analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.sendspace.com/file/5el19g

Full analysis: https://app.any.run/tasks/4483508a-26bf-4dc8-b0b1-53ac9ca82575
Verdict: Malicious activity
Analysis date: February 21, 2020, 16:31:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

67CD08F8E7806B5AA1211185BD7D9B79

SHA1:

EEB866FCADBE79470FE15683EA0323D029EA87F1

SHA256:

7006220D7955219C649584032969C2F843AE43D43CF779D709A96B1D34544F3D

SSDEEP:

3:N8DSLEvuGTYoQWCn:2OL0uKEn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2628)
      • iexplore.exe (PID: 580)
      • iexplore.exe (PID: 3192)
      • iexplore.exe (PID: 3968)
    • Changes internet zones settings

      • iexplore.exe (PID: 580)
    • Application launched itself

      • iexplore.exe (PID: 580)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3192)
      • iexplore.exe (PID: 2628)
      • iexplore.exe (PID: 3968)
    • Creates files in the user directory

      • iexplore.exe (PID: 580)
      • iexplore.exe (PID: 3968)
      • iexplore.exe (PID: 3192)
      • iexplore.exe (PID: 2628)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3192)
      • iexplore.exe (PID: 3968)
      • iexplore.exe (PID: 580)
    • Changes settings of System certificates

      • iexplore.exe (PID: 580)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 580)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
580"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.sendspace.com/file/5el19g"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2628"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:580 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3192"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:580 CREDAT:2233635 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3968"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:580 CREDAT:3216680 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
7 093
Read events
1 417
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
116
Text files
294
Unknown types
72

Dropped files

PID
Process
Filename
Type
2628iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab6F6C.tmp
MD5:
SHA256:
2628iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar6F6D.tmp
MD5:
SHA256:
2628iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\I62BBKP0.txt
MD5:
SHA256:
2628iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1der
MD5:528DBD67AC06C41710FE8E6ED0CA30E3
SHA256:A8D1B70A68DE6A2624D1BDFE90ED1DED2CE094E9A8288C280BB929509DE95CA5
2628iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9Bder
MD5:16351BC92441876E7107DB335595D0FF
SHA256:37D89976D154109BEF1DAA2212444E1CEA676F942BF08BC00EEAF9C30633259E
2628iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:207122249C496E420B32E2C497D8E9C6
SHA256:BA5480654AA3C5B35D1F9819979E026CE9DEB14102065ED3DE43A561B52CFAC8
2628iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\EEKS1O9G.txttext
MD5:CA6E645A0801ED8F5782583E0DAAAF6D
SHA256:80EC7C79CF460EE02B878C0C3D4732B7CB799D375069EF9E6C2A529B1725C580
2628iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9Bbinary
MD5:3BC3CC7DE2E9BE892AAA879C07D01AE5
SHA256:3B7C66A0A3555E36F3AC1B9437A30F18FE9916A21F4C413B9BE4ECCB820CF6B8
2628iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\4IT734EV.txttext
MD5:BFDD83711E0583D00E7617DD180DFC92
SHA256:01B13281F94053B9666033C79C189AD39D87319B75F0D49CBD57C04323D0811B
2628iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:E5B4C4B7635BED65B43081B67A098BF2
SHA256:DC5E2574546F7BD8398B294686B305348047FEC459F929B13BE913E8A0E0F8E0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
49
TCP/UDP connections
165
DNS requests
57
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2628
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2628
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCv2pgtDmXnZAgAAAAALnDT
US
der
472 b
whitelisted
2628
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDhKaVxWCYaNQgAAAAALC5%2B
US
der
472 b
whitelisted
2628
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTOpjOEf6LG1z52jqAxwDlTxoaOCgQUQAlhZ%2FC8g3FP3hIILG%2FU1Ct2PZYCEHdKPcKd4BB7V3WiWp%2FUzM4%3D
US
der
279 b
whitelisted
2628
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCgdZM8AVzzKAgAAAAALnDU
US
der
472 b
whitelisted
2628
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCgdZM8AVzzKAgAAAAALnDU
US
der
472 b
whitelisted
2628
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D
US
der
312 b
whitelisted
2628
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D
US
der
471 b
whitelisted
2628
iexplore.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDhKaVxWCYaNQgAAAAALC5%2B
US
der
472 b
whitelisted
2628
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2628
iexplore.exe
69.31.136.5:443
www.sendspace.com
GTT Communications Inc.
US
suspicious
2628
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2628
iexplore.exe
216.58.208.46:443
apis.google.com
Google Inc.
US
whitelisted
2628
iexplore.exe
172.217.23.99:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2628
iexplore.exe
104.18.25.159:443
ememoricane.info
Cloudflare Inc
US
unknown
2628
iexplore.exe
151.139.128.14:80
ocsp.usertrust.com
Highwinds Network Group, Inc.
US
suspicious
2628
iexplore.exe
104.17.65.4:443
cdnjs.cloudflare.com
Cloudflare Inc
US
unknown
2628
iexplore.exe
104.18.96.60:443
cdn.engine.spotscenered.info
Cloudflare Inc
US
shared
2628
iexplore.exe
172.217.23.106:443
ajax.googleapis.com
Google Inc.
US
whitelisted
2628
iexplore.exe
172.217.23.110:443
www.google-analytics.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.sendspace.com
  • 69.31.136.5
shared
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
apis.google.com
  • 216.58.208.46
whitelisted
cdn.engine.spotscenered.info
  • 104.18.96.60
  • 104.18.97.60
unknown
cdnjs.cloudflare.com
  • 104.17.65.4
  • 104.17.64.4
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
ocsp.pki.goog
  • 172.217.23.99
whitelisted
engine.spotscenered.info
  • 104.18.96.60
  • 104.18.97.60
suspicious
ememoricane.info
  • 104.18.25.159
  • 104.18.24.159
shared
www.google-analytics.com
  • 172.217.23.110
whitelisted

Threats

No threats detected
No debug info