analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/f0cdcccb-fe70-46b3-a46a-1c24e080e032
Verdict: Malicious activity
Analysis date: October 20, 2020, 07:30:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines
MD5:

483281989F06707F43015184B3AC7093

SHA1:

765A0636774A3E5513F6CE26FE3EB94141AA6F5F

SHA256:

7E30A660E7302CEEFAF2A3281439EA21A060D765F4FE164A49448B9647B4914E

SSDEEP:

96:jioOjIZRGKv7gErecdUB2BuUQmvabn/Otk8MownOC+9mBRQs:jio6WYakkhBXQHgMZnOCLRQs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3708)
      • iexplore.exe (PID: 804)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 3476)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3476)
      • iexplore.exe (PID: 804)

    • Creates files in the user directory

      • iexplore.exe (PID: 3476)

    • Changes internet zones settings

      • iexplore.exe (PID: 804)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3708)
      • iexplore.exe (PID: 3476)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 804)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 804)

    • Changes settings of System certificates

      • iexplore.exe (PID: 804)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
804"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3708"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:804 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3476"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:804 CREDAT:333057 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
1 133
Read events
916
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
7
Text files
34
Unknown types
3

Dropped files

PID
Process
Filename
Type
804iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3476iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SOSHOYO2.txt
MD5:
SHA256:
3476iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SMIETZ3X.txt
MD5:
SHA256:
3476iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[1].htm
MD5:
SHA256:
3476iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[5].xmlxml
MD5:918E0CB802A4B2929CA7D97BBC51C278
SHA256:5811968A9276C857E42A9AA93DC55F721CE964BC649875561D24C096D4A90E25
3476iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[3].xmlxml
MD5:668051BCCD87C125873F2A39A7F6CA92
SHA256:BA908F9FF780EDDF537323B5FD86BED3E7C2E9ABCF08CE8D6D0248A8EC8A9FB7
3476iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[4].xmlxml
MD5:03215EEBE7D1B4D1EAE1D5473C83842B
SHA256:D8992AAE91258CFC92F31D7A1BF915FF27356D8FCE8029E3CA2CD103BF01D24A
3476iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[1].xmlxml
MD5:4BFB6BD11F894DB26C92C2B9E53A14BD
SHA256:32E909ADC026D91C4CAF120C8BE38C4B682137ADF6E18EDA796CDD752601A597
3476iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\I8EL9JFM.txttext
MD5:050669B81D08B257B65D7C491B18AE4B
SHA256:96881F19D099D23FAA08B05AD2BC8612F132BDB7DA3AEEB7F80F0C806E53C6F4
3476iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\qsml[2].xmlxml
MD5:9FC9EB54C1098FF53D98DB4EC6A4E12F
SHA256:3F66F06BC08DDA3BA5F77D7163D92572675B075058798E75318DA51AC47E1681
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
24
DNS requests
13
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3476
iexplore.exe
GET
13.107.13.80:80
http://api.bing.com/qsml.aspx?query=ht&maxwidth=32765&rowheight=20&sectionHeight=160&FORM=IE11SS&market=en-US
US
whitelisted
3476
iexplore.exe
GET
200
13.107.13.80:80
http://api.bing.com/qsml.aspx?query=htt&maxwidth=32765&rowheight=20&sectionHeight=160&FORM=IE11SS&market=en-US
US
xml
271 b
whitelisted
3476
iexplore.exe
GET
200
13.107.13.80:80
http://api.bing.com/qsml.aspx?query=http&maxwidth=32765&rowheight=20&sectionHeight=160&FORM=IE11SS&market=en-US
US
xml
271 b
whitelisted
3476
iexplore.exe
GET
200
13.107.13.80:80
http://api.bing.com/qsml.aspx?query=http%3A&maxwidth=32765&rowheight=20&sectionHeight=160&FORM=IE11SS&market=en-US
US
xml
268 b
whitelisted
3476
iexplore.exe
GET
200
13.107.13.80:80
http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fg&maxwidth=32765&rowheight=20&sectionHeight=160&FORM=IE11SS&market=en-US
US
xml
288 b
whitelisted
3476
iexplore.exe
GET
200
13.107.13.80:80
http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fgm&maxwidth=32765&rowheight=20&sectionHeight=160&FORM=IE11SS&market=en-US
US
xml
258 b
whitelisted
3476
iexplore.exe
GET
200
13.107.13.80:80
http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fgmai.&maxwidth=32765&rowheight=20&sectionHeight=160&FORM=IE11SS&market=en-US
US
xml
233 b
whitelisted
3476
iexplore.exe
GET
200
199.59.242.153:80
http://ww1.gmai.com/
US
html
3.99 Kb
malicious
3476
iexplore.exe
GET
200
13.107.13.80:80
http://api.bing.com/qsml.aspx?query=http%3A%2F%2F&maxwidth=32765&rowheight=20&sectionHeight=160&FORM=IE11SS&market=en-US
US
xml
267 b
whitelisted
3476
iexplore.exe
GET
200
13.107.13.80:80
http://api.bing.com/qsml.aspx?query=http%3A%2F%2Fgmai&maxwidth=32765&rowheight=20&sectionHeight=160&FORM=IE11SS&market=en-US
US
xml
226 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
804
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3476
iexplore.exe
13.107.13.80:80
api.bing.com
Microsoft Corporation
US
whitelisted
172.217.23.100:80
www.google.com
Google Inc.
US
whitelisted
3476
iexplore.exe
81.17.18.196:80
gmai.com
Private Layer INC
CH
malicious
3476
iexplore.exe
199.59.242.153:80
ww1.gmai.com
Bodis, LLC
US
malicious
804
iexplore.exe
199.59.242.153:80
ww1.gmai.com
Bodis, LLC
US
malicious
13.107.13.80:80
api.bing.com
Microsoft Corporation
US
whitelisted
81.17.18.196:80
gmai.com
Private Layer INC
CH
malicious
804
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
804
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
gmai.com
  • 81.17.18.196
whitelisted
ww1.gmai.com
  • 199.59.242.153
malicious
www.google.com
  • 172.217.23.100
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html