadImg/Logo20231254546.png
unknown
unknown
GET
200
121.42.47.145:80
http://www.nyfzx.com/Images/top-3.png
unknown
unknown
3532
iexplore.exe
GET
200
121.42.47.145:80
http://www.nyfzx.com/kingEdit/plugins/code/prettify.css
unknown
unknown
GET
200
121.42.47.145:80
http://www.nyfzx.com/Images/top-2.png
unknown
unknown
3532
iexplore.exe
GET
304
23.32.238.218:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?84cab744c2b35698
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
3532
iexplore.exe
121.42.47.145:80
Hangzhou Alibaba Advertising Co.,Ltd.
CN
unknown
3532
iexplore.exe
179.60.150.123:443
beonlineboo.com
GHOSTnet GmbH
VE
unknown
3532
iexplore.exe
23.32.238.218:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3532
iexplore.exe
69.192.161.44:80
x1.c.lencr.org
AKAMAI-AS
DE
unknown
3532
iexplore.exe
184.24.77.54:80
r10.o.lencr.org
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
beonlineboo.com
  • 179.60.150.123
malicious
ctldl.windowsupdate.com
  • 23.32.238.218
  • 23.32.238.234
  • 23.32.238.235
  • 23.32.238.186
  • 23.32.238.242
  • 23.32.238.243
  • 23.32.238.227
  • 23.32.238.179
  • 23.32.238.224
whitelisted
x1.c.lencr.org
  • 69.192.161.44
whitelisted
r10.o.lencr.org
  • 184.24.77.54
  • 184.24.77.48
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 104.126.37.130
  • 104.126.37.170
  • 104.126.37.161
  • 104.126.37.186
  • 104.126.37.139
  • 104.126.37.171
  • 104.126.37.178
  • 104.126.37.145
  • 104.126.37.136
whitelisted
s4.cnzz.com
  • 106.225.241.86
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ocsp.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
ocsp2.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted

Threats

PID
Process
Class
Message
1060
svchost.exe
A Network Trojan was detected
ET MALWARE BMANAGER CnC Domain in DNS Lookup (beonlineboo .com)
3532
iexplore.exe
A Network Trojan was detected
ET MALWARE Observed BMANAGER Domain (beonlineboo .com in TLS SNI)
3532
iexplore.exe
A Network Trojan was detected
ET MALWARE Observed BMANAGER Domain (beonlineboo .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.nyfzx.com/showWiki.aspx?id=142