analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.adnocdistribution.ae%2F&data=05%7C01%7CMeshal.AlFaras%40JanusHenderson.com%7Cb35e2726aa5c4f6e802f08daa55c0d77%7C09d5c224c6244040ba7bdcfa64d7b17a%7C0%7C0%7C638004113417837859%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yl6%2B9NGLRNLW6pcOKtK92Df1viCfzJShHOLBYGcJQ9M%3D&reserved=0

Full analysis: https://app.any.run/tasks/f988ec8d-0807-4fb4-9805-dab5f467c27c
Verdict: Malicious activity
Analysis date: October 05, 2022, 07:29:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D068E0EA1A4D15C0BE49FE5A8687493C

SHA1:

02A28FA9FE71C2E0744099C295E89D849E7B0DBF

SHA256:

642D4DEFBBFB82E4727D0EA5B6E4A9B81985EBC3B63FF1135E000AE311A44270

SSDEEP:

6:2bV9iRXPNHszBL7jyaJcubyAZIRXSGZVc+W0S8iMjcVaVbeAiJbUuRCmuFM3vXYm:2bqVsVGaJzyAZsFRRiMLKP7RJPYbNM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2652)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2652"C:\Program Files\Internet Explorer\iexplore.exe" "https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.adnocdistribution.ae%2F&data=05%7C01%7CMeshal.AlFaras%40JanusHenderson.com%7Cb35e2726aa5c4f6e802f08daa55c0d77%7C09d5c224c6244040ba7bdcfa64d7b17a%7C0%7C0%7C638004113417837859%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yl6%2B9NGLRNLW6pcOKtK92Df1viCfzJShHOLBYGcJQ9M%3D&reserved=0"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2560"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2652 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
22 313
Read events
22 078
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
33
Text files
169
Unknown types
32

Dropped files

PID
Process
Filename
Type
2560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2F23D0F5E4D72862517E1CB26A329742_F6FACC49395CFA949BCE851E73323C49der
MD5:FC3590371542781688A0E00B5633FB09
SHA256:9A3B60E421D01707341754521C847E2BFE5FC7D9032A8AA23435713052D86BB5
2560iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\1E94DJDB.htmhtml
MD5:4805491388D0EEA4C2903DDB823AD53D
SHA256:305E9C5DDBFDBA4835B51555C02DF916D13A4CCF3831DF053349CA714EF6BC99
2560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04der
MD5:E1817D34D647D15C961327938AA58C4A
SHA256:CA2D2DB19D9A688484F592397EBC22270DC2B6F653C583B8DFDF27CFF24E0E07
2652iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:3AF1BE7F0163DC2F1113720BA304A1A0
SHA256:AC4ED153A9CB392D3D7D8FFAE523C209A791846599A79D39C8629D981CF30A5A
2560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_C89A7CE86B947A5BDDEC66331470004Ader
MD5:60DEA52ABE2437132A0387AD8BECC0AC
SHA256:AC998FB48810AEB183EC2D19CFD58B81F2243207ADD4C553E1E87F00FA6D5F3F
2560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2F23D0F5E4D72862517E1CB26A329742_F6FACC49395CFA949BCE851E73323C49binary
MD5:9EBD95DD528CDDCA5A01DA4B9F29A2C5
SHA256:5642AD9CABE03ED202FEBD91264D237F53E2B67D2AE766E9033C4250C66903F6
2560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_86C2A03C133240EC4C95180B9FD368BBder
MD5:46DA46BA922E8E17F48B2D3BE9EBEC2F
SHA256:6BFE470053F6911DAA8B62CEF95966C472EDA903ED6A2969D6E16635D28AD186
2652iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
2560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6der
MD5:2A73C0DFBC788D680BC05EF945818809
SHA256:E34EBA1B8C5E9546853E6EC7F66F24C5FCBD0B992770F6A356DB1366778663C5
2560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0der
MD5:3662F9629EB6B944494B72ACF272C86F
SHA256:B07B0C95B9D8ECD5DAAAAAE7454BADFFACA468A431440075304A6567ED1899DF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
218
DNS requests
56
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2560
iexplore.exe
GET
301
23.36.162.69:80
http://www.adnocdistribution.ae/
NL
malicious
2560
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEA9iL28hwv9dUh9yOh1H1i0%3D
US
der
471 b
whitelisted
2560
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
2560
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD6a7qQTCYd8hJU9n3M3mXb
US
der
472 b
whitelisted
2560
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEBJBetlj4ZeUEqggpI8HVMI%3D
US
der
471 b
whitelisted
2560
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEA0aHh2m4v8BYKcHnBQHQfw%3D
US
der
471 b
whitelisted
2560
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAeYNgOt45kIIZygDCe8imw%3D
US
der
471 b
whitelisted
2560
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
2560
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
2560
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2652
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2560
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
2560
iexplore.exe
23.36.162.69:443
www.adnocdistribution.ae
Akamai International B.V.
DE
suspicious
2560
iexplore.exe
23.36.162.69:80
www.adnocdistribution.ae
Akamai International B.V.
DE
suspicious
2560
iexplore.exe
104.47.57.28:443
nam02.safelinks.protection.outlook.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious
2560
iexplore.exe
104.47.51.28:443
nam02.safelinks.protection.outlook.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious
2652
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
2560
iexplore.exe
216.58.212.132:443
www.google.com
GOOGLE
US
whitelisted
2652
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2.21.20.155:443
snap.licdn.com
Akamai International B.V.
DE
suspicious

DNS requests

Domain
IP
Reputation
nam02.safelinks.protection.outlook.com
  • 104.47.51.28
  • 104.47.57.28
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
www.adnocdistribution.ae
  • 23.36.162.69
  • 23.36.162.75
malicious
www.googletagmanager.com
  • 142.250.74.200
whitelisted
www.google.com
  • 216.58.212.132
whitelisted
5p4rk13.com
  • 20.50.64.24
unknown
www.google-analytics.com
  • 172.217.16.206
whitelisted

Threats

PID
Process
Class
Message
2560
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2560
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2560
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2560
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2560
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2560
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2560
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2560
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info