analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/d11575e6-59a1-4432-9002-4dda2a1de18a
Verdict: Malicious activity
Analysis date: June 19, 2019, 06:33:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
MD5:

2DE089163FF2F89EA894DA84ECC16EF0

SHA1:

EF6A220F3200B4612AEA16D2CA8F97E52AFEAD32

SHA256:

604B1F50E619C316985A70D660295BE3835C155A81DB8222C5B481F2B302F458

SSDEEP:

384:KPzucrqowWl7QjDgFjoxi8n3/GPJaO2cKj:fajoxiEsaOlKj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 4088)

  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 2144)
      • iexplore.exe (PID: 552)

    • Changes internet zones settings

      • iexplore.exe (PID: 2464)

    • Creates files in the user directory

      • iexplore.exe (PID: 2144)
      • iexplore.exe (PID: 552)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 4088)
      • iexplore.exe (PID: 2464)

    • Application launched itself

      • iexplore.exe (PID: 2464)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 552)
      • iexplore.exe (PID: 2464)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 552)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.txt | Text - UTF-8 encoded (100)

EXIF

HTML

HTTPEquivXUACompatible: IE=edge
ContentType: text/html; charset=UTF-8
Description: youtube,youtube music,unblock youtube,youtube videos,youtube to mp3,youtube songs,youtube movies,youtube music videos,youtube proxy,youtube broadcast yourself,listen to youtube,youtube broadcast,utube,youtub
Keywords: Unblock YouTube grants you access to any blocked web page. This site is compatible with YouTube Videos and has servers located in Europe.,youtube,youtube music,unblock youtube,youtube videos,youtube to mp3,youtube songs,youtube movies,youtube music videos,youtube proxy,youtube broadcast yourself,listen to youtube,youtube broadcast,utube,youtub
Title: Unblock YouTube grants you access to any blocked web page. This site is compatible with YouTube Videos and has servers located in Europe.youtube,youtube music,unblock youtube,youtube videos,youtube to mp3,youtube songs,youtube movies,youtube music videos,youtube proxy,youtube broadcast yourself,listen to youtube,youtube broadcast,utube,youtub
alexaVerifyID: fSWVak30jpQ63Nap7Sg7C4QUhc8
viewport: width=device-width, initial-scale=1, maximum-scale=1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2464"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2144"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2464 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
552"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2464 CREDAT:203009C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
4088C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version:
26,0,0,131
Total events
668
Read events
569
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
1
Text files
53
Unknown types
11

Dropped files

PID
Process
Filename
Type
2464iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2464iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2144iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\bootstrap[1].csstext
MD5:5CDDE728ED9268DD1266453A548B03A8
SHA256:7648BE07FF9FB3EF0CAF50027419BC8A0EDBF0E2EF1AF3A0B5DE520F14704442
2464iexplore.exeC:\Users\admin\AppData\Local\Temp\StructuredQuery.logtext
MD5:120EB0D608FBCB300873985E3A68AE62
SHA256:55E0F865C39F93BDDC6D895086BBD9AC2DB56589B270ABFFA33EF49527CD461A
2144iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\jquery-ui[1].csstext
MD5:69C5D597F54236958C504088FA1C4F9C
SHA256:5C1B0496A851F2D0FECD978C46949D2C4C8A1806F43C70097785458CD1DA9FF3
2144iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\application[1].jstext
MD5:A4A4A8D805B868598E3AED208154677D
SHA256:90DE614EA109FD0EFD8A4A3C870686EC78DE0A50837731D992BDA445E5AB4D9C
2144iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\s[1].jstext
MD5:0678130915A269ABACE9528D54499E7E
SHA256:992A590A3EA614A8B6CCD0433782753C3C13CE08727AE2FAED3A68A9DB2C9B57
2144iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\app[1].csstext
MD5:1111F554B9BC1B06EF432176F141DD01
SHA256:0EC874F24035B35318DAE69A39866E7759555ECBEED596CB6F071BA3B30CD944
2144iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\upload_video[1].csstext
MD5:C17996DCF65C4A65DB22B3BF38E8AED5
SHA256:FDA610D8C0847A6D7CCCBA517667E5D3DB7F9F057FBC92B0809B7C72F29612C8
552iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@vidco[1].txt
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
28
DNS requests
13
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2144
iexplore.exe
GET
200
104.27.153.110:80
http://vidco.su/themes/ytspace/upload_video.css
US
text
203 b
suspicious
2144
iexplore.exe
GET
200
104.27.153.110:80
http://vidco.su/static/js/s.js
US
text
990 b
suspicious
2144
iexplore.exe
GET
200
104.27.153.110:80
http://vidco.su/static/css/app.css
US
text
13.0 Kb
suspicious
2144
iexplore.exe
GET
200
104.27.153.110:80
http://vidco.su/static/css/bootstrap.css
US
text
20.2 Kb
suspicious
2144
iexplore.exe
GET
200
104.27.153.110:80
http://vidco.su/static/js/bootstrap.js
US
text
13.3 Kb
suspicious
2144
iexplore.exe
GET
200
104.27.153.110:80
http://vidco.su/static/application.js
US
text
1.53 Kb
suspicious
552
iexplore.exe
GET
200
172.217.16.138:80
http://ajax.googleapis.com/ajax/libs/jqueryui/1/jquery-ui.min.js
US
text
60.0 Kb
whitelisted
2144
iexplore.exe
GET
200
104.27.153.110:80
http://vidco.su/static/js/jquery.min.js
US
text
32.3 Kb
suspicious
2144
iexplore.exe
GET
200
104.27.153.110:80
http://vidco.su/static/css/jquery-ui.css?v=1.2
US
text
6.03 Kb
suspicious
552
iexplore.exe
GET
200
104.27.153.110:80
http://vidco.su/static/js/s.js
US
text
990 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
209.197.3.15:139
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
2464
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2144
iexplore.exe
104.27.153.110:80
vidco.su
Cloudflare Inc
US
shared
2144
iexplore.exe
172.217.16.138:80
ajax.googleapis.com
Google Inc.
US
whitelisted
552
iexplore.exe
104.27.153.110:80
vidco.su
Cloudflare Inc
US
shared
4
System
209.197.3.15:445
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
172.217.16.138:80
ajax.googleapis.com
Google Inc.
US
whitelisted
552
iexplore.exe
209.197.3.15:80
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
552
iexplore.exe
172.217.16.200:443
www.googletagmanager.com
Google Inc.
US
whitelisted
2464
iexplore.exe
104.27.153.110:80
vidco.su
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
maxcdn.bootstrapcdn.com
  • 209.197.3.15
whitelisted
vidco.su
  • 104.27.153.110
  • 104.27.152.110
suspicious
ajax.googleapis.com
  • 172.217.16.138
  • 172.217.22.42
  • 172.217.22.74
  • 172.217.16.202
  • 172.217.18.106
  • 172.217.21.202
  • 216.58.205.234
  • 172.217.22.10
  • 172.217.18.170
  • 216.58.206.10
  • 216.58.207.42
  • 216.58.207.74
  • 172.217.16.170
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.googletagmanager.com
  • 172.217.16.200
whitelisted
cdnjs.cloudflare.com
  • 104.19.197.151
  • 104.19.199.151
  • 104.19.195.151
  • 104.19.196.151
  • 104.19.198.151
whitelisted
oss.maxcdn.com
  • 23.111.8.154
whitelisted
www.google-analytics.com
  • 216.58.210.14
whitelisted
pariwiki.com.ph
  • 51.159.22.40
unknown
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2144
iexplore.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2144
iexplore.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2144
iexplore.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2144
iexplore.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2144
iexplore.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2144
iexplore.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2144
iexplore.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2144
iexplore.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2144
iexplore.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html