analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/d2f59b9d-c660-438a-8b8f-8f9ddea097ce
Verdict: Malicious activity
Analysis date: November 29, 2020, 14:47:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text
MD5:

079F8F48B25BC8AEC7244F4E997D73B5

SHA1:

25A1D6F6E6DCB4FFCD0BF773832F2F8BB242278E

SHA256:

62B61B7CDD1D20B98DA4486DB600A4852D88AD8765C4C94A2FBB5286D8C84719

SSDEEP:

12:BMQt5FYo9+OEutJarDz0rCuKXfsx0sGJA9jL:WC5/Za7+3xR9v

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2164)
    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2164)
      • chrome.exe (PID: 2972)
    • Drops a file that was compiled in debug mode

      • chrome.exe (PID: 2972)
      • chrome.exe (PID: 2164)
  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2148)
      • iexplore.exe (PID: 3996)
      • iexplore.exe (PID: 2480)
    • Application launched itself

      • iexplore.exe (PID: 2480)
      • iexplore.exe (PID: 3996)
      • chrome.exe (PID: 2164)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2148)
      • iexplore.exe (PID: 3996)
    • Changes internet zones settings

      • iexplore.exe (PID: 2480)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2148)
      • iexplore.exe (PID: 3996)
      • iexplore.exe (PID: 2480)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3996)
      • iexplore.exe (PID: 2148)
      • iexplore.exe (PID: 2480)
    • Manual execution by user

      • chrome.exe (PID: 2164)
    • Reads the hosts file

      • chrome.exe (PID: 2164)
      • chrome.exe (PID: 2972)
    • Creates files in the user directory

      • iexplore.exe (PID: 2480)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)

EXIF

HTML

Title: free memz virus 100% legit
Description: get your free memz viruzz for free. use this safely or you will get fucking spanked.
Keywords: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
96
Monitored processes
54
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2480"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2148"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2480 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3996"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2480 CREDAT:78855 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2796"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2480 CREDAT:398593 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2164"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
4044"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6e98a9d0,0x6e98a9e0,0x6e98a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3008"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=604 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
1068"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=988,1608233712315110968,2077157254500884520,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=8615032142113042728 --mojo-platform-channel-handle=1012 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2972"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=988,1608233712315110968,2077157254500884520,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=829004526674132917 --mojo-platform-channel-handle=1664 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3928"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,1608233712315110968,2077157254500884520,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13507525601810858703 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
2 243
Read events
1 969
Write events
0
Delete events
0

Modification events

No data
Executable files
8
Suspicious files
178
Text files
334
Unknown types
28

Dropped files

PID
Process
Filename
Type
2148iexplore.exeC:\Users\admin\AppData\Local\Temp\Cab369.tmp
MD5:
SHA256:
2148iexplore.exeC:\Users\admin\AppData\Local\Temp\Tar36A.tmp
MD5:
SHA256:
3996iexplore.exeC:\Users\admin\AppData\Local\Temp\Cab3C7.tmp
MD5:
SHA256:
2148iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\memz-site[1].htm
MD5:
SHA256:
3996iexplore.exeC:\Users\admin\AppData\Local\Temp\Tar3C8.tmp
MD5:
SHA256:
2148iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\dlbtn[1].gif
MD5:
SHA256:
3996iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\arrow_right[1].gif
MD5:
SHA256:
2148iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C70BFA2D9DC40914ACED8BBED973B1E3_0AAC2086786434F6533EB54D1FBF050Cder
MD5:A20841AB2B704F016B699EE2A23AF9D9
SHA256:8D629991440F2E13C00EBC2439ADECEAA5FB4570C92583DF0EB47BCDE95CD0CC
2148iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\68FAF71AF355126BCA00CE2E73CC7374_A88E46230AD93776AD6952BFE1EC0FFFder
MD5:F6E049907A6563637D1DAC7C0A814E5A
SHA256:18E62D75C437B6EC530C905061099D7F7E22241ECCC71FBE9C92C54E673D2AE4
2148iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\04FC23A773A43B5EED263BBAF545D686_0EE68C905AC58CD361640846A866098Fder
MD5:39048516B0FF4DB7BEC9FCDF83C369BA
SHA256:01604C97ACAA9F0F9B3285F40F76733184159195F0A17A0F5D755CEABCD79EA6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
134
DNS requests
86
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2148
iexplore.exe
GET
200
95.101.27.121:80
http://subca.ocsp-certum.com/MFAwTjBMMEowSDAJBgUrDgMCGgUABBQcn6glOULIBQemtTWi1FD7IEbk4gQUVJndm%2F%2Fopw6jGZ1bvkJX3zD8jzICDzEdft3kkgIIu9he9yYrug%3D%3D
unknown
der
1.55 Kb
whitelisted
2148
iexplore.exe
GET
200
95.101.27.77:80
http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDQS2%2Fl3VvSIefHTPZGizFG
unknown
der
1.63 Kb
whitelisted
2148
iexplore.exe
GET
200
95.101.27.121:80
http://h.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRLAbuY6AMy2ME5AnM9MlyLM4YhywQUPZG2zBF76%2BRmEazS0gfLqaSAczECECQeqgVCd%2B09JIQMr%2FYwleI%3D
unknown
der
1.46 Kb
whitelisted
2148
iexplore.exe
GET
200
95.101.27.121:80
http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDQS2%2Fl3VvSIefHTPZGizFG
unknown
der
1.63 Kb
whitelisted
2972
chrome.exe
GET
301
104.27.177.1:80
http://getgamesss.com/games?source=exblog&se=2017_08_10&keyword=Daedalus%20-%20No%20Escape%201.0.4
US
unknown
2148
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2148
iexplore.exe
GET
200
95.101.27.77:80
http://subca.ocsp-certum.com/MFAwTjBMMEowSDAJBgUrDgMCGgUABBQcn6glOULIBQemtTWi1FD7IEbk4gQUVJndm%2F%2Fopw6jGZ1bvkJX3zD8jzICDzEdft3kkgIIu9he9yYrug%3D%3D
unknown
der
1.55 Kb
whitelisted
2972
chrome.exe
GET
200
184.168.131.241:80
http://memz.download/
US
html
446 b
whitelisted
3996
iexplore.exe
GET
200
104.18.25.243:80
http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIGkp0%2Fv9GUvNUu1EP06Tu7%2BChyAQUkZ47RGw9V5xCdyo010%2FRzEqXLNoCExwAFF8jA2u85i8%2FLFYAAAAUXyM%3D
US
der
1.75 Kb
whitelisted
3996
iexplore.exe
GET
200
95.101.27.121:80
http://h.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRLAbuY6AMy2ME5AnM9MlyLM4YhywQUPZG2zBF76%2BRmEazS0gfLqaSAczECECQeqgVCd%2B09JIQMr%2FYwleI%3D
unknown
der
1.46 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2480
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2148
iexplore.exe
80.211.245.94:443
bts.net.pl
Aruba S.p.A.
IT
suspicious
2972
chrome.exe
216.58.212.131:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2148
iexplore.exe
95.101.27.81:80
repository.certum.pl
Akamai Technologies, Inc.
unknown
2148
iexplore.exe
95.101.27.77:80
subca.ocsp-certum.com
Akamai Technologies, Inc.
unknown
3996
iexplore.exe
80.211.245.94:443
bts.net.pl
Aruba S.p.A.
IT
suspicious
2148
iexplore.exe
95.101.27.121:80
subca.ocsp-certum.com
Akamai Technologies, Inc.
unknown
3996
iexplore.exe
95.101.27.121:80
subca.ocsp-certum.com
Akamai Technologies, Inc.
unknown
2972
chrome.exe
142.250.74.195:443
www.google.com.ua
Google Inc.
US
whitelisted
2972
chrome.exe
172.217.23.110:443
ogs.google.com.ua
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
bts.net.pl
  • 80.211.245.94
suspicious
repository.certum.pl
  • 95.101.27.81
  • 95.101.27.112
whitelisted
subca.ocsp-certum.com
  • 95.101.27.77
  • 95.101.27.121
whitelisted
h.ocsp-certum.com
  • 95.101.27.121
  • 95.101.27.77
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
clientservices.googleapis.com
  • 216.58.212.131
whitelisted
accounts.google.com
  • 142.250.64.77
shared
www.google.com.ua
  • 142.250.74.195
whitelisted
fonts.googleapis.com
  • 172.217.12.170
whitelisted

Threats

No threats detected
No debug info