URL:

http://next.owlapps.net/owlapps_apps/articles?id=32153972&lang=en

Full analysis: https://app.any.run/tasks/e666b78a-138b-4176-8c4b-4d8b10e63a02
Verdict: Malicious activity
Threats:

Crypto mining malware is a resource-intensive threat that infiltrates computers with the purpose of mining cryptocurrencies. This type of threat can be deployed either on an infected machine or a compromised website. In both cases the miner will utilize the computing power of the device and its network bandwidth.

Malware Trends Tracker     >>>
Analysis date: March 24, 2020, 06:15:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
miner
coinminer
trojan
Indicators:
MD5:

B9ACCAD3D12FACAF03A1D9D5C518A630

SHA1:

055EC9F4387ED4152A0ED6E077E7A56D637FFC3B

SHA256:

70249395AB213F4DF077C6B769D4CDFD45A71A80E024AF6974C804C0D658290C

SSDEEP:

3:N1KQ4R+N8LZJ/NHWaM6nMun:CQc+2L3/kabnMun

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • COINMINER was detected

      • iexplore.exe (PID: 3888)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 780)
      • iexplore.exe (PID: 3888)

    • Changes internet zones settings

      • iexplore.exe (PID: 780)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3888)

    • Creates files in the user directory

      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 780)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 780)

    • Changes settings of System certificates

      • iexplore.exe (PID: 780)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 780)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe #COINMINER iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
780"C:\Program Files\Internet Explorer\iexplore.exe" "http://next.owlapps.net/owlapps_apps/articles?id=32153972&lang=en"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3888"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:780 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
9 688
Read events
2 838
Write events
4 606
Delete events
2 244

Modification events

(PID) Process:(780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
2843543406
(PID) Process:(780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30802339
(PID) Process:(780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
0
Suspicious files
65
Text files
67
Unknown types
34

Dropped files

PID
Process
Filename
Type
780iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab868D.tmp
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar868E.tmp
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\css_tJBWkM5TkLZjAF0xyWc7teCIsxxZuUMn2y8ffK_dN9o[1].csstext
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\css_UqzB48sGGwYUuT-h7QX_YpfiXvHvf6JTECzXllEXDKE[1].csstext
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bder
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\lampe-uv[1].jpgimage
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5ABder
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ghbassC[1].gifimage
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5ABbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
55
TCP/UDP connections
96
DNS requests
38
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3888
iexplore.exe
GET
200
195.154.180.68:80
http://next.owlapps.net/sites/default/files/css/css_tJBWkM5TkLZjAF0xyWc7teCIsxxZuUMn2y8ffK_dN9o.css?q7ntmf
FR
text
32.0 Kb
malicious
3888
iexplore.exe
GET
200
195.154.180.68:80
http://next.owlapps.net/sites/default/files/inline-images/ghbassD.gif
FR
image
524 Kb
malicious
3888
iexplore.exe
GET
200
195.154.180.68:80
http://next.owlapps.net/modules/owlapps_apps/img/nopic.jpg
FR
image
9.61 Kb
malicious
3888
iexplore.exe
GET
200
52.222.172.135:80
http://z-na.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&Operation=GetScript&ID=OneJS&WS=1
US
text
7.73 Kb
whitelisted
3888
iexplore.exe
GET
200
195.154.180.68:80
http://next.owlapps.net/sites/default/files/js/js_KCPJZWaouR2asJMgAQZRUoi60GD790g8QBy-qm_U5CU.js
FR
text
62.2 Kb
malicious
3888
iexplore.exe
GET
200
195.154.180.68:80
http://next.owlapps.net/modules/owlapps_apps/img/ghbasslogo.png
FR
image
38.4 Kb
malicious
3888
iexplore.exe
GET
200
195.154.180.68:80
http://next.owlapps.net/modules/owlapps_apps/img/ghbassB.gif
FR
image
371 Kb
malicious
3888
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
3888
iexplore.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
3888
iexplore.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
iexplore.exe
172.217.22.66:443
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
3888
iexplore.exe
195.154.180.68:80
next.owlapps.net
Online S.a.s.
FR
malicious
3888
iexplore.exe
81.171.8.143:443
www.hostingcloud.racing
LeaseWeb Netherlands B.V.
NL
malicious
3888
iexplore.exe
52.222.172.135:80
z-na.amazon-adsystem.com
Amazon.com, Inc.
US
unknown
3888
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3888
iexplore.exe
195.138.255.16:80
isrg.trustid.ocsp.identrust.com
AS33891 Netzbetrieb GmbH
DE
suspicious
3888
iexplore.exe
172.217.16.131:80
ocsp.pki.goog
Google Inc.
US
whitelisted
3888
iexplore.exe
172.217.22.40:443
www.googletagmanager.com
Google Inc.
US
whitelisted
3888
iexplore.exe
52.46.157.171:80
aax-us-east.amazon-adsystem.com
US
unknown
3888
iexplore.exe
172.217.18.163:443
fonts.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
next.owlapps.net
  • 195.154.180.68
malicious
pagead2.googlesyndication.com
  • 172.217.22.66
whitelisted
z-na.amazon-adsystem.com
  • 52.222.172.135
whitelisted
rlv.zcache.fr
  • 151.101.0.241
  • 151.101.64.241
  • 151.101.128.241
  • 151.101.192.241
suspicious
www.googletagmanager.com
  • 172.217.22.40
whitelisted
www.hostingcloud.racing
  • 81.171.8.143
whitelisted
cdnjs.cloudflare.com
  • 104.17.64.4
  • 104.17.65.4
whitelisted
fonts.googleapis.com
  • 172.217.22.10
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted

Threats

PID
Process
Class
Message
3888
iexplore.exe
A Network Trojan was detected
MALWARE [PTsecurity] Coinhive/DeepMiner JavaScript Miner
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://next.owlapps.net/owlapps_apps/articles?id=32153972&lang=en