analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://ncaasoccerageny.com

Full analysis: https://app.any.run/tasks/7d8d61f3-69da-4cf5-bd48-3b2a9067f99e
Verdict: Malicious activity
Analysis date: October 14, 2019, 20:33:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

1EA2504460CEE4AE80161769A14AFDFC

SHA1:

2D0F357D1F54B8CB3C62F125961A1C069AEE8C3C

SHA256:

72CFF0B2E3786A6BA9111318C70B9DD75695A61EF631BEA1559D5CF59FC03552

SSDEEP:

3:N1KQeRyrAL6GKI:CQegUL6K

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 1516)

    • Changes internet zones settings

      • iexplore.exe (PID: 1516)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1516)
      • iexplore.exe (PID: 3004)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3004)

    • Creates files in the user directory

      • iexplore.exe (PID: 3004)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3004)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1516"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3004"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1516 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
410
Read events
349
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
17
Unknown types
6

Dropped files

PID
Process
Filename
Type
1516iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
1516iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:BD5A4A1A788E206742A211026E797577
SHA256:78FA48FF0A0D3B0D9B72AEA6B8215495AB799332607428B8931C5AFCB3C30B4F
3004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:C55EC8C5D87EC81C6412AB211635B582
SHA256:FEF2AF7A4E63D23DCEFF1A951B411AA625615E213F988D8B36284E3E66CC58A0
3004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ATO8RXTA\iframe[1].htmhtml
MD5:295FECF5E5022E9D9D2FAB3CC206E229
SHA256:FFFA480CF4F718789B6771AA6A0BF2D4AC9EB156DD4AAD8A354524CC6704189E
3004iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:31BDDDCE2F5716DD1A98D539F47D92C9
SHA256:97914E8950874E78970A26A1080D4EC4F09FA9AE6440172A66FD4A4C42996944
3004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BEJ9V7FI\style_namecheap[1].csstext
MD5:FCFBF44DB7A3ECA961510E9DF77868BF
SHA256:8CF5887217A8A780E49A5C6CE3773C70E79B33429212EF3325D8F6E0094A0899
3004iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@google[2].txt
MD5:
SHA256:
3004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ATO8RXTA\ads[1].txt
MD5:
SHA256:
3004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SCEK3V2A\style[1].csstext
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5
SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
13
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3004
iexplore.exe
GET
200
13.32.158.173:80
http://i.cdnpark.com/themes/assets/style.css
US
text
343 b
whitelisted
3004
iexplore.exe
GET
200
198.54.117.218:80
http://www.ncaasoccerageny.com/
US
html
4.98 Kb
malicious
1516
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
1516
iexplore.exe
GET
198.54.117.218:80
http://www.ncaasoccerageny.com/favicon.ico
US
malicious
3004
iexplore.exe
GET
302
192.64.119.42:80
http://ncaasoccerageny.com/
US
html
54 b
suspicious
3004
iexplore.exe
GET
200
172.217.16.132:80
http://www.google.com/adsense/domains/caf.js
US
text
54.9 Kb
whitelisted
3004
iexplore.exe
GET
200
185.53.179.29:80
http://parkingcrew.net/jsparkcaf.php?regcn=243142&_v=2&_h=www.ncaasoccerageny.com&_t=1571085245456
DE
html
2.48 Kb
whitelisted
3004
iexplore.exe
GET
200
13.32.158.173:80
http://i.cdnpark.com/themes/registrar/style_namecheap.css
US
text
1.73 Kb
whitelisted
3004
iexplore.exe
GET
200
185.53.178.30:80
http://js.parkingcrew.net/assets/scripts/registrar-caf/243142.js
DE
text
2.92 Kb
whitelisted
3004
iexplore.exe
GET
200
13.32.158.173:80
http://i.cdnpark.com/themes/registrar/images/logo_namecheap.png
US
image
4.80 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3004
iexplore.exe
185.53.179.29:80
parkingcrew.net
Team Internet AG
DE
malicious
3004
iexplore.exe
198.54.117.218:80
www.ncaasoccerageny.com
Namecheap, Inc.
US
malicious
192.64.119.42:80
ncaasoccerageny.com
Namecheap, Inc.
US
suspicious
3004
iexplore.exe
13.32.158.173:80
i.cdnpark.com
Amazon.com, Inc.
US
whitelisted
1516
iexplore.exe
198.54.117.218:80
www.ncaasoccerageny.com
Namecheap, Inc.
US
malicious
3004
iexplore.exe
172.217.16.195:80
www.gstatic.com
Google Inc.
US
whitelisted
172.217.16.132:443
www.google.com
Google Inc.
US
whitelisted
3004
iexplore.exe
172.217.16.132:80
www.google.com
Google Inc.
US
whitelisted
3004
iexplore.exe
172.217.16.132:443
www.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ncaasoccerageny.com
  • 192.64.119.42
suspicious
www.ncaasoccerageny.com
  • 198.54.117.218
  • 198.54.117.211
  • 198.54.117.215
  • 198.54.117.217
  • 198.54.117.212
  • 198.54.117.210
  • 198.54.117.216
malicious
i.cdnpark.com
  • 13.32.158.173
  • 13.32.158.33
  • 13.32.158.183
  • 13.32.158.103
whitelisted
parkingcrew.net
  • 185.53.179.29
whitelisted
www.google.com
  • 172.217.16.132
whitelisted
js.parkingcrew.net
  • 185.53.178.30
whitelisted
www.gstatic.com
  • 172.217.16.195
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://ncaasoccerageny.com