Malware analysis MEMZ.zip Malicious activity | ANY.RUN

Add for printing

download:	MEMZ.zip
Full analysis:	https://app.any.run/tasks/d82e0762-1c20-45b1-8b49-fa14effcda16
Verdict:	Malicious activity
Analysis date:	October 14, 2019, 16:41:39
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v2.0 to extract
MD5:	69977A5D1C648976D47B69EA3AA8FCAA
SHA1:	4630CC15000C0D3149350B9ECDA6CFC8F402938A
SHA256:	61CA4D8DD992C763B47BEBB9B5FACB68A59FF0A594C2FF215AA4143B593AE9DC
SSDEEP:	192:8xI2dw4xXlsUjs1ScK3ZeD6dUqENj710+MZ9R1SVBIpp:b2dHiosKA6OqEx2t9R1SLIL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 8.0.7601.17514 undefined
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (75.0.3770.100)
Google Update Helper (1.3.34.7)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.2 (4.7.03062)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Troubleshooters Package
InternetExplorer Optional Package
KB2534111
KB2999226
KB4019990
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
ProfessionalEdition
UltimateEdition

Add for printing

MALICIOUS
- Application was dropped or rewritten from another process
  - [email protected] (PID: 2004)
  - [email protected] (PID: 3908)
  - [email protected] (PID: 2456)
  - [email protected] (PID: 2156)
  - [email protected] (PID: 3228)
  - [email protected] (PID: 1484)
  - [email protected] (PID: 4032)
  - [email protected] (PID: 3836)
  - [email protected] (PID: 2372)
  - [email protected] (PID: 2500)
  - [email protected] (PID: 2276)
- Low-level write access rights to disk partition
  - [email protected] (PID: 2372)
SUSPICIOUS
- Application launched itself
  - [email protected] (PID: 3228)
- Creates files in the user directory
  - [email protected] (PID: 2372)
- Low-level read access rights to disk partition
  - [email protected] (PID: 2372)
  - msconfig.exe (PID: 2160)
- Starts Internet Explorer
  - [email protected] (PID: 2372)
INFO
- Manual execution by user
  - [email protected] (PID: 2004)
  - [email protected] (PID: 2456)
  - [email protected] (PID: 3908)
  - [email protected] (PID: 3228)
  - [email protected] (PID: 2156)
- Reads internet explorer settings
  - iexplore.exe (PID: 1560)
  - iexplore.exe (PID: 3940)
  - iexplore.exe (PID: 3680)
  - iexplore.exe (PID: 3128)
  - iexplore.exe (PID: 2124)
  - iexplore.exe (PID: 4012)
  - iexplore.exe (PID: 2244)
- Reads Internet Cache Settings
  - iexplore.exe (PID: 3940)
  - iexplore.exe (PID: 1560)
  - iexplore.exe (PID: 2124)
  - iexplore.exe (PID: 4012)
- Changes internet zones settings
  - iexplore.exe (PID: 3304)
  - iexplore.exe (PID: 2840)
  - iexplore.exe (PID: 2888)
- Creates files in the user directory
  - iexplore.exe (PID: 1560)
  - iexplore.exe (PID: 3940)
  - iexplore.exe (PID: 3680)
  - iexplore.exe (PID: 3304)
  - iexplore.exe (PID: 3128)
  - iexplore.exe (PID: 2124)
  - iexplore.exe (PID: 4012)
  - iexplore.exe (PID: 2244)
- Application launched itself
  - iexplore.exe (PID: 3304)
  - iexplore.exe (PID: 2888)
- Reads settings of System Certificates
  - iexplore.exe (PID: 3304)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	0x0001
ZipCompression:	Deflated
ZipModifyDate:	2016:12:03 13:51:10
ZipCRC:	0xd987e890
ZipCompressedSize:	8489
ZipUncompressedSize:	14848
ZipFileName:	[email protected]

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
2508	"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\MEMZ.zip"	C:\Program Files\WinRAR\WinRAR.exe	—	explorer.exe
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0
3908	"C:\Users\admin\Desktop\[email protected]"	C:\Users\admin\Desktop\[email protected]		explorer.exe
User: admin Integrity Level: HIGH Exit code: 0
2004	"C:\Users\admin\Desktop\[email protected]"	C:\Users\admin\Desktop\[email protected]	—	explorer.exe
User: admin Integrity Level: MEDIUM Exit code: 3221226540
2456	"C:\Users\admin\Desktop\[email protected]"	C:\Users\admin\Desktop\[email protected]		explorer.exe
User: admin Integrity Level: HIGH Exit code: 0
2156	"C:\Users\admin\Desktop\[email protected]"	C:\Users\admin\Desktop\[email protected]	—	explorer.exe
User: admin Integrity Level: MEDIUM Exit code: 3221226540
3228	"C:\Users\admin\Desktop\[email protected]"	C:\Users\admin\Desktop\[email protected]		explorer.exe
User: admin Integrity Level: HIGH Exit code: 0
1484	"C:\Users\admin\Desktop\[email protected]" /watchdog	C:\Users\admin\Desktop\[email protected]	—	[email protected]
User: admin Integrity Level: HIGH
4032	"C:\Users\admin\Desktop\[email protected]" /watchdog	C:\Users\admin\Desktop\[email protected]	—	[email protected]
User: admin Integrity Level: HIGH
2500	"C:\Users\admin\Desktop\[email protected]" /watchdog	C:\Users\admin\Desktop\[email protected]	—	[email protected]
User: admin Integrity Level: HIGH
3836	"C:\Users\admin\Desktop\[email protected]" /watchdog	C:\Users\admin\Desktop\[email protected]	—	[email protected]
User: admin Integrity Level: HIGH

Add for printing

Total events

2 710

Read events

2 284

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

Text files

103

Unknown types

Dropped files

PID	Process	Filename		Type
2508	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRb2508.33234\[email protected]		—
		MD5:—	SHA256:—
1560	iexplore.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt		—
		MD5:—	SHA256:—
2840	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico		—
		MD5:—	SHA256:—
2840	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico		—
		MD5:—	SHA256:—
1560	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\search[1].txt		—
		MD5:—	SHA256:—
1560	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\search[1].htm		html
		MD5:454CBBF8B280646B27C56927D195E00E	SHA256:A105C5B7C085747416074FB1215E3D97A990A70EF95714187DE4DB2CBF7EE3E9
1560	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\rs=ACT90oF7WTeH-jXMsNB36un98SDMskq2TA[1]		text
		MD5:6C54A0CF217C46401359A74B1CA77FCD	SHA256:7B79C5044FD94121C011F37E2E75E8A2EDC1E1FA65149101A07742D0E758BEAC
1560	iexplore.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt		text
		MD5:4F5F777A71E16B2D6A0594F92C5AA4BA	SHA256:15E85F231598E80A3E40FC8EAF0BE14A30E7469E82D8882A4C5B47926AB7DD0E
1560	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\images[1].jpg		image
		MD5:A82070B3562B218684F65889B948ACD2	SHA256:B3F6375CCC2AF89ADF533B0E3FD134049B887DB58B1E3ED8A2270F92556FF2F0
1560	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\images[2].jpg		image
		MD5:082EF899B4B3EE5786513430886EC9EB	SHA256:07552719DF6D7AED991BD30F267FD8E355F451FF9AAD4F7BC71C199341989B69

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1560	iexplore.exe	GET	301	216.58.207.36:80	http://google.co.ck/search?q=is+illuminati+real	US	html	248 b	whitelisted
3940	iexplore.exe	GET	302	172.217.22.67:80	http://www.google.co.ck/search?q=g3t+r3kt	US	html	254 b	whitelisted
3128	iexplore.exe	GET	301	216.58.207.36:80	http://google.co.ck/search?q=virus+builder+legit+free+download	US	html	263 b	whitelisted
2840	iexplore.exe	GET	200	204.79.197.200:80	http://www.bing.com/favicon.ico	US	image	237 b	whitelisted
3940	iexplore.exe	GET	301	216.58.207.36:80	http://google.co.ck/search?q=g3t+r3kt	US	html	238 b	whitelisted
3680	iexplore.exe	GET	302	172.217.22.67:80	http://www.google.co.ck/search?q=g3t+r3kt	US	html	254 b	whitelisted
2124	iexplore.exe	GET	301	216.58.207.36:80	http://google.co.ck/search?q=virus.exe	US	html	239 b	whitelisted
2124	iexplore.exe	GET	302	172.217.22.67:80	http://www.google.co.ck/search?q=virus.exe	US	html	255 b	whitelisted
2244	iexplore.exe	GET	302	172.217.22.67:80	http://www.google.co.ck/search?q=how+to+create+your+own+ransomware	US	html	279 b	whitelisted
3680	iexplore.exe	GET	301	216.58.207.36:80	http://google.co.ck/search?q=g3t+r3kt	US	html	238 b	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1560	iexplore.exe	172.217.22.67:80	www.google.co.ck	Google Inc.	US	whitelisted
1560	iexplore.exe	172.217.22.110:443	encrypted-tbn1.gstatic.com	Google Inc.	US	whitelisted
1560	iexplore.exe	172.217.22.67:443	www.google.co.ck	Google Inc.	US	whitelisted
2840	iexplore.exe	204.79.197.200:80	www.bing.com	Microsoft Corporation	US	whitelisted
1560	iexplore.exe	216.58.207.36:80	google.co.ck	Google Inc.	US	whitelisted
3940	iexplore.exe	216.58.207.36:80	google.co.ck	Google Inc.	US	whitelisted
3940	iexplore.exe	172.217.22.67:443	www.google.co.ck	Google Inc.	US	whitelisted
3940	iexplore.exe	172.217.22.67:80	www.google.co.ck	Google Inc.	US	whitelisted
1560	iexplore.exe	172.217.22.14:443	encrypted-tbn0.gstatic.com	Google Inc.	US	whitelisted
1560	iexplore.exe	216.58.205.238:443	encrypted-tbn3.gstatic.com	Google Inc.	US	whitelisted

DNS requests

Domain	IP	Reputation
google.co.ck	216.58.207.36	whitelisted
www.bing.com	204.79.197.200 13.107.21.200	whitelisted
www.google.co.ck	172.217.22.67	whitelisted
encrypted-tbn3.gstatic.com	216.58.205.238	whitelisted
encrypted-tbn1.gstatic.com	172.217.22.110	whitelisted
encrypted-tbn0.gstatic.com	172.217.22.14	whitelisted
encrypted-tbn2.gstatic.com	172.217.23.142	whitelisted
www.youtube.com	172.217.22.46 172.217.22.78 216.58.210.14 172.217.18.110 172.217.23.174 172.217.21.206 216.58.205.238 172.217.21.238 172.217.22.14 172.217.18.14 172.217.18.174 172.217.23.142 216.58.206.14 172.217.23.110 216.58.207.46 216.58.207.78	whitelisted
s.ytimg.com	216.58.205.238	whitelisted
fonts.gstatic.com	172.217.22.35	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

MEMZ.zip

69977A5D1C648976D47B69EA3AA8FCAA

4630CC15000C0D3149350B9ECDA6CFC8F402938A

61CA4D8DD992C763B47BEBB9B5FACB68A59FF0A594C2FF215AA4143B593AE9DC

192:8xI2dw4xXlsUjs1ScK3ZeD6dUqENj710+MZ9R1SVBIpp:b2dHiosKA6OqEx2t9R1SLIL

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Application was dropped or rewritten from another process

Low-level write access rights to disk partition

SUSPICIOUS

Application launched itself

Creates files in the user directory

Low-level read access rights to disk partition

Starts Internet Explorer

INFO

Manual execution by user

Reads internet explorer settings

Reads Internet Cache Settings

Changes internet zones settings

Creates files in the user directory

Application launched itself

Reads settings of System Certificates

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings