analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Beatriz.html

Full analysis: https://app.any.run/tasks/25ded82c-76d9-4222-b5fc-32903abf689b
Verdict: Malicious activity
Analysis date: January 24, 2022, 23:07:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5:

7E3B46E6BEADF41CD926081F4DCD1F10

SHA1:

E365401FA0631C68F651090070637546CE32F254

SHA256:

6BCF585F1874CCBBE798A51209064A12182031B1167CE83C58184ACC53A88C1E

SSDEEP:

12:4wkAUnW6JqFlE0N3PVTdMxC4OPxVLFXx0R+dZigz2O4fsnq9t2SBPHYmvGb:pHr6kFRN3NBMxC4eZx0YdZ9o72ofYh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3680)
      • iexplore.exe (PID: 3796)
      • iexplore.exe (PID: 2984)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3680)
      • iexplore.exe (PID: 1496)
      • iexplore.exe (PID: 3796)
      • iexplore.exe (PID: 2984)
    • Checks supported languages

      • iexplore.exe (PID: 1496)
      • iexplore.exe (PID: 3680)
      • iexplore.exe (PID: 3796)
      • iexplore.exe (PID: 2984)
    • Changes internet zones settings

      • iexplore.exe (PID: 1496)
    • Application launched itself

      • iexplore.exe (PID: 1496)
      • iexplore.exe (PID: 3680)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3680)
      • iexplore.exe (PID: 2984)
      • iexplore.exe (PID: 3796)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3796)
      • iexplore.exe (PID: 2984)
      • iexplore.exe (PID: 1496)
    • Creates files in the user directory

      • iexplore.exe (PID: 3796)
      • iexplore.exe (PID: 2984)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1496)
      • iexplore.exe (PID: 2984)
      • iexplore.exe (PID: 3796)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1496"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\Beatriz.html"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3680"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1496 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
3796"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1496 CREDAT:333057 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2984"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1496 CREDAT:726274 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
21 738
Read events
21 527
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
12
Text files
40
Unknown types
8

Dropped files

PID
Process
Filename
Type
3796iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\6JA6ECZI.txttext
MD5:C5905B5FFDCF4FEEA1D0FAAF2F33CEE2
SHA256:356986FA2F7392F5B7612B9A05F8DA940A801D8A7D3CD2C772B8F347229317EC
3796iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\C0IFWXNR.txttext
MD5:24BA11BFC0EEC2576BF6323B9E954157
SHA256:8E369DE3E679FA3936A26156281B9F319B36247EE12F2A22A3C162274CD7E320
3796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5ABder
MD5:B909D28A0CAA2EF2175531394A2A34D2
SHA256:962E1A290EA3C149206D07C8F2404A8C09CA29EA766E0C52E06C5AE858A7227A
3796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619der
MD5:D0660E10F6D3ABBBDB2465FACB08AB7B
SHA256:151C8A6770DCB52DF78FB456B693CE30B022B8F8485A1B0BC8C5ECE2B78F267A
1496iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:5B4FC5368A467045CF7B85E54519D331
SHA256:78E1FBE60EF3A14E81958E8B5824D56C6A38B826AAF254D24C243D7D34CC56C8
3796iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MJ3O7L0.txttext
MD5:D5F63240FFA30F8DCC0F8B6F4C023F04
SHA256:F48917EC6E284CB02FFE966E7AED4BB4938E62E146A8887A4188520FFB39C6C1
3796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4D1ED785E3365DE6C966A82E99CCE8EA_216A6C169356295AB09C26D4D7D32E06der
MD5:F2A1D151E9BBE5A73A798736627579E0
SHA256:A5928BAEB9BD9BE0F2F4E45DF916511BA258AC4B4BB7E91B7471E79BF317D368
3796iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZWOO3JG5.txttext
MD5:3FFE69E8C37DE1ECBFD512051BE26A4D
SHA256:31AFA26B5E9E3EFB5D377AD7107B7489974C0FDA14048E05E6A47C3B7F04D96B
3796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4D1ED785E3365DE6C966A82E99CCE8EA_216A6C169356295AB09C26D4D7D32E06binary
MD5:11BCEC8E00D7DD029019DF8B215B8509
SHA256:B16E3FF794D426225330A65CE1B0E5A472D6F442353D7E410ABEEBA2EB4847BA
3796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5ABbinary
MD5:C0577EB9F55500C87ECA8DAEFAB5FED5
SHA256:D3CDAA2DAA21F931A8191B647ADA88F8F7F43F9A00FD318CC3A14D57F18669F2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
63
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3796
iexplore.exe
GET
302
47.243.36.148:80
http://857zj.playertest.link/ttraml
US
suspicious
2984
iexplore.exe
GET
302
47.243.36.148:80
http://857zj.playertest.link/ttraml
US
suspicious
2984
iexplore.exe
GET
200
93.184.220.29:80
http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
US
der
592 b
whitelisted
3796
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEA%2B77gcCzPztNA4DGvLD224%3D
US
der
471 b
whitelisted
1496
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3796
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEA8%2ByrdrMrlwMHSyG%2BDNqgo%3D
US
der
471 b
whitelisted
3796
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
US
der
471 b
whitelisted
3796
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
3796
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAtIgyHhzCAgf0Woj6GgeOA%3D
US
der
471 b
whitelisted
1496
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3796
iexplore.exe
67.199.248.11:443
bit.ly
Bitly Inc
US
shared
3796
iexplore.exe
2.16.106.233:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
2984
iexplore.exe
2.16.106.233:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
2984
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3796
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2984
iexplore.exe
67.199.248.11:443
bit.ly
Bitly Inc
US
shared
3796
iexplore.exe
47.243.36.148:80
857zj.playertest.link
US
suspicious
3796
iexplore.exe
98.137.11.164:443
yahoo.com
Yahoo
US
malicious
1496
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1496
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
bit.ly
  • 67.199.248.11
  • 67.199.248.10
shared
ctldl.windowsupdate.com
  • 2.16.106.233
  • 2.16.106.171
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
857zj.playertest.link
  • 47.243.36.148
suspicious
yahoo.com
  • 98.137.11.164
  • 98.137.11.163
  • 74.6.143.25
  • 74.6.231.20
  • 74.6.231.21
  • 74.6.143.26
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.yahoo.com
  • 87.248.100.216
  • 87.248.100.215
whitelisted
guce.yahoo.com
  • 54.154.60.132
  • 52.213.241.206
  • 52.210.28.195
  • 34.251.136.131
  • 52.48.158.76
  • 99.80.57.14
  • 34.251.138.95
  • 63.34.23.166
whitelisted
consent.yahoo.com
  • 52.17.10.76
  • 54.76.202.226
  • 54.155.160.203
  • 52.215.115.65
  • 52.211.211.116
  • 52.30.28.111
  • 54.73.99.167
  • 54.76.66.154
whitelisted

Threats

No threats detected
No debug info