analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://datalogyc.com/

Full analysis: https://app.any.run/tasks/efcf9b95-8775-4bf1-8d3a-8fd83c6b9dc2
Verdict: Malicious activity
Analysis date: October 05, 2022, 05:53:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

64AD6BB6267400DE79FDFE040BBC6FE7

SHA1:

35E45C51F688D1B5E432C83E837AF3343FB43BB2

SHA256:

71871E87878B003634E3E81EC30DCCFE2CC54357D1034BE7A4E62099CE38B17A

SSDEEP:

3:N8ciIGt:2cA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3056)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe msdt.exe no specs sdiagnhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3056"C:\Program Files\Internet Explorer\iexplore.exe" "https://datalogyc.com/"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
952"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3056 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3028 -modal 131374 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\admin\AppData\Local\Temp\NDF7207.tmp -ep NetworkDiagnosticsWebC:\Windows\system32\msdt.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Diagnostics Troubleshooting Wizard
Exit code:
4294967295
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
860C:\Windows\System32\sdiagnhost.exe -EmbeddingC:\Windows\System32\sdiagnhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Scripted Diagnostics Native Host
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
16 360
Read events
16 201
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
18
Text files
43
Unknown types
19

Dropped files

PID
Process
Filename
Type
952iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771binary
MD5:85C0501CB0AF8424462005D5F6D2B10E
SHA256:9D836705C8EAC1057FF275D643E7B756DAC8EE4C96437A3C2328526B42AE29D8
952iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771der
MD5:AA6C1B3D503B045E9918EAC50C2859E2
SHA256:73E09C0D82004EDBB527F9767BB02481AD1D2814E0B913229084F6A5DF775B06
3056iexplore.exeC:\Users\admin\AppData\Local\Temp\NDF7207.tmpbinary
MD5:B4593EA350041DA230435E4FE9A6F68A
SHA256:9B39F814FC16F4F7BB3527B17BB43490E67EAD986E82E49D63B62B885E175D35
3028msdt.exeC:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\StartDPSService.ps1text
MD5:A660422059D953C6D681B53A6977100E
SHA256:D19677234127C38A52AEC23686775A8EB3F4E3A406F4A11804D97602D6C31813
3028msdt.exeC:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\NetworkDiagnosticsResolve.ps1text
MD5:A7B957F221C643580184665BE57E6AC8
SHA256:8582EF50174CB74233F196F193E04C0CCBBEE2AED5CE50964CBB95822C218E7F
3028msdt.exeC:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\en-US\DiagPackage.dll.muiexecutable
MD5:5D7936806E6855E2ECC2B095316D45D8
SHA256:71A4559F9FD122914A95998E8685BE638B8F81E581987708497E8F8A7A2F4DCB
3028msdt.exeC:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\UtilitySetConstants.ps1text
MD5:0C75AE5E75C3E181D13768909C8240BA
SHA256:DE5C231C645D3AE1E13694284997721509F5DE64EE5C96C966CDFDA9E294DB3F
3028msdt.exeC:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\DiagPackage.dllexecutable
MD5:2433E09C08C21455000F7E36D7653759
SHA256:EA9400E719FB15CD82D5DAB4B7D8E3870BB375BBE11BB95B0D957A84FEE2891C
3028msdt.exeC:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\InteractiveRes.ps1text
MD5:25B8543DBF571F040118423BC3C7A75E
SHA256:D78E6291D6F27AC6FEBDCF0A4D5A34521E7F033AF8875E026DF21BA7513AB64A
3028msdt.exeC:\Users\admin\AppData\Local\Temp\SDIAG_da809bbb-f998-4ce8-9643-c71cfa4d666b\UtilityFunctions.ps1text
MD5:2F7C3DB0C268CF1CF506FE6E8AECB8A0
SHA256:886A625F71E0C35E5722423ED3AA0F5BFF8D120356578AB81A64DE2AB73D47F3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
45
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3056
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
952
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D
US
der
1.69 Kb
whitelisted
952
iexplore.exe
GET
200
192.124.249.22:80
http://ocsp.starfieldtech.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D
US
der
1.74 Kb
whitelisted
952
iexplore.exe
GET
200
192.124.249.22:80
http://ocsp.starfieldtech.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA%3D%3D
US
der
1.70 Kb
whitelisted
952
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCFuM9B%2BPxE5X
US
der
1.74 Kb
whitelisted
952
iexplore.exe
GET
200
8.248.145.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3ee1327b1814a2ea
US
compressed
4.70 Kb
whitelisted
3056
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3056
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3056
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3056
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
952
iexplore.exe
160.153.136.3:443
datalogyc.com
Host Europe GmbH
NL
malicious
844
svchost.exe
160.153.136.3:443
datalogyc.com
Host Europe GmbH
NL
malicious
952
iexplore.exe
8.248.145.254:80
ctldl.windowsupdate.com
LEVEL3
US
suspicious
160.153.136.3:443
datalogyc.com
Host Europe GmbH
NL
malicious
952
iexplore.exe
23.36.163.225:443
img1.wsimg.com
Akamai International B.V.
DE
suspicious
3056
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
952
iexplore.exe
192.124.249.23:80
ocsp.godaddy.com
SUCURI-SEC
US
suspicious
3056
iexplore.exe
160.153.136.3:443
datalogyc.com
Host Europe GmbH
NL
malicious
952
iexplore.exe
192.124.249.22:80
ocsp.godaddy.com
SUCURI-SEC
US
suspicious

DNS requests

Domain
IP
Reputation
datalogyc.com
  • 160.153.136.3
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 8.248.145.254
  • 8.241.123.126
  • 8.248.115.254
  • 8.238.191.126
  • 8.248.139.254
whitelisted
ocsp.godaddy.com
  • 192.124.249.23
  • 192.124.249.22
  • 192.124.249.24
  • 192.124.249.36
  • 192.124.249.41
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
img1.wsimg.com
  • 23.36.163.225
  • 23.36.163.228
whitelisted
ocsp.starfieldtech.com
  • 192.124.249.22
  • 192.124.249.41
  • 192.124.249.23
  • 192.124.249.36
  • 192.124.249.24
whitelisted
img6.wsimg.com
  • 23.36.163.228
  • 23.36.163.225
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

PID
Process
Class
Message
952
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
844
svchost.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
844
svchost.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://datalogyc.com/