analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/36ae9fde-8348-4612-b9bd-10405cec31a7
Verdict: Malicious activity
Analysis date: October 20, 2020, 12:52:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines, with no line terminators
MD5:

D0AD6CAE60756CA042D86D1C5F45AACD

SHA1:

F989D370116DF3BAC08D196DF9C18CC07B35E48A

SHA256:

7F0AE41514116F6EC6F0FE975E620A0E948239360C0D436F30598478BAEDC19A

SSDEEP:

24:haHkJ0HPatnvSi9uts/8RWJrSu1+BlRWUICgqzH4JEuYqY5S0I/fNHS0IZyMeFHq:WP6vJIwJrDywUIGzx5SP/FHSPXeFHq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2452)
      • iexplore.exe (PID: 2908)

    • Changes internet zones settings

      • iexplore.exe (PID: 2452)

    • Application launched itself

      • iexplore.exe (PID: 1764)
      • iexplore.exe (PID: 2452)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1764)
      • iexplore.exe (PID: 2908)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2452)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2452)

    • Manual execution by user

      • WINWORD.EXE (PID: 3176)
      • WINWORD.EXE (PID: 2168)
      • WINWORD.EXE (PID: 2292)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2452)

    • Creates files in the user directory

      • iexplore.exe (PID: 2452)
      • WINWORD.EXE (PID: 2168)

    • Reads Microsoft Office registry keys

      • WINWORD.EXE (PID: 2168)
      • WINWORD.EXE (PID: 3176)
      • WINWORD.EXE (PID: 2292)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe no specs iexplore.exe winword.exe no specs winword.exe no specs winword.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2452"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
1764"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2452 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2908"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2452 CREDAT:333057 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2168"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\guidesreleased.rtf"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
3176"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\guidesreleased.rtf"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
2292"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\guidesreleased.rtf"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
Total events
3 065
Read events
2 263
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
12
Text files
19
Unknown types
11

Dropped files

PID
Process
Filename
Type
2452iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2452iexplore.exeC:\Users\admin\AppData\Local\Temp\CabC1DE.tmp
MD5:
SHA256:
2452iexplore.exeC:\Users\admin\AppData\Local\Temp\TarC1DF.tmp
MD5:
SHA256:
2908iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\min[1].jstext
MD5:5563332AD6AF63C9C94CEF15761BE544
SHA256:4EFEC11A42893D4DF0249174CBE5AFAE24A5734F5DED35C5E84C56BF9F473EC2
2908iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\SOSHOYO2.htmhtml
MD5:08D591A67F576F8FB878963FEF8FAE46
SHA256:17CDE5994775A3CAB79FC9C2F967C5DFF82488D3D5362D14C836FAFE9E5B62AE
2452iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC21E.tmp
MD5:
SHA256:
2908iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\kwbg[1].jpgimage
MD5:AC32F78C89E9E21E66009A46E538E8CA
SHA256:F38235E9EEEEF5F8B2E931C53A950B8AFA0691A4F8BDD32FC79708318CEE71FC
2452iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203der
MD5:AEBD8A27FCEB32B4F5081BB89FBBFCC8
SHA256:5D0F375F38FD85F23614B44D518FFD91875FE8F56C88885B9081B87082980381
2908iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\ubuntu-r[1].eoteot
MD5:CA3E92D0415C9D73A6BE6D329DD6443A
SHA256:6CFB0275DA9D267322BBE948787059B816C83B06D280F29DC6D46E2D845C5A4C
2908iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\search-icon[1].pngimage
MD5:750928EC52C1B77AA2E72D76895D3A96
SHA256:CF2E997ED10DB7EEF3394C65EC68720FCE20C858BF202A8C83328B7C1586D87D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
28
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2908
iexplore.exe
GET
302
45.56.79.23:80
http://www.17ebook.com/mtm/direct/.eJyrViotylSyUtJX0lFKLEovBjKBrKLUtNSi1CIgJ6OkpKDYSl-_vLxcz9A8NSk_P1svOT8XpDwjv7gkPi8xNxWoDE1aqRYAtzccRA:1kUr7T:J7kQh-khwdifhxEiaPccRMHbiDU/1
US
malicious
2908
iexplore.exe
GET
200
199.191.50.39:80
http://www77.17ebook.com/Contact_Lens.cfm?fp=h%2BgZcLVrl7hCZXnEFRqRPdLpu0Y1OOby1VNjA46JeBa5nAAt2mV9kk8pL2mUF61n0%2Fstp%2FKa7ZH%2Bbawv7kb1EvcDMTWhBpxLMWulxfwFylcmLS0SrBVp8ytYPQ%2FKjEjKrC1nCw4Hmk%2BqNe64vyIUSqfEHtUAJdNgxKuf0E7RWPlmlMYV1BxMsKnJ0KqYHN5fL%2FtKHHVlXN4Ps%2FZ4GCDu7g%3D%3D&yep=ju%2FtUWcIwDbHOff4RhH1ekwlHFGGyGLNxKfqWGbW79Cyl2HlBRmvbFiKbyNGvdqIbL1fOxnxc2NngsAIMoZIM1lB9EpzMAe1NHCoLt17stVospsw%2FNDg7AF6CFRywW246koo0MijKAn87sQORiXYp8ChHpoKmcwdCubbq3NP%2FHNVmGlyk8M27znzJkdd6X7i1Fv%2BMEQTQUcDVIQkXO%2Fv4vsBvVA0OGAXLMTKFOEZYLURKURWPZFeGi5O4405ajhLG76b%2FxbuIWys25JgNUBz0FFLE4woP%2BtSz%2FFEu7GAjpmk0BYO7f9nbcq%2BgYiedt7w%2FUt31fheEYdFJ0AWV3BJ6lBK9ZaB9aBX4xmpJFoxT%2FGMhLPn8DmhZWO7YGLdu1DyBns7zXx3sN6ZJ%2BqKypyvcvXN37qPTK9IhHipcqCXhysAHscE1L2NAAAS7e%2F457fnFYZkEERTtDpRBrvSBGEJUYlw9dtvyb0Hq4chlC9qD6im69m0pa%2FtaFByvaqs3IK8ApYoRC4oQGM8gYTVv9gYYt%2Fp41NoMHoahD42qiAJ725NvPixYYDMfQ2oL4lB9nOK&gtnp=0&gtpp=0&kbetu=0&maxads=0&kld=1040&yprpnd=h5rbDBLy8qE9hwqERaMKf6bjbNxE4JNjfjx72A4G%2FCE%3D&prvtof=C6kyihpCnMjalAeky82s0kn400fftDCPp5BmNNnLcNk%3D&&gtnp=0&gtpp=0&kt=112&&ki=6837160&ktd=0&kld=1040&kp=6&bd=1%23720%231280%231%230%23566%23524
VG
html
10.6 Kb
malicious
2908
iexplore.exe
GET
200
199.191.50.39:80
http://www77.17ebook.com/
VG
html
6.47 Kb
malicious
2908
iexplore.exe
GET
200
2.16.186.64:80
http://i1.cdn-image.com/__media__/pics/12471/libg.png
unknown
image
1.07 Kb
whitelisted
2908
iexplore.exe
GET
200
2.16.186.64:80
http://i4.cdn-image.com/__media__/js/min.js?v2.2
unknown
text
2.97 Kb
whitelisted
2452
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2908
iexplore.exe
GET
200
2.16.186.106:80
http://i2.cdn-image.com/__media__/pics/12471/libgh.png
unknown
image
1.06 Kb
whitelisted
2452
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2908
iexplore.exe
GET
200
199.191.50.39:80
http://www77.17ebook.com/px.js?ch=1
VG
text
346 b
malicious
2908
iexplore.exe
GET
200
2.16.186.64:80
http://i1.cdn-image.com/__media__/pics/12471/arrow.png
unknown
image
1.04 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2452
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2908
iexplore.exe
2.16.186.106:80
i4.cdn-image.com
Akamai International B.V.
whitelisted
2452
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2908
iexplore.exe
2.16.186.64:80
i4.cdn-image.com
Akamai International B.V.
whitelisted
2908
iexplore.exe
45.56.79.23:80
www.17ebook.com
Linode, LLC
US
malicious
2452
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2908
iexplore.exe
199.191.50.39:80
www77.17ebook.com
Confluence Networks Inc
VG
malicious
2452
iexplore.exe
199.191.50.39:80
www77.17ebook.com
Confluence Networks Inc
VG
malicious

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
api.bing.com
  • 13.107.47.80
whitelisted
www.17ebook.com
  • 45.33.2.79
  • 45.56.79.23
  • 45.79.19.196
  • 45.33.23.183
  • 198.58.118.167
  • 96.126.123.244
malicious
www77.17ebook.com
  • 199.191.50.39
malicious
i4.cdn-image.com
  • 2.16.186.64
  • 2.16.186.106
whitelisted
i3.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
i1.cdn-image.com
  • 2.16.186.64
  • 2.16.186.106
whitelisted
i2.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html