analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://links.mail.info-flyingblue.com

Full analysis: https://app.any.run/tasks/a44754ff-24a2-438b-86f5-6f900a2d2987
Verdict: Malicious activity
Analysis date: June 27, 2022, 09:45:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

E50B6A71E0553548F85B140A383BB188

SHA1:

9040287A5A56AE98AD6E0062A30C89A9B7B66AFB

SHA256:

657CBCFA0F7669AD6475994A6F1667FAB993D71F0FED7E3CD0BC9266DDA3416D

SSDEEP:

3:N8MLfP2Z+A2:2Mxh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3380)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 2884)
      • iexplore.exe (PID: 3380)
    • Checks supported languages

      • iexplore.exe (PID: 2884)
      • iexplore.exe (PID: 3380)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3380)
      • iexplore.exe (PID: 2884)
    • Application launched itself

      • iexplore.exe (PID: 2884)
    • Changes internet zones settings

      • iexplore.exe (PID: 2884)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3380)
      • iexplore.exe (PID: 2884)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2884)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3380)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2884"C:\Program Files\Internet Explorer\iexplore.exe" "https://links.mail.info-flyingblue.com"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3380"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2884 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
8 510
Read events
8 395
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
5
Text files
4
Unknown types
4

Dropped files

PID
Process
Filename
Type
2884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:A0145847B5DCE4F7B042038EDF8212C1
SHA256:A58D6AD9AE03971629F1FF380FB79E97D92D6C433772FF7E24791E494EBCDFE3
2884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE23C075E36DBF51283675FBCCF8A7F0der
MD5:9D355678192904B9F11FA004AD096BB3
SHA256:4EDD012DA13BAABEC38AF85DD7B46136938C4CB9B3DB13E53D807412596ECCBC
2884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:790E40386A5478B54787C28956E029D7
SHA256:2A14CA44FA89C53F53111C7CAAE9155A460FA162BD822CCEAF7B7F74B8390557
2884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:0F272EFD8D302B17C36FD5AD67FB348E
SHA256:CE28401681E28B1D1D2FAA0230702EB905F53B81535E0C400E14CD5644C3ADE7
3380iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:6AEB1C3681CD8858B7C4772AE836108F
SHA256:CAB405CE29F662E1E073DAD7294E24F1069894A2AE7A93F8949F83651AC8FCF6
2884iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3380iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:EC177981222074174F153C8BF8C62A30
SHA256:957FF9361FD920FD45F36D0B8FBC3E6D8157EAC522012C1A7A965FCAC31A10EC
2884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342
SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E
2884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE23C075E36DBF51283675FBCCF8A7F0binary
MD5:86F46C27DFF3EAEAE2D12E48CA068A61
SHA256:035016CA14C2D5797038237FC788FC7525080D37AFDAF8E27F369C7B3AF339D0
2884iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
23
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2884
iexplore.exe
GET
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b751281f24805fcb
GB
whitelisted
3380
iexplore.exe
GET
172.64.155.188:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEFCpZvUyqtwlIPQ0nPc6GBw%3D
US
whitelisted
3380
iexplore.exe
GET
95.140.236.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f9acc686963719fe
GB
whitelisted
3380
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
2884
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2884
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
2884
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEFCpZvUyqtwlIPQ0nPc6GBw%3D
US
der
471 b
whitelisted
1096
svchost.exe
GET
200
23.216.77.132:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2783cca42cb8b0ad
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3380
iexplore.exe
3.127.205.219:443
links.mail.info-flyingblue.com
US
malicious
2884
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3380
iexplore.exe
172.64.155.188:80
ocsp.usertrust.com
US
suspicious
3380
iexplore.exe
95.140.236.128:80
ctldl.windowsupdate.com
Limelight Networks, Inc.
GB
malicious
2884
iexplore.exe
95.140.236.128:80
ctldl.windowsupdate.com
Limelight Networks, Inc.
GB
malicious
172.64.155.188:80
ocsp.usertrust.com
US
suspicious
2884
iexplore.exe
95.140.236.0:80
ctldl.windowsupdate.com
Limelight Networks, Inc.
GB
whitelisted
2884
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2884
iexplore.exe
13.107.22.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2884
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
links.mail.info-flyingblue.com
  • 3.127.205.219
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ctldl.windowsupdate.com
  • 95.140.236.128
  • 95.140.236.0
  • 23.216.77.132
  • 23.216.77.146
whitelisted
ocsp.usertrust.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
ocsp.sectigo.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info