URL:

https://www.1024tera.com/spanish/sharing/link?surl=1Gn51HyP5itF7a0KhT35EA&path=%2FS%20E%20R%20I%20E%20S%2F%E2%98%85%20EL%20CORRECAMINOS%20%281966%29%20%2845%20Cap%29

Full analysis: https://app.any.run/tasks/5bbee36d-640a-4cf0-9d51-18565a769285
Verdict: Malicious activity
Analysis date: February 21, 2024, 21:35:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

1BBA69C1BC5D343394427C8090CBEDBB

SHA1:

68AB1268CE81A28F881A4C65B44A15893A9BCCD5

SHA256:

6EFFE92526E909B600B5CB08BA21D31E2A0137A21D7E7A86F18F6DADE0750872

SSDEEP:

3:N8DSLHSRSvWNs6HMLcKY7c73ENQQgkjcAKjXj3YoKSFAX3WcGANAXcn:2OLRis6HMc78b1kVgYoKSFAB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2160)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1340"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2160 CREDAT:857368 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
3221225477
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1584"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2160 CREDAT:4068630 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2160"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.1024tera.com/spanish/sharing/link?surl=1Gn51HyP5itF7a0KhT35EA&path=%2FS%20E%20R%20I%20E%20S%2F%E2%98%85%20EL%20CORRECAMINOS%20%281966%29%20%2845%20Cap%29"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2736"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2160 CREDAT:4068691 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3520"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2160 CREDAT:3216651 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
3221225477
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3720"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2160 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
88 667
Read events
88 463
Write events
166
Delete events
38

Modification events

(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31089933
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31089933
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
47
Text files
56
Unknown types
37

Dropped files

PID
Process
Filename
Type
3720iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\0ZB2KRJM.txttext
MD5:3B3400C8025F106A3FA7DBBCA9982FA7
SHA256:37692B30901A90CC9DC9415F33116E6F5E27F64236342316EEDA52D51E7550AE
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BEbinary
MD5:18CEBBEE2EAFCE323EA0B031B52ED67E
SHA256:ADD810E50A9D088526EE55CCC2586E8E4D272E0D5A65B742DA00F89C01E88111
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:0572CC786EEEA603003C9496E134D6E7
SHA256:D4960741540DF03851361D40B5A45C822F5E1E58A1EBBEB61E305B21BE47D19F
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BEbinary
MD5:EA9B80A640ACE6F3F63B53D26B3740BD
SHA256:0AD41CD2AB4C6E92AF6B448CDDDD58CE48F04AE053D4182C5AB31353BB712C41
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_710023890A74DB18FECA7ECD9EAE5B40binary
MD5:4CF3430159E1ABA290B39CAEEC3B05CA
SHA256:1070652DA79249F71FFBB6C86B95351572BE080DDC4DE418405212C10447C8D9
3720iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\FN6TYKGF.txttext
MD5:882654BA44BDE76D429547548ED16ACF
SHA256:FB8F0B38A3CF0FCEE2B3CD449ABD9592912144D740931FA707ABA50A3C17AEE9
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_710023890A74DB18FECA7ECD9EAE5B40binary
MD5:4F6D9C9F0E37D6F204BAB4FA283EA5A3
SHA256:3499FB7DDB6C5D73265E4CC6B4E083CB66F0095C93BB28FC41FB298AF25BED47
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:5103FEC54A1BBA4443A0850E449716AE
SHA256:3456B324745DAE149EE21F9C6404DADDE245444AA9BCD049AFA213916FE21121
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:ACB7D9D1FC08579F02510F13B63086F9
SHA256:1E075BC8E391657D475ABA64670466E0C5C65A5FB51DC9FE246E8DE6A68E2D8F
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:9B906500EDCC7E3FF46618F61D0CED9C
SHA256:3BE76A14C6A22DDB658477086A1548BAEAE77929ECA126130AADB53B4D7525CF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
117
DNS requests
42
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3720
iexplore.exe
GET
304
184.24.77.209:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?927e0d673a39dd41
DE
unknown
3720
iexplore.exe
GET
200
192.229.221.95:80
http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJiUKgT2m88fZ4nxc1Lu6M%2FjvkagQUDNtsgkkPSmcKuBTuesRIUojrVjgCEA1qxNut5RMnEbRCZ%2FqClDw%3D
US
binary
471 b
unknown
3720
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
binary
1.49 Kb
unknown
3720
iexplore.exe
GET
200
192.229.221.95:80
http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJiUKgT2m88fZ4nxc1Lu6M%2FjvkagQUDNtsgkkPSmcKuBTuesRIUojrVjgCEAMlRftzB1IHEthCOcO4Sfw%3D
US
binary
471 b
unknown
3720
iexplore.exe
GET
200
108.138.2.10:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
binary
2.02 Kb
unknown
3720
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
binary
1.41 Kb
unknown
3720
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D
US
binary
1.37 Kb
unknown
3720
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/rootr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDQHuXxad%2F5c1K2Rl1mo%3D
unknown
binary
1.41 Kb
unknown
3720
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D
unknown
binary
1.40 Kb
unknown
3720
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDFXmrK7R%2BKQw%2Bak4xQ%3D%3D
unknown
binary
1.40 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
3720
iexplore.exe
210.232.36.152:443
www.1024tera.com
NTT Communications Corporation
JP
unknown
3720
iexplore.exe
184.24.77.209:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3720
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3720
iexplore.exe
185.207.113.212:443
s2.freeterabox.com
ZEN-ECN
US
unknown
3720
iexplore.exe
18.245.39.64:80
ocsp.rootg2.amazontrust.com
US
unknown
3720
iexplore.exe
60.190.116.48:443
sofire.bdstatic.com
Chinanet
CN
unknown
3720
iexplore.exe
74.125.71.84:443
accounts.google.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
www.1024tera.com
  • 210.232.36.152
  • 210.148.85.59
unknown
ctldl.windowsupdate.com
  • 184.24.77.209
  • 184.24.77.173
  • 184.24.77.201
  • 184.24.77.187
  • 184.24.77.186
  • 184.24.77.194
  • 184.24.77.202
  • 184.24.77.206
  • 184.24.77.203
  • 104.110.191.151
  • 104.110.191.140
  • 104.110.191.155
  • 104.110.191.139
  • 104.110.191.156
  • 104.110.191.134
  • 104.110.191.141
  • 104.110.191.133
  • 104.110.191.152
  • 184.24.77.205
  • 184.24.77.174
  • 184.24.77.193
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
status.rapidssl.com
  • 192.229.221.95
shared
s2.freeterabox.com
  • 185.207.113.212
  • 185.207.113.213
  • 185.207.113.214
  • 185.207.113.210
  • 185.207.113.211
unknown
accounts.google.com
  • 74.125.71.84
shared
static.line-scdn.net
  • 13.32.121.34
  • 13.32.121.121
  • 13.32.121.64
  • 13.32.121.124
whitelisted
sofire.bdstatic.com
  • 60.190.116.48
unknown
o.ss2.us
  • 108.138.2.10
  • 108.138.2.195
  • 108.138.2.173
  • 108.138.2.107
whitelisted
ocsp.pki.goog
  • 216.58.212.163
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.1024tera.com/spanish/sharing/link?surl=1Gn51HyP5itF7a0KhT35EA&path=%2FS%20E%20R%20I%20E%20S%2F%E2%98%85%20EL%20CORRECAMINOS%20%281966%29%20%2845%20Cap%29