URL:

https://swanky-resisted-point.glitch.me/?z=pnicol@eagersautomotiveparts.com.au

Full analysis: https://app.any.run/tasks/366c4344-b14a-4e28-ab71-d0c5cd2a417e
Verdict: Malicious activity
Analysis date: May 26, 2024, 22:24:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
phishing
Indicators:
MD5:

8193EBA76591CBD111DE83E1D029C421

SHA1:

5807F7860B070962A5EDCF563193E04C273F6356

SHA256:

728F6C75874E271E192AA018A3514ADF88A76BAF063AB44FC7FE7B753DFEE2A7

SSDEEP:

3:N8fuqCIrD2oUbGSlhD/oAYRn5n:2vCin8RhD/oRt5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • wmpnscfg.exe (PID: 316)

    • Reads the computer name

      • wmpnscfg.exe (PID: 316)

    • Application launched itself

      • iexplore.exe (PID: 3968)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 316)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3968"C:\Program Files\Internet Explorer\iexplore.exe" "https://swanky-resisted-point.glitch.me/?z=pnicol@eagersautomotiveparts.com.au"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4028"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3968 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
19 697
Read events
19 571
Write events
91
Delete events
35

Modification events

(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31109051
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31109051
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
30
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:7A4047C96EA3BEAB744AE492E7E85C62
SHA256:03679DFA60D22FBFF6A3A52E36053E19BEC29EA3769FBB4CA8EA7BF189FF5F6A
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:97F278ADCA9BDA81BC56229D82ACFAF5
SHA256:7B522D1EF71594EA447B8900BB77CCAA41849D428B3D6144CB307198C90914D5
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517binary
MD5:4069C5E5C9B68F36A995B029F0873865
SHA256:340F86DF429DD8689033A4E827E0C3E8CE1DA7B5D1C7E01E5D0258113BF0D4EE
4028iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\XBX56UXN.htmhtml
MD5:0B19012233D0C35281ABF3463E485CBE
SHA256:0360FEE569585D9F348956860B56DF1A6859E1CBFDFD276977F20EBED091AB41
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8der
MD5:F11498497C08EDC1828E37BE46794015
SHA256:1797E7FA8AF085CC7BCD3B916C4D02EBBEE6C1C24953B1825E15D50C1B05E6E0
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_06C539246333561386348F29F6BE592Dbinary
MD5:5C30758E18B4E42E11BB6747E40D501F
SHA256:93041E8F6E2C019B04D39D5829088217D5F63996D12B6EBE467FEF18D5F64236
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:653BB22C0C7556EE602352BB9BBC4E96
SHA256:119DB8C5ADEA27C9C38C888ECDC3CB50F472EF6002DE266003BC1546A145F475
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:D095A9850CA4D363499EA87D213637BE
SHA256:6714EB42CAAAE28E9366184D110583D60F2660A87CBDCC9F8D62D7F085C24E39
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_06C539246333561386348F29F6BE592Dbinary
MD5:9BDB186A1EAE958BDB3528A70D445DAA
SHA256:D482D77C639D1F9126DC73E80FA4DF14375A3AB7F3C1476259F3CFDDB0AA2FE1
4028iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517binary
MD5:6C01A0C6CBC5F29BDA94F44244BB503C
SHA256:92F3E8178CC9F0ECC3BADFD7EA922AB13F1D0B42C4806176F7870F3EA53B850F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
34
DNS requests
23
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4028
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?068eb670bb243701
unknown
unknown
4028
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9d16a895bffb80f6
unknown
unknown
4028
iexplore.exe
GET
200
108.138.2.10:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
unknown
4028
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
unknown
4028
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D
unknown
unknown
4028
iexplore.exe
GET
200
18.245.65.219:80
http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAwavBUkaGm72E%2BRs0Tgw3Q%3D
unknown
unknown
4028
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D
unknown
unknown
4028
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
unknown
4028
iexplore.exe
GET
200
18.245.65.219:80
http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAqFHNMUTb3%2B%2FNnQWmcy9Rg%3D
unknown
unknown
4028
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?3efec3cabca71489
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4028
iexplore.exe
3.95.107.114:443
swanky-resisted-point.glitch.me
AMAZON-AES
US
unknown
4028
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
4028
iexplore.exe
108.138.2.10:80
o.ss2.us
AMAZON-02
US
unknown
4028
iexplore.exe
18.245.39.64:80
ocsp.rootg2.amazontrust.com
US
unknown
4028
iexplore.exe
18.245.65.219:80
ocsp.r2m03.amazontrust.com
US
unknown
4028
iexplore.exe
13.32.27.4:443
prod-cdn.wetransfer.net
AMAZON-02
US
unknown
4028
iexplore.exe
52.217.202.120:443
s3.amazonaws.com
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
swanky-resisted-point.glitch.me
  • 3.95.107.114
  • 18.210.59.152
  • 3.216.229.220
  • 34.197.227.58
  • 35.173.39.9
  • 44.193.185.113
  • 52.2.135.84
  • 54.157.90.217
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
o.ss2.us
  • 108.138.2.10
  • 108.138.2.173
  • 108.138.2.107
  • 108.138.2.195
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.245.39.64
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.245.39.64
shared
ocsp.r2m03.amazontrust.com
  • 18.245.65.219
unknown
prod-cdn.wetransfer.net
  • 13.32.27.4
  • 13.32.27.114
  • 13.32.27.84
  • 13.32.27.16
whitelisted
i.pinimg.com
  • 146.75.120.84
whitelisted
s3.amazonaws.com
  • 52.217.202.120
  • 52.216.142.6
  • 52.216.26.102
  • 52.217.163.240
  • 52.216.57.240
  • 52.217.139.240
  • 54.231.196.80
  • 52.217.226.136
shared
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Misc activity
ET INFO DNS Query to Online Application Hosting Domain (glitch .me)
1088
svchost.exe
Possible Social Engineering Attempted
ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
4028
iexplore.exe
Misc activity
ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)
4028
iexplore.exe
Misc activity
ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)
4028
iexplore.exe
Possible Social Engineering Attempted
ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
4028
iexplore.exe
Possible Social Engineering Attempted
ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
3968
iexplore.exe
Misc activity
ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)
3968
iexplore.exe
Misc activity
ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)
3968
iexplore.exe
Possible Social Engineering Attempted
ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
3968
iexplore.exe
Possible Social Engineering Attempted
ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://swanky-resisted-point.glitch.me/?z=pnicol@eagersautomotiveparts.com.au