analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://store.payproglobal.co/

Full analysis: https://app.any.run/tasks/573c3c9c-8fe4-40dd-a8d9-d78382fa2b56
Verdict: Malicious activity
Analysis date: December 02, 2019, 20:42:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MD5:

E7C1E084D18CCD29CE5A42946F0AC8B2

SHA1:

2D793F509A936C254B7D3B56542B143256F57923

SHA256:

7FEFAEC91FAF910C041AC20B9310AA6F6F0E44B14F59FCE400E573DA88D6E7D2

SSDEEP:

3:N1KNRMALV1hDZK:CQux0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Connects to CnC server

      • iexplore.exe (PID: 1296)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Creates files in the user directory

      • iexplore.exe (PID: 1296)
      • iexplore.exe (PID: 1584)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1296)

    • Application launched itself

      • iexplore.exe (PID: 1584)

    • Changes internet zones settings

      • iexplore.exe (PID: 1584)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1296)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1584"C:\Program Files\Internet Explorer\iexplore.exe" "http://store.payproglobal.co/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1296"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1584 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
385
Read events
324
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
15
Unknown types
7

Dropped files

PID
Process
Filename
Type
1296iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5Q8FQXTV\store_payproglobal_co[1].txt
MD5:
SHA256:
1584iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
1584iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1296iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VL2R5WP8\iyfsearch_com[1].txt
MD5:
SHA256:
1296iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5Q8FQXTV\store_payproglobal_co[1].htmhtml
MD5:5B375DEC3B8D135C6E73D5B65BBC2A9B
SHA256:6C55FA12D6CE31CF0BCDB749BF20458D0C3861120B9A7129B878FEC9AB1E6897
1584iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120220191203\index.datdat
MD5:7A756295B3872BF7CBEC617B0107B418
SHA256:FD0C43D62C6AC34067BA5816820F52B35E370E79612B4CD86D5A40737C16FECB
1296iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:E39A1ACED585495CD78B65925064A584
SHA256:F7D9C24920EF98341C8998AB2DB0D86FFFEDFC82852BEC5B4F74FAFEA8A14A3D
1296iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D8QJCXEN\js3[1].jstext
MD5:DB3CACFB57BA35D3FCFDBBCF7D46BD42
SHA256:A606134E35DB97024D04789609660C94F87F660DC259D91DB5180E32787D4DAD
1296iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:81B7D0E66076932BC69BFC368F6E96CC
SHA256:6836F90AFCE7ABF79158D9D4AEFD8FDE3D36680CC43D314C7CCF56EAC83C89CF
1296iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120220191203\index.datdat
MD5:878F5CD786E997B8709E3ED2AB23B505
SHA256:B6B473E9AC41166891F9D9ED47FD328FE02580E5F07A68306A19269BB5C09F7E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
13
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1584
iexplore.exe
GET
200
185.53.179.8:80
http://store.payproglobal.co/favicon.ico
DE
malicious
1296
iexplore.exe
GET
200
185.53.179.29:80
http://parkingcrew.net/assets/scripts/js3.js
DE
text
17.5 Kb
whitelisted
1296
iexplore.exe
GET
200
208.91.196.46:80
http://iyfsearch.com/?dn=payproglobal.co&pid=9PO755G95
VG
html
5.85 Kb
suspicious
1296
iexplore.exe
GET
200
185.53.179.8:80
http://store.payproglobal.co/
DE
html
2.06 Kb
malicious
1296
iexplore.exe
GET
200
185.53.179.8:80
http://store.payproglobal.co/track.php?domain=payproglobal.co&toggle=browserjs&uid=MTU3NTMxOTM2OS4zMjU4OjRjMTU2NTI1ZjNkODk5ZTllZWQzNjVjYWI2NWU2ZjQ4NzNmZmZkNjMyNjRiMmJhODM3NzM3NGE0MzM4NmU4Mzg6NWRlNTc3NDk0ZjhmNw%3D%3D
DE
binary
20 b
malicious
1296
iexplore.exe
GET
200
2.16.186.64:80
http://i1.cdn-image.com/__media__/pics/26874/bgimg.jpg
unknown
image
22.1 Kb
whitelisted
1584
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
1296
iexplore.exe
POST
201
185.53.179.8:80
http://store.payproglobal.co/ls.php
DE
compressed
20 b
malicious
1296
iexplore.exe
GET
200
2.16.186.106:80
http://i4.cdn-image.com/__media__/pics/26874/search-icon.png
unknown
image
779 b
whitelisted
1296
iexplore.exe
GET
200
2.16.186.64:80
http://i3.cdn-image.com/__media__/pics/26874/sarrow.png
unknown
image
735 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1584
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1296
iexplore.exe
185.53.179.8:80
store.payproglobal.co
Team Internet AG
DE
malicious
1584
iexplore.exe
185.53.179.8:80
store.payproglobal.co
Team Internet AG
DE
malicious
1296
iexplore.exe
185.53.179.29:80
parkingcrew.net
Team Internet AG
DE
malicious
1296
iexplore.exe
208.91.196.46:80
iyfsearch.com
Confluence Networks Inc
VG
malicious
1584
iexplore.exe
208.91.196.46:80
iyfsearch.com
Confluence Networks Inc
VG
malicious
1296
iexplore.exe
2.16.186.64:80
i2.cdn-image.com
Akamai International B.V.
whitelisted
1296
iexplore.exe
2.16.186.106:80
i2.cdn-image.com
Akamai International B.V.
whitelisted

DNS requests

Domain
IP
Reputation
store.payproglobal.co
  • 185.53.179.8
malicious
parkingcrew.net
  • 185.53.179.29
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
iyfsearch.com
  • 208.91.196.46
suspicious
i2.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
i4.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
i1.cdn-image.com
  • 2.16.186.64
  • 2.16.186.106
whitelisted
i3.cdn-image.com
  • 2.16.186.64
  • 2.16.186.106
whitelisted

Threats

PID
Process
Class
Message
1296
iexplore.exe
Misc activity
SUSPICIOUS [PTsecurity] Parkingcrew Monetize Tracker Checkin
1296
iexplore.exe
Misc activity
ADWARE [PTsecurity] InstantAccess
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://store.payproglobal.co/