analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://121scale.com/64f09cbd848f9f96a9ab1003f49765e5

Full analysis: https://app.any.run/tasks/ddf0107a-446c-4627-a36e-686731650b7e
Verdict: Malicious activity
Analysis date: September 19, 2019, 04:24:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

47E1BF19D2228695F644686AB577C8EB

SHA1:

F0678984E3B2755A85FBC00E112F64C80CD17D4C

SHA256:

7855C2943239948D5DC9683B4D406A8F19EA0043EC92D26F9E25C7F249EDC811

SSDEEP:

3:N887JALdI7QBRAASbM:28SLRBRAASM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 4068)
    • Application launched itself

      • iexplore.exe (PID: 3428)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3428)
      • iexplore.exe (PID: 4068)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3428)
    • Changes internet zones settings

      • iexplore.exe (PID: 3428)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3428"C:\Program Files\Internet Explorer\iexplore.exe" "https://121scale.com/64f09cbd848f9f96a9ab1003f49765e5"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
4068"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3428 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
401
Read events
330
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
8
Unknown types
4

Dropped files

PID
Process
Filename
Type
3428iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
3428iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
4068iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\21SGJJB8\64f09cbd848f9f96a9ab1003f49765e5[1].txt
MD5:
SHA256:
4068iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:19619EC4C89B1B26000054EDBA39FEEF
SHA256:E7CFAA003291391054D90C17EFD6890021FEFD1EF8E527EF6430E52E3A0F5A56
4068iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C6G3KJNH\widget[1].csstext
MD5:A3DC1FF36A30D228888677199FA610FB
SHA256:E8F7446C2FB09E587ED8482B4895C9E75A8ED0BABC854F3BBD85659E0A48C305
3428iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019091920190920\index.datdat
MD5:CDFE2374FB1CE6B6BA441E6641544444
SHA256:69D3C1003A0E711C500B628260259E7EAB2D658ED5F2A7D962639240E46A1036
4068iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\21SGJJB8\64f09cbd848f9f96a9ab1003f49765e5[1].htmhtml
MD5:A220A2A36A61DAFD98A6151E3D0269C4
SHA256:66D1E69F66DE3327053699ADFD1F853CCA30CB686F48F7C51E2C4290539C1257
4068iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019091920190920\index.datdat
MD5:ADF5754FEA414243BBB6442DF489CEFA
SHA256:074948A88A4642412DA165EAF92565C9B4A39CD176E43E93440DB3E9E58627FC
4068iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:B87553C1EDBE1786EFA86C2AE2662876
SHA256:C0853F8F9D7A89AD3343B0A92D3E1A903F02F90A3550D2759F140B343F4AF63B
4068iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XW0BVCGK\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
3
DNS requests
3
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3428
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3428
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3428
iexplore.exe
13.224.196.20:443
paydirect.myob.com
US
suspicious
4068
iexplore.exe
209.141.59.85:443
121scale.com
FranTech Solutions
US
unknown

DNS requests

Domain
IP
Reputation
121scale.com
  • 209.141.59.85
unknown
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
paydirect.myob.com
  • 13.224.196.20
  • 13.224.196.127
  • 13.224.196.106
  • 13.224.196.126
shared

Threats

No threats detected
No debug info