analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea.com

Full analysis: https://app.any.run/tasks/15bdaea2-7820-4419-9a30-88903da0d7e9
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: January 24, 2022, 21:53:16
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
ransomware
wannacry
Indicators:
MD5:

F697EFE59871C575983BADFE8901EB23

SHA1:

81C77A9A180DBDF040A0C20426975471D70A57AC

SHA256:

69066263C84660EABFB19634E935B317E87C0A39B495C757F662961353BD4DB0

SSDEEP:

3:N1KXBJP8NBBC3ADyKI:CxByBBeT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3416)

  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 3416)
      • iexplore.exe (PID: 1468)

    • Changes settings of System certificates

      • iexplore.exe (PID: 1468)

    • Reads the computer name

      • iexplore.exe (PID: 1468)
      • iexplore.exe (PID: 3416)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1468)
      • iexplore.exe (PID: 3416)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 1468)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1468)

    • Changes internet zones settings

      • iexplore.exe (PID: 1468)

    • Application launched itself

      • iexplore.exe (PID: 1468)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1468)
      • iexplore.exe (PID: 3416)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3416)

    • Creates files in the user directory

      • iexplore.exe (PID: 3416)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1468"C:\Program Files\Internet Explorer\iexplore.exe" "http://iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea.com"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3416"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1468 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
16 914
Read events
16 711
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
18
Text files
38
Unknown types
22

Dropped files

PID
Process
Filename
Type
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9der
MD5:AD854489398CCECF33973716EA9C88D2
SHA256:59020102EA386F018DEC0DE12F14AA0F13F5C8A2BD388FA433C43504B421E8B8
1468iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:0232DC53E6D0F942FCC733859193B191
SHA256:F82314A1B58EE5732DD019D1AA34C89396843C574972634884696C5147E9C3BE
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAder
MD5:64E9B8BB98E2303717538CE259BEC57D
SHA256:76BD459EC8E467EFC3E3FB94CB21B9C77A2AA73C9D4C0F3FAF823677BE756331
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_C15B120C7F4EE6F1182923868E66174Bbinary
MD5:92A4ED566116F895A05191815C9C592E
SHA256:8A4D7B1A2E5AFE87FFB002A252CD3F76BFEE5488226C2EBD2C51F2A4B9A93173
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9binary
MD5:A8991077904DE9E93B873194CF45AF21
SHA256:A4F1ACBF45857B29C9F97F2E0160CADAD75B242BE9B425D10987C6995FE9B445
1468iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:FC990EAA7247546FB67C18916A4CAC9B
SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993
3416iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\css2[1].csstext
MD5:A1437DD9B40BB27D82AF32CFC7AD8B9E
SHA256:E194AC25C287F61CED1AA5FDBB5DDA41D5242EFC09D5E14EFA24FE55AFCDA6A3
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1BA0827A4EF228007FD2BC1C55C07DA7binary
MD5:2C8CF7DDD589FB9CFF80F0FAD9B4D98A
SHA256:6AB75A9810DADD71C8B2758B73E23021523F941D6B778AB0450952377039C25D
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_C15B120C7F4EE6F1182923868E66174Bder
MD5:5ECC28B4BE35C72FDBD3178856CB01FB
SHA256:41B3BE93901DD378D15798A143B0FC45308BD6466104051A123E2C041BE0D629
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:CF81B45F4CD0A5B52CA0EC6DEEA1F8D2
SHA256:576FFBF1B8BE0FC7EDFBB9A4938B048418951166A883512B35794F65BC29800C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
56
DNS requests
23
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3416
iexplore.exe
GET
200
142.250.186.67:80
http://crl.pki.goog/gsr1/gsr1.crl
US
der
1.61 Kb
whitelisted
3416
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCECMtDS7V7JnvCgAAAAErfGo%3D
US
der
471 b
whitelisted
1468
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3416
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCQlwifggE%2BvwoAAAABK4GS
US
der
472 b
whitelisted
3416
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDgAde1VeKYIQoAAAABK4GI
US
der
472 b
whitelisted
3416
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEFKxQHtEPcBCgAAAAErfHU%3D
US
der
471 b
whitelisted
3416
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEkrFZmvKd3rCgAAAAErfGA%3D
US
der
471 b
whitelisted
3416
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEH4wYrandiOsCgAAAAErgCs%3D
US
der
471 b
whitelisted
3416
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
3416
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEkrFZmvKd3rCgAAAAErfGA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3416
iexplore.exe
142.250.185.78:443
www.youtube.com
Google Inc.
US
whitelisted
1468
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1468
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3416
iexplore.exe
2.16.106.233:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
3416
iexplore.exe
142.250.186.106:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3416
iexplore.exe
64.98.145.30:80
iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Tucows.com Co.
CA
malicious
3416
iexplore.exe
142.250.185.182:443
i.ytimg.com
Google Inc.
US
unknown
3416
iexplore.exe
142.250.186.67:80
ocsp.pki.goog
Google Inc.
US
whitelisted
3416
iexplore.exe
142.250.185.164:443
www.google.com
Google Inc.
US
whitelisted
3416
iexplore.exe
74.125.105.41:443
r4---sn-aigl6nsd.googlevideo.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea.com
  • 64.98.145.30
malicious
www.youtube.com
  • 142.250.185.78
  • 142.250.185.110
  • 142.250.185.142
  • 142.250.185.174
  • 142.250.185.206
  • 142.250.185.238
  • 142.250.181.238
  • 172.217.16.142
  • 216.58.212.174
  • 142.250.74.206
  • 142.250.186.46
  • 142.250.186.78
  • 142.250.186.110
  • 142.250.186.142
  • 142.250.186.174
  • 172.217.18.110
whitelisted
ctldl.windowsupdate.com
  • 2.16.106.233
  • 2.16.106.171
whitelisted
ocsp.pki.goog
  • 142.250.186.67
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
crl.pki.goog
  • 142.250.186.67
whitelisted
fonts.googleapis.com
  • 142.250.186.106
whitelisted
i.ytimg.com
  • 142.250.185.182
  • 142.250.185.214
  • 142.250.185.246
  • 142.250.181.246
  • 172.217.16.150
  • 216.58.212.182
  • 142.250.74.214
  • 142.250.186.54
  • 142.250.186.86
  • 142.250.186.118
  • 142.250.186.150
  • 142.250.186.182
  • 172.217.18.118
  • 142.250.184.214
  • 142.250.184.246
  • 142.250.185.86
whitelisted

Threats

PID
Process
Class
Message
A Network Trojan was detected
ET TROJAN Possible WannaCry DNS Lookup 4
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea.com