analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.google.com/url?q=https%3A%2F%2Fvk.cc%2FbZ9mHq&sa=D&avl=ado&usg=AFQjCNEg7OYuNkpI5Kp0VUU8W5UiD70ZPA

Full analysis: https://app.any.run/tasks/5e8e16c3-fc80-4284-8fa7-1d3bfe7a2755
Verdict: Malicious activity
Analysis date: March 15, 2021, 17:50:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

365A2BAC5EE94037E1EA350B2F17C26C

SHA1:

9C8925BA5404D5597E7196679C97D1BD9BCAB558

SHA256:

6D2711D030E3FE73F40ED8332E74C4A41463B7F04FC7C09EC6253A3286A50CB4

SSDEEP:

3:N8DSLI2GBWCXjCbBwVEB7G0aozFdyQ5P:2OLI2MzC0EM0aoBdDR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2732)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2732)

    • Changes internet zones settings

      • iexplore.exe (PID: 2732)

    • Creates files in the user directory

      • iexplore.exe (PID: 2856)

    • Application launched itself

      • iexplore.exe (PID: 2732)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2732)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2856)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2732"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/url?q=https%3A%2F%2Fvk.cc%2FbZ9mHq&sa=D&avl=ado&usg=AFQjCNEg7OYuNkpI5Kp0VUU8W5UiD70ZPAC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2856"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2732 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
323
Read events
232
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
19
Text files
6
Unknown types
7

Dropped files

PID
Process
Filename
Type
2856iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab15B4.tmp
MD5:
SHA256:
2856iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar15B5.tmp
MD5:
SHA256:
2732iexplore.exeC:\Users\admin\AppData\Local\Temp\Cab1B71.tmp
MD5:
SHA256:
2732iexplore.exeC:\Users\admin\AppData\Local\Temp\Tar1B72.tmp
MD5:
SHA256:
2856iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\url[1].htmhtml
MD5:5CC7FB0869A17179E257B1FE25D613F4
SHA256:1E0F6E26132B2633558CBC9C8705EBCB82728C6FD7F630A046C43B663E6DEFBD
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bbinary
MD5:AA9E910C3190EB9FB631A12FFF1A404B
SHA256:938A4F679FBB0A2E5B37A69831E6C1573FAC54AD6C603251DFDB5F343E2B8EB1
2732iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver9A96.tmp
MD5:
SHA256:
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_47FCBBC85E6233C55914BB2A43BE7791der
MD5:6385070EA1402F48F6CDF4F95660D494
SHA256:8C24710496B34CA2619597EE0884D3E2494DA9662C1F05B2904A8A550D0E3420
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96Cder
MD5:19B185F5305825BF3837FB79B65B02CF
SHA256:AFCA0F1EE35E8EE88F0CFFAE8A0F91EBF35A12B6875F24861E2D17048EC70CF1
2856iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96Cbinary
MD5:FEE931417A75EF0A634F8CBFF3E57E2A
SHA256:AA058EBFAA28740BE01924E656A0937DEDC10CAAEA798976F1F19BD97AD22D3F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
19
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2856
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDCMALD23T9tFCKEtuA%3D%3D
US
der
1.53 Kb
whitelisted
2856
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEAVesN%2Fg3OOlBQAAAACHf6M%3D
US
der
471 b
whitelisted
2856
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH
US
der
1.48 Kb
whitelisted
2732
iexplore.exe
GET
200
131.253.33.200:80
http://www.bing.com/favicon.ico
US
image
4.19 Kb
whitelisted
2856
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2732
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2856
iexplore.exe
142.250.186.68:443
www.google.com
Google Inc.
US
whitelisted
2732
iexplore.exe
142.250.186.68:443
www.google.com
Google Inc.
US
whitelisted
2856
iexplore.exe
172.217.23.99:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2856
iexplore.exe
87.240.190.64:443
vk.cc
VKontakte Ltd
RU
unknown
2732
iexplore.exe
131.253.33.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2856
iexplore.exe
104.18.20.226:80
ocsp.globalsign.com
Cloudflare Inc
US
shared
104.18.21.226:80
ocsp.globalsign.com
Cloudflare Inc
US
shared
104.18.20.226:80
ocsp.globalsign.com
Cloudflare Inc
US
shared
2732
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2732
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
www.google.com
  • 142.250.186.68
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ocsp.pki.goog
  • 172.217.23.99
whitelisted
vk.cc
  • 87.240.190.64
  • 87.240.129.187
whitelisted
ocsp.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
ocsp2.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query for .cc TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.google.com/url?q=https%3A%2F%2Fvk.cc%2FbZ9mHq&sa=D&avl=ado&usg=AFQjCNEg7OYuNkpI5Kp0VUU8W5UiD70ZPA